<linkrel="alternate"type="application/rss+xml"href="/SpotifyAPI-NET/news/rss.xml"title="SpotifyAPI-NET Blog RSS Feed">
<linkrel="alternate"type="application/atom+xml"href="/SpotifyAPI-NET/news/atom.xml"title="SpotifyAPI-NET Blog Atom Feed"><titledata-react-helmet="true">Token Swap | SpotifyAPI-NET</title><metadata-react-helmet="true"property="og:url"content="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"><metadata-react-helmet="true"name="docusaurus_locale"content="en"><metadata-react-helmet="true"name="docusaurus_version"content="current"><metadata-react-helmet="true"name="docusaurus_tag"content="docs-default-current"><metadata-react-helmet="true"property="og:title"content="Token Swap | SpotifyAPI-NET"><metadata-react-helmet="true"name="description"content="Token Swap provides an authenticatiow flow where client-side apps (like CLI/desktop/mobile apps) are still able to use long-living tokens and the opportunity to refresh them without exposing your application's secret. This however requires a server-side part to work."><metadata-react-helmet="true"property="og:description"content="Token Swap provides an authenticatiow flow where client-side apps (like CLI/desktop/mobile apps) are still able to use long-living tokens and the opportunity to refresh them without exposing your application's secret. This however requires a server-side part to work."><linkdata-react-helmet="true"rel="shortcut icon"href="/SpotifyAPI-NET/img/favicon.ico"><linkdata-react-helmet="true"rel="canonical"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"><linkdata-react-helmet="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"hreflang="en"><linkdata-react-helmet="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"hreflang="x-default"><linkrel="stylesheet"href="/SpotifyAPI-NET/assets/css/styles.fa980c59.css">
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var spotify = new SpotifyClient(response.AccessToken);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Also important for later: response.RefreshToken</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">}</span></div></div></div><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o">Copy</button></div></div><p>The server swapped out the <code>code</code> for an <code>access_token</code> and <code>refresh_token</code>. Once we realize the <code>access_token</code> expired, we can also ask the server to refresh it:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly csharp"><divtabindex="0"class="prism-code language-csharp codeBlock_23N8 thin-scrollbar"><divclass="codeBlockLines_39YC"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// if response.IsExpired is true</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var newResponse = await new OAuthClient().RequestToken(</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new TokenSwapTokenRequest("https://your-swap-server.com/refresh", response.RefreshToken)</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">);</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var spotify = new SpotifyClient(newResponse.AccessToken);</span></div></div></div><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o">Copy</button></div></div><h2><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_2LWZ"id="server-implementation"></a>Server Implementation<aclass="hash-link"href="#server-implementation"title="Direct link to heading">#</a></h2><p>The server needs to support two endpoints, <code>/swap</code> and <code>/refresh</code> (endpoints can be named differently of course).</p><h3><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_2LWZ"id="swap"></a>Swap<aclass="hash-link"href="#swap"title="Direct link to heading">#</a></h3><p>The client sends a body via <code>application/x-www-form-urlencoded</code> where the received <code>code</code> is included. In cURL:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly bash"><divtabindex="0"class="prism-code language-bash codeBlock_23N8 thin-scrollbar"><divclass="codeBlockLines_39YC"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token function"style="color:rgb(130, 170, 255)">curl</span><spanclass="token plain"> -X POST </span><spanclass="token string"style="color:rgb(195, 232, 141)">"https://example.com/v1/swap"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">\</span><spanclass="token plain"></span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> -H </span><spanclass="token string"style="color:rgb(195, 232, 141)">"Content-Type: application/x-www-form-urlencoded"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">\</span><spanclass="token plain"></span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> --data </span><spanclass="token string"style="color:rgb(195, 232, 141)">"code=AQDy8...xMhKNA"</span></div></div></div><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o">Copy</button></div></div><p>The server needs to respond with content-type <code>application/json</code> and the following body:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly json"><divtabindex="0"class="prism-code language-json codeBlock_23N8 thin-scrollbar"><divclass="codeBlockLines_39YC"style="color:#bfc7d5;background-color:#292d3e"><divclass="token-line"style="color:#bfc7d5"><spanclass="token punctuation"style="color:rgb(199, 146, 234)">{</span><spanclass="token plain"></span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token property">"access_token"</span><spanclass="token plain"></span><spanclass="token operator"style="color:rgb(137, 221, 255)">:</span><spanclass="token plain"></span><spanclass="token string"style="color:rgb(195, 232, 141)">"NgAagA...Um_SHo"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">,</span><spanclass="token plain"></span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token property">"expires_in"</span><spanclass="token plain"></span><spanclass="token operator"style="color:rgb(137, 221, 255)">:</span><spanclass="token plain"></span><spanclass="token string"style="color:rgb(195, 232, 141)">"3600"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">,</span><spanclass="token plain"></span></div><divclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token property">"refresh_token"</span><spanclass="token plain"></span><spanclass="token operator"style="color:rgb(137, 221, 255)">:</span><spanclass="token plain"></span><spanclass="token string"style="color:rgb(195, 232, 141)">"NgCXRK...MzYjw"</span><spanclass="token plain"></span></div><divclass="token-line"style="col