https://github.com/misiektoja/spotify_monitor
Real-time tracking of Spotify friends music activity
https://github.com/misiektoja/spotify_monitor
Last synced: 22 days ago
JSON representation
Real-time tracking of Spotify friends music activity
- Host: GitHub
- URL: https://github.com/misiektoja/spotify_monitor
- Owner: misiektoja
- License: gpl-3.0
- Created: 2024-04-23T15:51:22.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-22T00:06:57.000Z (almost 2 years ago)
- Last Synced: 2024-05-22T22:29:06.284Z (almost 2 years ago)
- Language: Python
- Homepage:
- Size: 1.14 MB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-osint - spotify_monitor - Tool for real-time tracking of Spotify friends' listening activity including detection when user gets online & offline, played songs, its duration, skipped songs, with optional auto-play, email alerts, CSV logging, session stats and more ([↑](#-table-of-contents) Music Streaming Services / [↑](#-table-of-contents) GitHub)
README
# spotify_monitor
Powerful real-time tracker for Spotify friend music activity: monitor listening habits, auto-sync playback to your local client, detect skipped tracks and receive instant notifications for every beat your friends play.
### 🚀 Quick Install
```sh
pip install spotify_monitor
```
### 🔍 Real-time Tracking
- **Friend Activity**: Monitor songs listened by Spotify users in real-time.
- **Presence Detection**: Detect when friends get **online** or **offline**.
- **Session Stats**: Display **duration, track counts** and **songs on loop**.
### 🎮 Playback Control
- **Auto-Sync**: Automatically **play friends' songs** in your local Spotify client.
- **Smart Pause**: **Pause** or **switch** tracks when the monitored user goes offline.
- **Crossfade Support**: Detect and annotate **crossfaded songs** during transitions.
### 📊 Rich Insights
- **Track Context**: View **playlist, artist** and **album info** with clickable URLs.
- **Skip Detection**: Identify exactly when and how long a song was played.
- **Global Search**: Instant links to **Spotify, YouTube Music, Apple Music, Tidal, lyrics** and more.
### 🔔 Smart Notifications
- **Instant Alerts**: Detailed **Email notifications** for activity and songs on loop.
- **Session Summaries**: Receive detailed reports when a friend finishes a session.
- **Error Reporting**: Be notified if the monitoring process hits a snag.
### ⚙️ Power Features
- **Auth Flexibility**: Hybrid support for `sp_dc` cookie, Desktop Client and OAuth app.
- **CSV Logging**: Save every listened song with full timestamps to a CSV file.
- **Flexible Config**: Support for files, dotenv and environment variables.
- **Signal Control**: Manage the running script via system signals (macOS/Linux).
🎵 For even better real-time tracking with pause/resume detection, track progress indicators, enhanced stats and offline mode support, check out [lastfm_monitor](https://github.com/misiektoja/lastfm_monitor) - it is much easier to set up, simply ask your friend to connect Last.fm to Spotify (Last.fm Settings → Applications → Connect Spotify Scrobbling) and you're ready to go!
✨ If you're interested in tracking changes to Spotify users' profiles including their playlists, take a look at another tool I've developed: [spotify_profile_monitor](https://github.com/misiektoja/spotify_profile_monitor).
