In this article, we’re sharing tips for connecting Spotify to your mobile iOS application. The guide is based on our web and mobile development experience and explores the stages of SDK connection: the process of login, token authentication, and the built-in Spotify player management.

Spotify offers an application programming interface (API) and a software development kit (SDK).

An API is a collection of routines, data structures, and classes designed specifically to interact with a piece of software. An SDK comprises of the API and tools for its management.

When creating an application, it’s better to use an SDK (if there’s one available), as it simplifies the development. Although the Spotify iOS SDK is in beta (ver. beta-25), it’s stable enough to use. Note that using Spotify’s SDK for commercial projects requires their team’s official written approval.

With Spotify integrated with your app, its users can receive user data, play audio and share public data. The latter includes sharing different Spotify items (albums, artists and playlists), and managing collaborative playlists. However, the ability is limited to public items only.

Implementing the Spotify iOS SDK

For this article, we decided to show you the integration of Spotify’s iOS SDK with a mobile application for listening to music from several audio streaming services. Here, users can link to and undock their Spotify accounts, and log into several devices without re-connecting to the integrated services.

Keep in mind that although there is an official tutorial for implementing Spotify’s SDK, it can only introduce the basic functionality. The process of connecting the SDK to a real product is significantly different in terms of login logic and token management.

First things first, you need to create an XCode project, register a Spotify account and make it premium. It’s necessary for streaming. For those not sure it’s worth the purchase, there’s a free trial.

Registering your app in Spotify

Go to the Spotify’s Dashboard and log into your account. Find a Create an App button there. Enter your name and application description. Then examine the following fields:

Now find this button . Enter your name and app description. After this we are interested in the following fields:

  • Client ID - your app’s unique identifier, which is required for the SDK integration.

  • Client Secret - your app’s secret key, which is used on the server.

  • Redirect URL - a link returning to your application in case of login readdressing to the native app or Safari. Here, we used projectname://spotify/callback

  • Bundle ID - your app’s bundle ID.

Creating a SpotifyLoginController

We’re using a custom login, and not the one given in the tutorial because we need to receive a server authentication code.

First, let’s create a controller with UIWebView (go with the UIWebViewController if you wish; we prefer using UIViewController with an additional UIWebView; the delegate is self).

Then, we need to implement a basic Spotify initialization in viewDidLoad:

SPTAuth.defaultInstance().clientID        = SpotifyClientID
SPTAuth.defaultInstance().redirectURL     = NSURL(string: SpotifyRedirectURI)
SPTAuth.defaultInstance().tokenSwapURL    = SpotifyTokenSwapURL
SPTAuth.defaultInstance().tokenRefreshURL = SpotifyTokenRefreshURL
SPTAuth.defaultInstance().requestedScopes = [SPTAuthStreamingScope, SPTAuthPlaylistReadPrivateScope, SPTAuthPlaylistModifyPublicScope, SPTAuthPlaylistModifyPrivateScope]

Here’s a closer look:

    • SPTAuthStreamingScope, SPTAuthPlaylistReadPrivateScope, SPTAuthPlaylistModifyPublicScope, and SPTAuthPlaylistModifyPrivateScope - are our app’s access rights

    • SpotifyRedirectURI is the redirect URL we specified in the Spotify app settings
    • SpotifyTokenSwapURL and SpotifyTokenRefreshURLb are something we’re going to discuss in a little while

When the controller appears in viewWillAppear, we need to initialize a login link:

let url = "\(SpotifyClientID)&scope=\(SPTAuthStreamingScope)+\(SPTAuthPlaylistReadPrivateScope)+\(SPTAuthPlaylistModifyPublicScope)+\(SPTAuthPlaylistModifyPrivateScope)&redirect_uri=\(SpotifyRedirectURI)&nosignup=true&nolinks=true&show_dialog=true&response_type=code"

let request = NSURLRequest(URL: NSURL(string: url)!)


Look at the following parameters:

  • client_id - is our app’s client ID
  • scope - is the access permission
  • redirect_uri - is a redirect URL that lets us return to the app and spot the completion of login
  • nosignup = true - disables automatic login
  • show_dialog = true - is a required “Is it really you?” user confirmation
  • response_type = code - is a type of returned value (you can get code or access token here - we’re interested in the former).

Here’s how the response is processed:

func webView(webView: UIWebView, shouldStartLoadWithRequest request: NSURLRequest, navigationType: UIWebViewNavigationType) -> Bool {

    if request.URLString.hasPrefix(SpotifyRedirectURI) {
    // Example of a correct response::
        // projectName://spotify/callback?code=AQCY0mycN16svdc7Edj3jH1BUw...
        if let fragment = request.URL!.query,
            code = parameterValue(CodeKey, fragment: fragment) {
                // Now transfer URL to Spotify sessions’ constructor
                SPTAuth.defaultInstance().handleAuthCallbackWithTriggeredAuthURL(request.URL, callback: { (error: NSError!, session: SPTSession!) -> Void in
                    if session != nil {
                        // Notification about the login’s success
                        self.dismissViewControllerAnimated(true, completion: nil)
                    } else {
                        // Notification about the login’s mistake
                        self.dismissViewControllerAnimated(true, completion: nil)
        } else if let fragment = request.URL!.query,
            error = parameterValue(ErrorKey, fragment: fragment) {
            if error == "access_denied" {
        // Cancel
                self.dismissViewControllerAnimated(true, completion: nil)
            } else {
                self.presentViewController(Alert.alertWithText(error, cancelAction: {
                    self.dismissViewControllerAnimated(true, completion: nil)
                }), animated: true, completion: nil)

    return true

private func parameterValue(name: String, fragment: String) -> String? {
    let pairs = fragment.componentsSeparatedByString("&")
    for pair in pairs {
        let components = pair.componentsSeparatedByString("=")
        if components.first == name {
            return components.last
    return nil

