I’m working on a Spotify application that needs to fetch data from an external REST service. The API endpoints I’m calling look like this:
http://api.myservice.com/data/fetch?param=example
I’ve added the proper permissions in my app’s manifest file:
"RequiredPermissions": [ "http://*.myservice.com" ]
My external API has CORS configured correctly. Here’s what the response headers look like:
Server: apache/2.4.18
Date: Fri, 15 Jan 2021 14:22:33 GMT
Content-Type: application/json
Connection: keep-alive
X-Framework: Express
Set-Cookie: sessionid=abc123def456; Path=/; HttpOnly
Content-Length: 15420
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: Content-Type, Authorization
200 OK
When I check the network tab in developer tools within Spotify, the requests show as terminated:
URL: fetch api.myservice.com/data
Method: GET
Status: (canceled)
Type: xhr
Initiator: main.js:142
Size: 8B (0B)
Time: 15ms
The same code works perfectly when I test it in a regular browser outside of Spotify. Has anyone encountered this issue before? Is there something specific about how Spotify handles external requests that I’m missing?
i think spotify has some kinda restrictions on http calls. try using https instead, they might be blockin http requests even with those permissioms. also, double check that your wildcard domain in the manifest is set up right.
Had this exact issue 6 months ago building a music recommendation widget. It’s not just HTTP vs HTTPS - Spotify kills requests that don’t match their expected response patterns. Your API’s returning too many metadata headers that Spotify’s sandbox hates. The Express framework header and that sessionid cookie are red flags for their security filters. I fixed it by creating a lightweight proxy that strips all the extra headers and only returns JSON data with minimal CORS headers. Also check if your API response is too large - Spotify has undocumented limits on external response payloads. Try calling a simpler endpoint first to see if it’s the headers or the data causing the problem.
Double-check your manifest permissions - you might need the exact protocol listed. Spotify’s pretty picky about wildcards matching protocols. That 15ms termination screams timeout issue. Try cutting down your API response size or throw in some logging to see exactly when it dies.
Spotify’s got super aggressive request filtering that goes way beyond normal CORS stuff. What you’re seeing isn’t a normal timeout - Spotify kills the request before it even finishes. I hit this exact issue building a playlist tool and found out Spotify’s got undocumented content validation rules that aren’t in their dev docs. Your API response has server headers and session cookies that trip their security filters. That 15ms cutoff? It’s happening during Spotify’s pre-flight check, not your actual network call. Try batching your requests or hitting their API less frequently - they’ve got separate rate limits on top of whatever your API has. Better yet, use their recommended data patterns instead of external calls if you can swing it.
The terminated status means Spotify’s security policies are blocking your requests. Even with the right manifest permissions, Spotify has extra restrictions on external API calls that they don’t document well. I hit this same problem building a data visualization app last year. Spotify’s runtime has built-in filtering that kills requests based on response headers, request frequency, and content type validation. Your Set-Cookie header might be causing this since Spotify restricts cookie operations. Try removing any auth cookies from your API responses and see if that fixes the termination. Also add a retry mechanism with exponential backoff - some requests might work intermittently.