Getting 403 Error When Fetching Track Audio Features via Spotify API With Valid Authentication

Other Questions Spotify
1

Problem with Spotify API Audio Features Request

I’m running into a frustrating issue where I get a 403 Forbidden response when trying to fetch audio features for tracks through the Spotify Web API. The weird thing is that my authentication seems to be working fine.

What’s Working

  • OAuth login process completes successfully
  • I can get a valid access token using client.auth_manager.get_access_token()
  • My token includes the right permissions (user-library-read and playlist-read-private)
  • Other API endpoints work without issues

My Current Code

import requests

# Retrieve stored token or get a fresh one
auth_data = client.auth_manager.get_cached_token()

if auth_data:
    bearer_token = auth_data['access_token']
else:
    # No stored token found, start OAuth process
    auth_data = client.auth_manager.get_access_token()
    bearer_token = auth_data['access_token']

print(f"bearer_token = {bearer_token}")

api_url = "https://api.spotify.com/v1/audio-features"
request_headers = {
    "Authorization": f"Bearer {bearer_token}"
}
query_params = {
    "ids": "4uLU6hMCjMI75M1A2tKUQC"  # Sample track ID
}
api_response = requests.get(api_url, headers=request_headers, params=query_params)

if api_response.status_code == 200:
    print(api_response.json())
else:
    print(f"Request failed {api_response.status_code}: {api_response.text}")

The Error I Keep Getting

bearer_token = *****
Request failed 403: {
  "error" : {
    "status" : 403
  }
}

Things I’ve Already Checked

  • Double-checked that my token has the correct scopes
  • Confirmed the track ID is valid and publicly available
  • Made sure the token hasn’t expired
  • Tested other API calls like track search which work fine

I’m really confused about why this specific endpoint keeps rejecting my requests. Has anyone else run into this problem? What am I missing here?

2

I encountered something similar a few months back and it turned out to be a scope issue that wasn’t immediately obvious. The audio-features endpoint actually doesn’t require any specific scopes for public tracks, but there’s a catch - if your app registration in the Spotify Developer Dashboard has certain restrictions or if you’re in development mode, it can still throw 403 errors even with valid tokens. Try making the same request with a completely fresh app registration and see if that resolves it. Also worth checking if your app is still in development mode versus extended quota mode, as I’ve seen this cause issues with certain endpoints even when others work fine. The fact that your other calls work suggests the token itself is good, so it’s likely something with the app configuration rather than the authentication flow.

3

hmm weird one - i had this exact thing happen and it was actually a region/market issue. spotify sometimes blocks certain api calls based on where you’re making the request from or if the track isn’t available in your market. try adding a ‘market’ parameter to your request like “market”: “US” in your query_params. also double check that specific track id in a browser first to make sure its actually accessible. the 403 without details is super annoying but this fixed it for me.

4

This looks like a rate limiting or API quota issue rather than authentication. I’ve seen this exact behavior when hitting Spotify’s undocumented rate limits for the audio-features endpoint specifically. The 403 response without detailed error messaging is typical when you’ve exceeded the allowed requests per minute for that particular endpoint, even though other endpoints continue working normally. Try adding a delay between requests or reducing your request frequency. Also, make sure you’re not accidentally making multiple rapid calls to the same endpoint from different parts of your application. In my experience, waiting about 30 seconds and then retrying usually resolves this. If the issue persists, try batching multiple track IDs in a single request rather than making individual calls, as this is more efficient and less likely to trigger rate limiting.

5

Had a similar headache with this endpoint recently. Check your request URL structure - you might be missing the proper endpoint format. The audio-features endpoint can be picky about how you structure the request. Instead of using query parameters with ids, try using the direct path format like https://api.spotify.com/v1/audio-features/{track_id} for single tracks. I was getting 403s when using the bulk endpoint format incorrectly. Also verify your client credentials haven’t been regenerated recently in your Spotify app dashboard, as this can cause mysterious 403 errors even when cached tokens appear valid. The error response being so minimal is frustrating but usually indicates either malformed requests or stale credentials rather than actual permission issues.

6

I have a question as well,

If I use the remote player controller without using the Web API, will I encounter the limits of the developer mode? In other words, SpotifySdk.connectToSpotifyRemote, I believe under the hood calls the OAuth flow. I want to know if the authentication call used by the SDKs (in my case Flutter) is also subject to the maximum limit of 25 users.

So far, it has worked without adding my users to the allowlist and without enabling extended quotas. (I am not using any APIs besides connecting to the remote player)

I haven’t yet tried to authenticate more than 25 users in my app through the remote controller, so I want to understand if I am subject to the limits.