<titledata-react-helmet="true">Token Swap | SpotifyAPI-NET</title><metadata-react-helmet="true"property="og:url"content="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"><metadata-react-helmet="true"name="docusaurus_locale"content="en"><metadata-react-helmet="true"name="docusaurus_version"content="current"><metadata-react-helmet="true"name="docusaurus_tag"content="docs-default-current"><metadata-react-helmet="true"property="og:title"content="Token Swap | SpotifyAPI-NET"><metadata-react-helmet="true"name="description"content="Token Swap provides an authenticatiow flow where client-side apps (like CLI/desktop/mobile apps) are still able to use long-living tokens and the opportunity to refresh them without exposing your application's secret. This however requires a server-side part to work."><metadata-react-helmet="true"property="og:description"content="Token Swap provides an authenticatiow flow where client-side apps (like CLI/desktop/mobile apps) are still able to use long-living tokens and the opportunity to refresh them without exposing your application's secret. This however requires a server-side part to work."><linkdata-react-helmet="true"rel="shortcut icon"href="/SpotifyAPI-NET/img/favicon.ico"><linkdata-react-helmet="true"rel="canonical"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"><linkdata-react-helmet="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"hreflang="en"><linkdata-react-helmet="true"rel="alternate"href="https://johnnycrazy.github.io/SpotifyAPI-NET/docs/token_swap"hreflang="x-default"><linkrel="stylesheet"href="/SpotifyAPI-NET/assets/css/styles.834af7f3.css">
<div><ahref="#"class="skipToContent_1oUP">Skip to main content</a></div><navclass="navbar navbar--fixed-top"><divclass="navbar__inner"><divclass="navbar__items"><buttonaria-label="Navigation bar toggle"class="navbar__toggle clean-btn"type="button"tabindex="0"><svgwidth="30"height="30"viewBox="0 0 30 30"aria-hidden="true"><pathstroke="currentColor"stroke-linecap="round"stroke-miterlimit="10"stroke-width="2"d="M4 7h22M4 15h22M4 23h22"></path></svg></button><aclass="navbar__brand"href="/SpotifyAPI-NET/"><imgsrc="/SpotifyAPI-NET/img/logo.svg"alt="SpotifyAPI-NET"class="themedImage_1VuW themedImage--light_3UqQ navbar__logo"><imgsrc="/SpotifyAPI-NET/img/logo.svg"alt="SpotifyAPI-NET"class="themedImage_1VuW themedImage--dark_hz6m navbar__logo"><bclass="navbar__title">SpotifyAPI-NET</b></a><divclass="navbar__item dropdown dropdown--hoverable"><aclass="navbar__item navbar__link">Docs</a><ulclass="dropdown__menu"><li><aclass="dropdown__link"href="/SpotifyAPI-NET/docs/introduction">6.X (current)</a></li><li><aclass="dropdown__link"href="/SpotifyAPI-NET/docs/5.1.1/home">5.1.1</a></li></ul></div></div><divclass="navbar__items navbar__items--right"><ahref="https://github.com/JohnnyCrazy/SpotifyAPI-NET"target="_blank"rel="noopener noreferrer"class="navbar__item navbar__link"><span>GitHub<svgwidth="13.5"height="13.5"aria-hidden="true"viewBox="0 0 24 24"class="iconExternalLink_3J9K"><pathfill="currentColor"d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></span></a><divclass="react-toggle toggle_3Zt9 react-toggle--disabled"><divclass="react-toggle-track"role="button"tabindex="-1"><divclass="react-toggle-track-check"><spanclass="toggle_71bT">🌜</span></div><divclass="react-toggle-track-x"><spanclass="toggle_71bT">🌞</span></div><divclass="react-toggle-thumb"></div></div><inputtype="checkbox"class="react-toggle-screenreader-only"aria-label="Switch between dark and light mode"></div></div></div><divrole="presentation"class="navbar-sidebar__backdrop"></div></nav><divclass="main-wrapper docs-wrapper doc-page"><divclass="docPage_31aa"><buttonclass="clean-btn backToTopButton_35hR"type="button"title="Scroll to top"><svgviewBox="0 0 24 24"width="28"><pathd="M7.41 15.41L12 10.83l4.59 4.58L18 14l-6-6-6 6z"fill="currentColor"></path></svg></button><asideclass="docSidebarContainer_3Kbt"><divclass="sidebar_15mo"><navclass="menu thin-scrollbar menu_Bmed menuWithAnnouncementBar_2WvA"><ulclass="menu__list"><liclass="menu__list-item"><aclass="menu__link menu__link--sublist menu__link--active"href="#">SpotifyAPI-NET</a><ulstyle="display:block;overflow:visible;height:auto"class="menu__list"><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/introduction">Introduction</a></li><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/getting_started">Getting Started</a></li><liclass="menu__list-item menu__list-item--collapsed"><aclass="menu__link menu__link--sublist"href="#"tabindex="0">Guides</a></li><liclass="menu__list-item"><aclass="menu__link menu__link--sublist menu__link--active"href="#"tabindex="0">Authentication Guides</a><ulstyle="display:block;overflow:visible;height:auto"class="menu__list"><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/auth_introduction">Introduction</a></li><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/client_credentials">Client Credentials</a></li><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/implicit_grant">Implicit Grant</a></li><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/authorization_code">Authorization Code</a></li><liclass="menu__list-item"><aclass="menu__link"tabindex="0"href="/SpotifyAPI-NET/docs/pkce">PKCE</a></li><liclass="menu__list-item"><aaria-current="page"class="menu__linkmenu__link--activeactiv
