{"id":39099157,"url":"https://github.com/cycloneaddons/spotify-token-generator","last_synced_at":"2026-01-17T19:01:01.321Z","repository":{"id":313650638,"uuid":"1052160748","full_name":"CycloneAddons/spotify-token-generator","owner":"CycloneAddons","description":null,"archived":false,"fork":false,"pushed_at":"2025-09-19T03:48:19.000Z","size":30,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-19T05:49:37.294Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://spotify-tokener-api.vercel.app/api/getToken","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CycloneAddons.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-07T14:31:33.000Z","updated_at":"2025-09-19T03:48:16.000Z","dependencies_parsed_at":"2025-09-07T16:27:45.754Z","dependency_job_id":"3fe56259-5cd4-4d74-97ce-6fd3acf8cc9e","html_url":"https://github.com/CycloneAddons/spotify-token-generator","commit_stats":null,"previous_names":["cycloneaddons/spotify-token-generator"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CycloneAddons/spotify-token-generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneAddons%2Fspotify-token-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneAddons%2Fspotify-token-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneAddons%2Fspotify-token-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneAddons%2Fspotify-token-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CycloneAddons","download_url":"https://codeload.github.com/CycloneAddons/spotify-token-generator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneAddons%2Fspotify-token-generator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28516540,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T18:55:29.170Z","status":"ssl_error","status_checked_at":"2026-01-17T18:55:03.375Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T19:00:58.157Z","updated_at":"2026-01-17T19:01:01.315Z","avatar_url":"https://github.com/CycloneAddons.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"🎵 Spotify Token Generator\n\n⚠️ Important Legal Notice\nThis project is strictly for educational and research purposes only. It demonstrates how Spotify's TOTP-based authentication mechanism works by generating temporary anonymous access tokens.\nIt is not intended for production use or to bypass Spotify’s official API terms.\n\n\n---\n\n📖 Overview\n\nThis Node.js server illustrates how anonymous Spotify Web Player tokens can be obtained by replicating Spotify’s internal token generation process.\n\nBy reverse-engineering the API and re-implementing the TOTP verification step, this project shows how Spotify issues short-lived tokens for its Web Player.\n\nThis repo is meant to:\n\n🔍 Study reverse-engineering techniques\n\n⏱️ Understand TOTP (Time-based One-Time Passwords)\n\n🌐 Learn about web API authentication flows\n\n🛠️ Provide an educational playground for experimenting with auth systems\n\n\n\n---\n\n⚠️ Disclaimer\n\nUsage of this endpoint is not permitted under:\n\nSpotify Developer Terms of Service\n\nSpotify Developer Policy\n\nApplicable laws regarding unauthorized access\n\n\nBy using this project, you agree that:\n\n1. You are using it for educational purposes only\n\n\n2. You will not misuse it to access Spotify services improperly\n\n\n3. You understand the legal and ethical implications of reverse engineering\n\n\n4. You take full responsibility for how you use this code\n\n\n\n\n---\n\n🚀 Installation\n\nClone the repo and install dependencies:\n\nnpm install\n\n\n---\n\n▶️ Usage\n\nStart the server:\n\nnpm start\n\nBy default, it runs on port 37353.\n\nRequest a token example:\n\nGET http://localhost:37353/api/getToken\n\n\n---\n\n📦 Example Response\n\nHere’s an example of the response returned by the server (anonymous Web Player token):\n\n```json\n{\n  \"clientId\": \"d8a5ed958d274c2e8ee717e6a4b0971d\",\n  \"accessToken\": \"BQBk7vI7X2WHXlxZueGDHz709AvH5fCtiduLaeOwWc2mr9ffDqKmqaJkvVjS1u9z79TQ57KdEYPFNQUxLeICgzjMTrw2Zl68x8PqMS9_XUMGe3yuJQBtsmtjBmwskP96q_mjkXa_Y9c\",\n  \"accessTokenExpirationTimestampMs\": 1757250003632,\n  \"isAnonymous\": true,\n  \"_notes\": \"Usage of this endpoint is not permitted under the Spotify Developer Terms and Developer Policy, and applicable law\"\n}\n```\n\n\n---\n\n🎯 Why This Project is Cool\n\n✔️ Recreates Spotify’s hidden authentication flow\n✔️ Shows how TOTP can secure web APIs\n✔️ Demonstrates reverse-engineering in practice\n✔️ Works as a live educational server to test against\n\n\n---\n\n✅ Responsible Alternatives\n\nIf you want to work with Spotify data legitimately, you should:\n\n1. Use the official Spotify Developer API\n\n\n2. Register your application properly\n\n\n3. Follow their OAuth 2.0 flow\n\n\n4. Respect Spotify’s terms and developer guidelines\n\n\n\n\n---\n\n📜 License\n\nMIT License — for educational use only.\n\n\n---\n\n⚡ Note: This project is a showcase of reverse engineering skills.\nIt’s not meant for misuse, but it does flex how we can bypass the hidden Web Player token flow and still get a valid token response. 🚀\n\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcycloneaddons%2Fspotify-token-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcycloneaddons%2Fspotify-token-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcycloneaddons%2Fspotify-token-generator/lists"}