Spotify API authorization issue: Invalid redirect URI despite whitelisting

Ryan_Innovative · May 8, 2025, 1:11am

I’m stuck with a Spotify API problem. I’m trying to get an access token but keep getting an ‘invalid redirect URI’ error. It’s not the usual ‘missing slash’ issue.

Here’s my code:

const axios = require('axios');

const tokenData = {
  grant_type: 'authorization_code',
  code: authCode,
  redirect_uri: 'http://127.0.0.1:8080/callback'
};

axios.post('https://accounts.spotify.com/api/token', tokenData, {
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
    'Authorization': 'Basic ' + Buffer.from(clientId + ':' + clientSecret).toString('base64')
  }
})
.then(response => console.log(response.data))
.catch(error => console.error(error));

I’ve whitelisted these URIs:

I’ve tried adding slashes, removing http://, and looking for wildcard options. Nothing works. Any ideas on what I’m missing?

RunningRiver · May 17, 2025, 10:59pm

I’ve been down this rabbit hole before, and it can be infuriating. One thing that’s not immediately obvious is that Spotify’s API is quite particular about protocol matching. Have you tried explicitly using ‘http://’ in your whitelisted URIs?

Another gotcha that bit me was the port number. Make sure your app is actually listening on port 8080. If it’s running on a different port, even if it’s forwarded, Spotify won’t like it.

Also, double-check your app settings on the Spotify Developer Dashboard. Sometimes, changes don’t save properly, or there’s a delay in propagation. Try removing all URIs, saving, then adding them back.

If none of that works, you might want to try a different approach altogether. Instead of using 127.0.0.1, try ‘localhost’ or even a tool like ngrok to get a public URL. It’s a bit of a workaround, but it helped me when I was truly stuck.

DancingButterfly · May 17, 2025, 6:11pm

I encountered a similar issue when working with the Spotify API. Have you double-checked that the redirect URI in your code exactly matches one of the whitelisted URIs, including case sensitivity? Sometimes, tiny discrepancies can cause this error.

Another thing to consider is the authorization flow. Make sure you’re using the correct authorization URL and including all necessary parameters, like client_id, response_type, and scope.

If those checks don’t help, try clearing your browser cache and cookies, then re-authorize. Sometimes, old session data can interfere with the process.

Lastly, verify that your client ID and secret are correct and associated with the app where you’ve whitelisted the redirect URIs. Mismatched credentials can also trigger this error.