🛠️ If you're looking for debug tools to get Spotify Web Player access tokens and extract secret keys: [click here](#debugging-tools)
1. [Requirements](#requirements)
2. [Installation](#installation)
* [Install from PyPI](#install-from-pypi)
* [Manual Installation](#manual-installation)
* [Upgrading](#upgrading)
3. [Quick Start](#quick-start)
4. [Configuration](#configuration)
* [Configuration File](#configuration-file)
* [Spotify access token source](#spotify-access-token-source)
* [Spotify sp_dc Cookie](#spotify-sp_dc-cookie)
* [Spotify Desktop Client](#spotify-desktop-client)
* [Spotify OAuth App](#spotify-oauth-app)
* [Following the Monitored User](#following-the-monitored-user)
* [How to Get a Friend's User URI ID](#how-to-get-a-friends-user-uri-id)
* [SMTP Settings](#smtp-settings)
* [Storing Secrets](#storing-secrets)
5. [Usage](#usage)
* [Monitoring Mode](#monitoring-mode)
* [Listing Mode](#listing-mode)
* [Email Notifications](#email-notifications)
* [CSV Export](#csv-export)
* [Automatic Playback of Listened Tracks in the Spotify Client](#automatic-playback-of-listened-tracks-in-the-spotify-client)
* [Check Intervals](#check-intervals)
* [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix)
* [Coloring Log Output with GRC](#coloring-log-output-with-grc)
6. [Debugging Tools](#debugging-tools)
* [Access Token Retrieval via sp_dc Cookie and TOTP](#access-token-retrieval-via-sp_dc-cookie-and-totp)
* [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles)
7. [Change Log](#change-log)
8. [Maintainers](#maintainers)
9. [License](#license)
* Python 3.6 or higher
* Libraries: `requests`, `python-dateutil`, `urllib3`, `pyotp`, `python-dotenv`, `wcwidth`, `spotipy`
Tested on:
* **macOS**: Ventura, Sonoma, Sequoia, Tahoe
* **Linux**: Raspberry Pi OS (Bullseye, Bookworm, Trixie), Ubuntu 24/25, Rocky Linux 8.x/9.x, Kali Linux 2024/2025
* **Windows**: 10, 11
It should work on other versions of macOS, Linux, Unix and Windows as well.
```sh
pip install spotify_monitor
```
Download the *[spotify_monitor.py](https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/spotify_monitor.py)* file to the desired location.
Install dependencies via pip:
```sh
pip install requests python-dateutil urllib3 pyotp python-dotenv wcwidth spotipy
```
Alternatively, from the downloaded *[requirements.txt](https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/requirements.txt)*:
```sh
pip install -r requirements.txt
```
To upgrade to the latest version when installed from PyPI:
```sh
pip install spotify_monitor -U
```
If you installed manually, download the newest *[spotify_monitor.py](https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/spotify_monitor.py)* file to replace your existing installation.
1. Grab your [Spotify sp_dc cookie](#spotify-sp_dc-cookie) and set up [OAuth app credentials](#spotify-oauth-app) (required since v2.7)
2. Follow the user you wish to track as described [here](#following-the-monitored-user)
3. Track the `spotify_user_uri_id` music activities:
```sh
spotify_monitor -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
```
Or if you installed [manually](#manual-installation):
```sh
python3 spotify_monitor.py -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
```
To get the list of all supported command-line arguments / flags:
```sh
spotify_monitor --help
```
Most settings can be configured via command-line arguments.
If you want to have it stored persistently, generate a default config template and save it to a file named `spotify_monitor.conf`:
```sh
# On macOS, Linux or Windows Command Prompt (cmd.exe)
spotify_monitor --generate-config > spotify_monitor.conf
# On Windows PowerShell (recommended to avoid encoding issues)
spotify_monitor --generate-config spotify_monitor.conf
```
> **IMPORTANT**: On **Windows PowerShell**, using redirection (`>`) can cause the file to be encoded in UTF-16, which will lead to "null bytes" errors when running the tool. It is highly recommended to provide the filename directly as an argument to `--generate-config` to ensure UTF-8 encoding.
Edit the `spotify_monitor.conf` file and change any desired configuration options (detailed comments are provided for each).
**New in v2.7:** The tool now uses a hybrid authentication approach. OAuth app credentials (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) are required for track and user information retrieval when using either `cookie` or `client` token source methods. See [Spotify OAuth App](#spotify-oauth-app) section for setup instructions.
