<titledata-rh="true">Token Swap | SpotifyAPI-NET</title><metadata-rh="true"name="viewport"content="width=device-width,initial-scale=1"><metadata-rh="true"name="twitter:card"content="summary_large_image"><metadata-rh="true"property="og:url"content="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/5.1.1/auth/token_swap"><metadata-rh="true"name="docusaurus_locale"content="en"><metadata-rh="true"name="docsearch:language"content="en"><metadata-rh="true"name="docusaurus_version"content="5.1.1"><metadata-rh="true"name="docusaurus_tag"content="docs-default-5.1.1"><metadata-rh="true"name="docsearch:version"content="5.1.1"><metadata-rh="true"name="docsearch:docusaurus_tag"content="docs-default-5.1.1"><metadata-rh="true"property="og:title"content="Token Swap | SpotifyAPI-NET"><metadata-rh="true"name="description"content="This way uses server-side code or at least access to an exchange server, otherwise, compared to other"><metadata-rh="true"property="og:description"content="This way uses server-side code or at least access to an exchange server, otherwise, compared to other"><linkdata-rh="true"rel="icon"href="/SpotifyAPI-NET/img/favicon.ico"><linkdata-rh="true"rel="canonical"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/5.1.1/auth/token_swap"><linkdata-rh="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/5.1.1/auth/token_swap"hreflang="en"><linkdata-rh="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/5.1.1/auth/token_swap"hreflang="x-default"><linkrel="stylesheet"href="/SpotifyAPI-NET/assets/css/styles.4162a8a2.css">
methods, it is impossible to use.</p><p>With this approach, you provide the URI/URL to your desired exchange server to perform all necessary
requests to Spotify, as well as requests that return back to the "server URI".</p><p>The exchange server <strong>must</strong> be able to:</p><ul><li>Return the authorization code from Spotify API authenticate page via GET request to the "server URI".</li><li>Request the token response object via POST to the Spotify API token page.</li><li>Request a refreshed token response object via POST to the Spotify API token page.</li></ul><p><strong>The good news is that you do not need to code it yourself.</strong></p><p>The advantages of this method are that the client ID and redirect URI are very well hidden and almost unexposed, but more importantly, your client secret is <strong>never</strong> exposed and is completely hidden compared to other methods (excluding <ahref="/SpotifyAPI-NET/docs/5.1.1/auth/implicit_grant">ImplicitGrantAuth</a>
as it does not deal with a client secret). This means
your Spotify app <strong>cannot</strong> be spoofed by a malicious third party.</p><h2class="anchor anchorWithStickyNavbar_LWe7"id="using-tokenswapwebapifactory">Using TokenSwapWebAPIFactory<ahref="#using-tokenswapwebapifactory"class="hash-link"aria-label="Direct link to Using TokenSwapWebAPIFactory"title="Direct link to Using TokenSwapWebAPIFactory"></a></h2><p>The TokenSwapWebAPIFactory will create and configure a SpotifyWebAPI object for you.</p><p>It does this through the method GetWebApiAsync <strong>asynchronously</strong>, which means it will not halt execution of your program while obtaining it for you. If you would like to halt execution, which is <strong>synchronous</strong>, use <code>GetWebApiAsync().Result</code> without using <strong>await</strong>.</p><divclass="language-csharp codeBlockContainer_Ckt0 theme-code-block"style="--prism-color:#bfc7d5;--prism-background-color:#292d3e"><divclass="codeBlockContent_biex"><pretabindex="0"class="prism-code language-csharp codeBlock_bY9V thin-scrollbar"><codeclass="codeBlockLines_e6Vv"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token class-name"style="color:rgb(255, 203, 107)">TokenSwapWebAPIFactory</span><spanclass="token plain"> webApiFactory</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">;</span><spanclass="token plain"></span><br></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token class-name"style="color:rgb(255, 203, 107)">SpotifyWebAPI</span><spanclass="token plain"> spotify</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">;</span><spanclass="token plain"></span><br></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block"></span><br></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token comment"style="color:rgb(105, 112, 152);font-style:italic">// You should store a reference to WebAPIFactory if you are using AutoRefresh or want to manually refresh it later on. New WebAPIFactory objects cannot refresh SpotifyWebAPI object that they did not give to you.</span><spanclass="token plain"></span><br></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">webApiFactory </span><spanclass="token operator"style="color:rgb(137, 221, 255)">=</span><spanclass="token plain"></span><spanclass="token keyword"style="font-style:italic">new</span><spanclass="token plain"></span><spanclass="token constructor-invocation class-name"style="color:rgb(255, 203, 107)">TokenSwapWebAPIFactory</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">(</span><spanclass="token string"style="color:rgb(195, 232, 141)">"INSERT LINK TO YOUR index.php HERE"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">)</span><spanclass="token plain"></span><br></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">{</span><spanclass="token plain"></span><br></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> Scope </span><spanclass="token operator"style="color:rgb(137, 221, 255)">=</span><spanclass="token plain"> Scope</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">.</span><spanclass="token plain">UserReadPrivate </span><spanclass="token operator"style="color:rgb(137, 221, 255)">|</span><spanclass="token plain"> Scope</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">.</span><spanclass="token plain">UserReadEmail </span><spanclass="token operator"style="color:rgb(137, 221, 255)">|</span><spanclass="token plain"> Scope</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">.</span><spanclass="token plain">PlaylistReadPrivate</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">,</span><spanclass="token plain"></span><br></span><spanclass="token-line"style="color:#bfc7d