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> var spotify = new SpotifyClient(response.AccessToken);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> // Also important for later: response.RefreshToken</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">}</span></span></code></pre><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>The server swapped out the <code>code</code> for an <code>access_token</code> and <code>refresh_token</code>. Once we realize the <code>access_token</code> expired, we can also ask the server to refresh it:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly csharp"><pretabindex="0"class="prism-code language-csharp codeBlock_23N8 thin-scrollbar"style="color:#bfc7d5;background-color:#292d3e"><codeclass="codeBlockLines_39YC"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">// if response.IsExpired is true</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var newResponse = await new OAuthClient().RequestToken(</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> new TokenSwapTokenRequest("https://your-swap-server.com/refresh", response.RefreshToken)</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">);</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"style="display:inline-block">
</span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain">var spotify = new SpotifyClient(newResponse.AccessToken);</span></span></code></pre><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o clean-btn">Copy</button></div></div><h2><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_2LWZ"id="server-implementation"></a>Server Implementation<aclass="hash-link"href="#server-implementation"title="Direct link to heading">#</a></h2><p>The server needs to support two endpoints, <code>/swap</code> and <code>/refresh</code> (endpoints can be named differently of course).</p><h3><aaria-hidden="true"tabindex="-1"class="anchor enhancedAnchor_2LWZ"id="swap"></a>Swap<aclass="hash-link"href="#swap"title="Direct link to heading">#</a></h3><p>The client sends a body via <code>application/x-www-form-urlencoded</code> where the received <code>code</code> is included. In cURL:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly bash"><pretabindex="0"class="prism-code language-bash codeBlock_23N8 thin-scrollbar"style="color:#bfc7d5;background-color:#292d3e"><codeclass="codeBlockLines_39YC"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token function"style="color:rgb(130, 170, 255)">curl</span><spanclass="token plain"> -X POST </span><spanclass="token string"style="color:rgb(195, 232, 141)">"https://example.com/v1/swap"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">\</span><spanclass="token plain"></span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> -H </span><spanclass="token string"style="color:rgb(195, 232, 141)">"Content-Type: application/x-www-form-urlencoded"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">\</span><spanclass="token plain"></span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"> --data </span><spanclass="token string"style="color:rgb(195, 232, 141)">"code=AQDy8...xMhKNA"</span></span></code></pre><buttontype="button"aria-label="Copy code to clipboard"class="copyButton_Ue-o clean-btn">Copy</button></div></div><p>The server needs to respond with content-type <code>application/json</code> and the following body:</p><divclass="codeBlockContainer_K1bP"><divclass="codeBlockContent_hGly json"><pretabindex="0"class="prism-code language-json codeBlock_23N8 thin-scrollbar"style="color:#bfc7d5;background-color:#292d3e"><codeclass="codeBlockLines_39YC"><spanclass="token-line"style="color:#bfc7d5"><spanclass="token punctuation"style="color:rgb(199, 146, 234)">{</span><spanclass="token plain"></span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token property">"access_token"</span><spanclass="token plain"></span><spanclass="token operator"style="color:rgb(137, 221, 255)">:</span><spanclass="token plain"></span><spanclass="token string"style="color:rgb(195, 232, 141)">"NgAagA...Um_SHo"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">,</span><spanclass="token plain"></span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token property">"expires_in"</span><spanclass="token plain"></span><spanclass="token operator"style="color:rgb(137, 221, 255)">:</span><spanclass="token plain"></span><spanclass="token string"style="color:rgb(195, 232, 141)">"3600"</span><spanclass="token punctuation"style="color:rgb(199, 146, 234)">,</span><spanclass="token plain"></span></span><spanclass="token-line"style="color:#bfc7d5"><spanclass="token plain"></span><spanclass="token property">"refresh_token"</span><spanclass="token plain"></span><spanclass="token operator"style="color:rgb(137, 221, 255)">:</span><spanclass="token plain"></span><spanclass="token string"style="color:rgb(195, 232, 141)">"NgCXRK...MzYjw"</span><spanclass="token plain"></span>