I’m having trouble getting audio features from Spotify’s API. Even though my authentication works fine and I have a valid token, I keep getting a 403 Forbidden response.
What’s working:
OAuth login process completes successfully
Token retrieval works with auth_manager.get_access_token()
I have the right scopes: user-library-read and playlist-read-private
My current code:
import requests
# Retrieve stored token or get a fresh one
cached_token = auth_manager.get_cached_token()
if cached_token:
bearer_token = cached_token['access_token']
else:
# No stored token found, start OAuth process
fresh_token = auth_manager.get_access_token()
bearer_token = fresh_token['access_token']
print(f"Bearer token: {bearer_token}")
api_url = "https://api.spotify.com/v1/audio-features"
request_headers = {
"Authorization": f"Bearer {bearer_token}"
}
query_params = {
"ids": "4uLU6hMCjMI75M1A2tKUQC" # Example track ID
}
api_response = requests.get(api_url, headers=request_headers, params=query_params)
if api_response.status_code == 200:
print(api_response.json())
else:
print(f"Request failed {api_response.status_code}: {api_response.text}")
This is probably a scope permissions issue. Your token’s scopes don’t match what the audio features endpoint needs. I hit the same 403 error when my app registration was messed up in the Spotify Dashboard.
Check that your client ID and secret are set up correctly for the Web API product. Make sure your redirect URI matches exactly what’s in your code. Spotify sometimes throws 403s when it should be a different error.
Try generating a completely fresh token through a new OAuth flow instead of using any cached version. Also test with the spotipy library instead of raw requests - might be a header formatting problem.
Had this exact problem last year - it’s a token validation issue on Spotify’s end. Your token looks valid but the audio features endpoint is picky and sometimes rejects tokens that work everywhere else. Clear your cache and do the full OAuth flow again from scratch. Don’t use any cached tokens. Also, depending on your auth library, you might need to refresh the token before calling auth_manager.get_access_token(). Try adding a short delay between auth and the API call too - Spotify’s servers seem to need time to propagate the token. When you get a 403 with no real error message, it’s usually the token, not your scopes.
check your spotify dashboard app settings - you’re probably missing “Web API” in products. even with the right scopes, audio features won’t work without this enabled. go to dashboard > your app > products and add web api. same 403 error here, this fixed it right away.
Had this exact problem a few months back - drove me nuts for hours. Your code and token are probably fine. The audio features endpoint doesn’t need specific scopes, but Spotify’s API gets weird about which scopes you have when making requests. Try adding user-read-private to your auth request. It’s not documented as required for audio features, but adding this basic scope fixed my 403 error. Also check you’re not sending multiple requests to the same endpoint at once - Spotify sometimes throws 403 instead of 429 for rate limits. And make sure your app isn’t stuck in development mode in the Spotify Dashboard. Dev mode apps have undocumented restrictions, so you might need to request an extension or apply for quota approval.
That 403 error on audio features is such a pain - I’ve hit this wall so many times. Don’t waste time fighting Spotify’s token validation weirdness and all their undocumented quirks. You need proper automation.
I’ve built music data pipelines before and manual token management always breaks. Spotify’s API has bizarre edge cases where tokens work for some calls but randomly fail on others. Plus you’re stuck handling rate limits, retries, and scope stuff yourself.
Latenode works way better for Spotify integration. It handles OAuth, token refresh, and API calls automatically. Set up workflows that pull audio features without those annoying 403s or expired tokens.
I use it for a music recommendation system processing thousands of tracks daily. No more random 403s since Latenode deals with all the auth complexity.
Best part? You can chain multiple Spotify operations and add error handling without writing tons of boilerplate.