RESTful Spotify API

A lightweight Vercel serverless function to securely fetch your "Currently Playing" Spotify track.

📖 About The Project

This project solves the challenge of displaying your current Spotify status on a static site or frontend application without exposing your private credentials. It acts as a secure proxy that handles OAuth token refreshing server-side, returning a clean JSON response with just the data you need.

Key Features

• Secure: Keeps CLIENT_SECRET and REFRESH_TOKEN hidden on the server.
• Automated: Automatically handles access token generation and refreshing.
• Developer Friendly: CORS-enabled for easy integration with any frontend.
• Lightweight: Returns a simplified JSON object with essential track details.

🚀 Getting Started

Follow these steps to get your own instance running.

Prerequisites

1. Spotify Developer Account:

   • Go to the Spotify Developer Dashboard.
   • Create a new application.
   • Save your Client ID and Client Secret.
   • Add http://127.0.0.1:3000/callback to your Redirect URIs.

2. Generate a Refresh Token:

   • Authorize: Visit the URL below (replace YOUR_CLIENT_ID):

     https://accounts.spotify.com/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=http://127.0.0.1:3000/callback&scope=user-read-currently-playing
     

   • Get Code: After authorizing, copy the code parameter from the redirected URL.
   • Exchange for Token: Run this curl command:

     curl -X POST https://accounts.spotify.com/api/token \
       -H "Content-Type: application/x-www-form-urlencoded" \
       -d "grant_type=authorization_code" \
       -d "code=YOUR_AUTH_CODE" \
       -d "redirect_uri=http://127.0.0.1:3000/callback" \
       -d "client_id=YOUR_CLIENT_ID" \
       -d "client_secret=YOUR_CLIENT_SECRET"

   • Save: Keep the refresh_token from the response safe.

Installation & Deployment

1. Clone the repo

   git clone https://github.com/yourusername/RESTful-Spotify-API.git

2. Install NPM packages

   npm install

3. Deploy to Vercel
   • Import this project into Vercel.
   • Add the following Environment Variables:
     • SPOTIFY_CLIENT_ID
     • SPOTIFY_CLIENT_SECRET
     • SPOTIFY_REFRESH_TOKEN

⚡ Usage

API Endpoint

GET /api/now-playing

Response Examples

🎵 When Playing:

{
  "isPlaying": true,
  "title": "Midnight City",
  "artist": "M83",
  "album": "Hurry Up, We're Dreaming",
  "albumArt": "https://i.scdn.co/image/",
  "songUrl": "https://open.spotify.com/track/",
  "duration": 243000,
  "progress": 120500
}

🔇 When Offline/Paused:

{
  "isPlaying": false
}

Client-Side Integration

async function fetchNowPlaying() {
  try {
    const response = await fetch('https://your-project.vercel.app/api/now-playing');
    const data = await response.json();
    
    if (data.isPlaying) {
      console.log(`🎧 Now playing: ${data.title} by ${data.artist}`);
    } else {
      console.log("😴 Spotify is currently idle.");
    }
  } catch (error) {
    console.error("Error fetching track:", error);
  }
}

🧪 Testing

This project uses Jest for unit testing. The suite covers HTTP methods, environment validation, API integration, and error handling.

# Run all tests
npm test

# Run with coverage report
npm run test:coverage

Coverage Thresholds:

• Functions/Lines/Statements: >80%
• Branches: >70%

🔒 Security

• Environment Variables: All sensitive keys (CLIENT_SECRET, REFRESH_TOKEN) are stored in Vercel's environment variables.
• No Exposure: The client only receives the track data; it never sees the tokens used to fetch it.

📄 License

Distributed under the MIT License. See LICENSE for more information.