**New in v2.6:** The configuration file includes options to enable/disable music service URLs (Apple Music, YouTube Music, Amazon Music, Deezer, Tidal) and lyrics service URLs (Genius, AZLyrics, Tekstowo.pl, Musixmatch, Lyrics.com) in console and email outputs. You can also configure crossfade detection thresholds and the number of recent songs to include in inactivity emails.
### Spotify access token source
The tool uses a **hybrid authentication approach**.
For friend activity monitoring, you need to configure either the `cookie` or `client` token source method.
Additionally, you also need to configure **OAuth app credentials** (`SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET`) for track and user information retrieval as described in [Spotify OAuth App](#spotify-oauth-app).
The token source method can be configured via the `TOKEN_SOURCE` configuration option or the `--token-source` flag.
**Recommended: `cookie`**
Uses the `sp_dc` cookie to retrieve a token from the Spotify web endpoint. This method is easy to set up and recommended for most users.
**Alternative: `client`**
Uses captured credentials from the Spotify desktop client and a Protobuf-based login flow. It's more complex to set up and intended for advanced users who want a long-lasting token with the broadest possible access.
If no method is specified, the tool defaults to the `cookie` method.
**Important**: It is strongly recommended to use a separate Spotify account with this tool. It does not rely on the official Spotify Web API for core features (like fetching friend activity), as it is not supported by the public API. That said, while I've never encountered any issues on my own accounts, I can't guarantee that Spotify won't impose restrictions in the future - you've been warned.
This is the default method used to obtain a Spotify access token.
- Log in to [https://open.spotify.com/](https://open.spotify.com/) in your web browser.
- Locate and copy the value of the `sp_dc` cookie.
- Use your web browser's dev console or **Cookie-Editor** by cgagnier to extract it easily: [https://cookie-editor.com/](https://cookie-editor.com/)
- Provide the `SP_DC_COOKIE` secret using one of the following methods:
- Pass it at runtime with `-u` / `--spotify-dc-cookie`
- Set it as an [environment variable](#storing-secrets) (e.g. `export SP_DC_COOKIE=...`)
- Add it to [.env file](#storing-secrets) (`SP_DC_COOKIE=...`) for persistent use
- Fallback: hard-code it in the code or config file
If your `sp_dc` cookie expires, the tool will notify you via the console and email. In that case, you'll need to grab the new `sp_dc` cookie value.
If you store the `SP_DC_COOKIE` in a dotenv file you can update its value and send a `SIGHUP` signal to reload the file with the new `sp_dc` cookie without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days, that's why since v2.4 the tool fetches it from remote URL (see `SECRET_CIPHER_DICT_URL`); you can also run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [Secret Key Extraction from Spotify Web Player Bundles](#secret-key-extraction-from-spotify-web-player-bundles) for more info).
This is the alternative method used to obtain a Spotify access token which simulates a login from the real Spotify desktop app using credentials intercepted from a real session.
- Run an intercepting proxy of your choice (like [Proxyman](https://proxyman.com) - the trial version is sufficient)
- Enable SSL traffic decryption for `spotify.com` domain
- in Proxyman: click **Tools → SSL Proxying List → + button → Add Domain → paste `*.spotify.com` → Add**
- Launch the Spotify desktop client, then switch to your intercepting proxy (like Proxyman) and look for POST requests to `https://login5.spotify.com/v3/login`
- If you don't see this request, try following steps (stop once it works):
- restart the Spotify desktop client
- log out from the Spotify desktop client and log back in
- point Spotify at the intercepting proxy directly in its settings, i.e. in **Spotify → Settings → Proxy Settings**, set:
- **proxy type**: `HTTP`
- **host**: `127.0.0.1` (IP/FQDN of your proxy, for Proxyman use the IP you see at the top bar)
- **port**: `9090` (port of your proxy, for Proxyman use the port you see at the top bar)
- restart the app; since QUIC (HTTP/3) requires raw UDP and can't tunnel over HTTP CONNECT, Spotify will downgrade to TCP-only HTTP/2 or 1.1, which intercepting proxy can decrypt
- block Spotify's UDP port 443 at the OS level with a firewall of your choice - this prevents QUIC (HTTP/3), forcing TLS over TCP and letting intercepting proxy perform MITM
- try an older version of the Spotify desktop client
- Export the login request body (a binary Protobuf payload) to a file (e.g. ***login-request-body-file***)
- In Proxyman: **right click the request → Export → Request Body → Save File**.
