{"id":6250,"library":"spotipy","title":"Spotipy","description":"Spotipy is a lightweight Python library for the Spotify Web API, providing full access to music data and user authorization features. It offers abstractions for both Client Credentials and Authorization Code flows, making interactions with the Spotify platform straightforward. Maintained actively, it receives frequent updates to align with Spotify API changes and address security concerns.","status":"active","version":"2.26.0","language":"en","source_language":"en","source_url":"https://github.com/plamere/spotipy","tags":["spotify","api","music","authentication","web api","oauth"],"install":[{"cmd":"pip install spotipy","lang":"bash","label":"Install stable version"},{"cmd":"pip install spotipy --upgrade","lang":"bash","label":"Upgrade to latest"}],"dependencies":[{"reason":"Optional cache handler for Memcached.","package":"pymemcache","optional":true},{"reason":"Optional cache handler for Redis.","package":"redis","optional":true},{"reason":"Optional cache handler for Flask sessions.","package":"Flask","optional":true}],"imports":[{"symbol":"Spotify","correct":"from spotipy import Spotify"},{"symbol":"SpotifyClientCredentials","correct":"from spotipy.oauth2 import SpotifyClientCredentials"},{"symbol":"SpotifyOAuth","correct":"from spotipy.oauth2 import SpotifyOAuth"},{"note":"While `spotipy.util` contains `prompt_for_user_token`, the recommended approach for user authentication is via `SpotifyOAuth` directly passed to the `Spotify` constructor, or using `SpotifyOAuth`'s methods. Direct import from `spotipy.oauth2` is incorrect as `util` is at the `spotipy` module level.","wrong":"from spotipy.oauth2 import util.prompt_for_user_token","symbol":"util.prompt_for_user_token","correct":"from spotipy import util"}],"quickstart":{"code":"import os\nfrom spotipy import Spotify\nfrom spotipy.oauth2 import SpotifyClientCredentials\n\n# Set your Spotify API credentials as environment variables\n# SPOTIPY_CLIENT_ID='your_client_id'\n# SPOTIPY_CLIENT_SECRET='your_client_secret'\n\nclient_id = os.environ.get('SPOTIPY_CLIENT_ID', 'YOUR_CLIENT_ID')\nclient_secret = os.environ.get('SPOTIPY_CLIENT_SECRET', 'YOUR_CLIENT_SECRET')\n\nif client_id == 'YOUR_CLIENT_ID' or client_secret == 'YOUR_CLIENT_SECRET':\n    print(\"Please set SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET environment variables.\")\nelse:\n    auth_manager = SpotifyClientCredentials(client_id=client_id, client_secret=client_secret)\n    sp = Spotify(auth_manager=auth_manager)\n\n    # Example: Search for an artist\n    try:\n        results = sp.search(q='artist:Queen', type='artist')\n        if results['artists']['items']:\n            artist = results['artists']['items'][0]\n            print(f\"Found artist: {artist['name']} (ID: {artist['id']})\")\n            albums = sp.artist_albums(artist['id'], album_type='album')\n            print(\"Latest albums:\")\n            for album in albums['items'][:3]:\n                print(f\"- {album['name']}\")\n        else:\n            print(\"Artist not found.\")\n    except Exception as e:\n        print(f\"An error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to use Spotipy with the Client Credentials Flow for server-to-server authentication, allowing access to public Spotify data without user interaction. It retrieves artist information and their albums. Ensure you have your Spotify API Client ID and Client Secret set as environment variables or replace the placeholders."},"warnings":[{"fix":"Ensure your code uses generic 'get user saved items' methods where applicable and handles pagination for playlists correctly. Review official Spotify API documentation for endpoint changes if directly interacting with API responses.","message":"Spotify API update in 2026-02-06 changed `/tracks` endpoints to `/items`. Spotipy 2.26.0 updates its internal methods to reflect this, but direct usage of older endpoint names or expecting previous data structures might break. The playlist item limit has also been fixed to 50 items per request, requiring pagination for larger playlists.","severity":"breaking","affected_versions":">=2.26.0"},{"fix":"Consult the Spotipy documentation and changelog for the recommended replacement functions and parameters (e.g., use `include_groups` instead of `album_type` for `artist_albums`).","message":"Several methods and parameters have been deprecated in recent versions (e.g., `artist_albums(album_type=...)` replaced by `include_groups`, `recommendations`, `audio_features`, `featured_playlists`, `category_playlists`). Use of these will trigger warnings and they may be removed in future versions.","severity":"deprecated","affected_versions":">=2.25.0"},{"fix":"Focus on user-created or third-party playlists. If your application was created before 2024, it might still have access, but new applications will not. Verify playlist accessibility directly on the Spotify Developer Dashboard.","message":"Spotify has restricted access to algorithmic and Spotify-owned editorial playlists for new applications (post-2024). Attempts to retrieve these playlists via the API may result in errors or empty responses, even with proper user authentication and scopes.","severity":"gotcha","affected_versions":"All versions for apps created post-2024"},{"fix":"Register your chosen `redirect_uri` (e.g., `http://127.0.0.1:9090`) in your Spotify app settings and ensure it is consistently used in your code and environment variables (`SPOTIPY_REDIRECT_URI`).","message":"Using the Authorization Code Flow requires adding a redirect URI to your application settings on the Spotify Developer Dashboard. This URI must exactly match the `redirect_uri` provided to `SpotifyOAuth`, including trailing slashes. A common mistake is using `http://localhost/` or `http://127.0.0.1:9090` without configuring it in Spotify's dashboard.","severity":"gotcha","affected_versions":"All versions using Authorization Code Flow"},{"fix":"It is highly recommended to upgrade to the latest Spotipy version (2.26.0 or newer) to ensure these security fixes are applied, especially if running with the default OAuth flow, in multi-user environments, or handling user inputs for Spotify IDs/URIs/URLs.","message":"Multiple security vulnerabilities (CVE-2025-66040, CVE-2025-27154, CVE-2023-23608) have been fixed in recent versions, addressing potential XSS in OAuth flow HTML, tightened cache file permissions (600), and path traversal.","severity":"breaking","affected_versions":"<2.25.2"}],"env_vars":null,"last_verified":"2026-04-14T00:00:00.000Z","next_check":"2026-07-13T00:00:00.000Z","problems":[]}