A successful login implementation results into a session, which is available through SPTAuth.defaultInstance().session. The peculiarity of Spotify’s sessions is the duration of their lifespan. At the time of writing, it’s 1 hour long. Once this period expires, you have to call the SPTAuth.defaultInstance().renewSession method.

Seemingly not an issue, you just have to add a SPTAuth.defaultInstance().session.isValid() method validation, but here’s a catch: all sessions are stored locally on devices.

Storing and updating tokens

If you want user to login to several devices without signing into their Spotify over and over again, you’re going to have to do the following:

  • Remember we mentioned SpotifyTokenSwapURL and SpotifyTokenRefreshURL? Those are links to the server requests that implement Spotify token updates. When updating a session, you need to fix the renewSession method:
    SPTAuth.defaultInstance().tokenSwapURL    = SpotifyTokenSwapURL
    SPTAuth.defaultInstance().tokenRefreshURL = SpotifyTokenRefreshURL
    SPTAuth.defaultInstance().renewSession(SPTAuth.defaultInstance().session, callback: { (error: NSError!, session: SPTSession!) -> Void in
        if session != nil {
            // Success
        } else {
            failure(error: error)

We highly recommend that you reassign swap and refresh links before making any session updates. Otherwise, you might accidentally call renewSession in places, where SPTAuth.defaultInstance() hasn’t been configured yet.

  • Implement swap and refresh methods on the server. Here’s an example of this process in Ruby.

  • Once it has been working for an hour or so, call the renewSession method from your SDK, which then queries your server, gets the necessary data, creates a session and stores it on the device (again, locally).

With the following methods, the newly created session can be transformed into a string and back:

let sessionData = NSKeyedArchiver.archivedDataWithRootObject(session)
return sessionData.base64EncodedStringWithOptions(.Encoding64CharacterLineLength)

if let restoredSessionData = NSData.init(base64EncodedString: fixedSpotifySession, options: .IgnoreUnknownCharacters),
restoredSession = NSKeyedUnarchiver.unarchiveObjectWithData(restoredSessionData) as? SPTSession {
    SPTAuth.defaultInstance().session = restoredSession

A transformed session can be stored either locally or on a server, but you need to encrypt it first.

Songs stream

Spotify SDK allows your app’s users to listen to entire songs without being redirected to the Spotify application.

Audio streaming is done not through the usual AVPlayer, but through the SPTAudioStreamingController. For this example, we saved a Spotify player item as a singleton in the Utils class, which makes it accessible from anywhere:

static let spotifyPlayer = SPTAudioStreamingController(clientId: SpotifyClientID)

When launching our app (or once we have a connected Spotify account), we can call the player initialization:

Utils.spotifyPlayer.loginWithSession(SPTAuth.defaultInstance().session) { (error: NSError!) in
    if error != nil {
//       if error.code == 9 {
////         self.presentViewController(Alert.alertWithText("Buy spotify premium"), animated: true, completion: nil)
//       } else {
    } else {
        Utils.isSpotifyPremium = true

In this example, a Spotify Premium check block (the error code is 9, which means a standard account that doesn’t permit audio streaming) is commented due to request instability (which is plausible given that the SDK is in beta). Streaming is only available when there are no errors, regardless of their type.

The main methods of Spotify’s player

  • Track listing:

    let trackURI = NSURL(string: "spotify:track:\(trackId!)")!
    Utils.spotifyPlayer.playURIs([trackURI], withOptions: SPTPlayOptions(), callback: { (error: NSError!) in
        if error != nil {
  • Play and Pause

    Utils.spotifyPlayer.setIsPlaying(false) { (error: NSError!) in
        if error == nil {
            // Pause
        } else {
            print("Failed to stop spotify player: " + error.localizedDescription)
  • Stop:

  • The current position:

  • The overall track duration:

  • Rewind:

    Utils.spotifyPlayer.seekToOffset(Double(newPosition), callback: nil)

This concludes our article on implementing Spotify’s iOS SDK for mobile application development. We hope you’ve found something worth learning.

Do your consider integrating Spotify with your mobile application? Contact our sales department today to start working on your project.

P.S. Do not forget to logout from Spotify

SPTAuth.defaultInstance().session = nil

Useful links

  1. Spotify iOS SDK
  2. Spotify iOS SDK - tutorial
  3. Spotify Web API
  4. An example of the refresh and swap methods' implementation on Ruby
  5. Spotify Web API Endpoint Reference
  6. Spotify Web API Code Examples & Libraries