- Run the tool with `--token-source client -w `:
```sh
spotify_monitor --token-source client -w
```
If successful, the tool will automatically extract the necessary fields and begin monitoring.
Instead of using the `-w` flag each time, you can persist the Protobuf login request file path by setting the `LOGIN_REQUEST_BODY_FILE` configuration option.
The same applies to `--token-source client` flag - you can persist it via `TOKEN_SOURCE` configuration option set to `client`.
The tool will automatically refresh both the access token and client token using the intercepted refresh token.
If your refresh token expires, the tool will notify you via the console and email. In that case, you'll need to re-export the login request body.
If you re-export the login request body to the same file name, you can send a `SIGHUP` signal to reload the file with the new refresh token without restarting the tool. More info in [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
Advanced options are available for further customization - refer to the configuration file comments. However, the default settings are suitable for most users and modifying other values is generally NOT recommended.
Due to restrictions introduced by Spotify on December 22, 2025, the tool now requires this in addition to either a `cookie` or `client` token source method to retrieve track and user information.
This method uses an official Spotify Web API (Client Credentials OAuth flow).
To obtain the credentials:
- Log in to [Spotify Developer dashboard](https://developer.spotify.com/dashboard)
- Create a new app
- For **Redirect URL**, use: `http://127.0.0.1:1234`
- The URL must match exactly as shown, including not having a `/` at the end
- When copying the link via right-click, some browsers may add an extra `/` to the URL
- Select **Web API** as the intended API
- Copy the **Client ID** and **Client Secret**
- Provide the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` secrets using one of the following methods:
- Pass it at runtime with `-r` / `--oauth-app-creds` (use `SP_APP_CLIENT_ID:SP_APP_CLIENT_SECRET` format - note the colon separator)
- Set it as an [environment variable](#storing-secrets) (e.g. `export SP_APP_CLIENT_ID=...; export SP_APP_CLIENT_SECRET=...`)
- Add it to [.env file](#storing-secrets) (`SP_APP_CLIENT_ID=...` and `SP_APP_CLIENT_SECRET=...`) for persistent use
- Fallback: hard-code it in the code or config file
Example:
```sh
spotify_monitor -r "your_spotify_app_client_id:your_spotify_app_client_secret"
```
The tool automatically refreshes the OAuth app access token, so it remains valid indefinitely. Tokens are cached in the file specified by `SP_APP_TOKENS_FILE` configuration option (default: `.spotify-monitor-oauth-app.json`).
If you store the `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` in a dotenv file you can update their values and send a `SIGHUP` signal to reload the file with the new secret values without restarting the tool. More info in [Storing Secrets](#storing-secrets) and [Signal Controls (macOS/Linux/Unix)](#signal-controls-macoslinuxunix).
### Following the Monitored User
To monitor a user's activity, you must follow them from the Spotify account associated with the `sp_dc` cookie or `client` credentials.
Additionally, the user must have sharing of listening activity enabled in their Spotify client settings. Without this, no activity data will be visible.
### How to Get a Friend's User URI ID
The easiest way is via the Spotify desktop or mobile client:
- go to your friend's profile
- click the **three dots** (•••) or press the **Share** button
- copy the link to the profile
You'll get a URL like: [https://open.spotify.com/user/spotify_user_uri_id?si=tracking_id](https://open.spotify.com/user/spotify_user_uri_id?si=tracking_id)
Extract the part between `/user/` and `?si=` - in this case: `spotify_user_uri_id`
Use that as the user URI ID (`spotify_user_uri_id`) in the tool.
Alternatively you can list all user URI IDs of accounts you follow by using [Listing mode](#listing-mode).
If you want to use email notifications functionality, configure SMTP settings in the `spotify_monitor.conf` file.
Verify your SMTP settings by using `--send-test-email` flag (the tool will try to send a test email notification):
```sh
spotify_monitor --send-test-email
```
It is recommended to store secrets like `SP_DC_COOKIE`, `REFRESH_TOKEN`, `SP_APP_CLIENT_ID`, `SP_APP_CLIENT_SECRET` or `SMTP_PASSWORD` as either an environment variable or in a dotenv file.
Set the needed environment variables using `export` on **Linux/Unix/macOS/WSL** systems:
```sh
export SP_DC_COOKIE="your_sp_dc_cookie_value"
export REFRESH_TOKEN="your_spotify_app_refresh_token"
export SP_APP_CLIENT_ID="your_spotify_app_client_id"
export SP_APP_CLIENT_SECRET="your_spotify_app_client_secret"
export SMTP_PASSWORD="your_smtp_password"
```
On **Windows Command Prompt** use `set` instead of `export` and on **Windows PowerShell** use `$env`.
Alternatively store them persistently in a dotenv file (recommended):
```ini
SP_DC_COOKIE="your_sp_dc_cookie_value"
REFRESH_TOKEN="your_spotify_app_refresh_token"
SP_APP_CLIENT_ID="your_spotify_app_client_id"
SP_APP_CLIENT_SECRET="your_spotify_app_client_secret"
SMTP_PASSWORD="your_smtp_password"
```
By default the tool will auto-search for dotenv file named `.env` in current directory and then upward from it.
You can specify a custom file with `DOTENV_FILE` or `--env-file` flag:
```sh
spotify_monitor --env-file /path/.env-spotify_monitor
```
You can also disable `.env` auto-search with `DOTENV_FILE = "none"` or `--env-file none`:
```sh
spotify_monitor --env-file none
```
As a fallback, you can also store secrets in the configuration file or source code.
To monitor specific user activity, just type [Spotify user URI ID](#how-to-get-a-friends-user-uri-id) as a command-line argument (`spotify_user_uri_id` in the example below):
```sh
spotify_monitor
```
If you use the default method to obtain a Spotify access token (`cookie`) and have not set `SP_DC_COOKIE` secret, you can use `-u` flag:
```sh
spotify_monitor -u "your_sp_dc_cookie_value"
```
**Note:** OAuth app credentials are now required for track and user information retrieval. If you haven't set `SP_APP_CLIENT_ID` and `SP_APP_CLIENT_SECRET` via environment variables or `.env` file, you can use the `-r` flag:
```sh
spotify_monitor -u "your_sp_dc_cookie_value" -r "your_spotify_app_client_id:your_spotify_app_client_secret"
```
See [Spotify OAuth App](#spotify-oauth-app) for detailed setup instructions.
By default, the tool looks for a configuration file named `spotify_monitor.conf` in:
- current directory
- home directory (`~`)
- script directory
If you generated a configuration file as described in [Configuration](#configuration), but saved it under a different name or in a different directory, you can specify its location using the `--config-file` flag:
```sh
spotify_monitor --config-file /path/spotify_monitor_new.conf
```
The tool runs until interrupted (`Ctrl+C`). Use `tmux` or `screen` for persistence.
You can monitor multiple Spotify friends by running multiple copies of the script.
The tool automatically saves its output to `spotify_monitor_.log` file. The log file name can be changed via `SP_LOGFILE` configuration option and its suffix via `FILE_SUFFIX` / `-y` flag. Logging can be disabled completely via `DISABLE_LOGGING` / `-d` flag.
Keep in mind that monitoring reports the listened track AFTER the user finishes listening to it. This is how activities are reported by Spotify.
There is also another mode of the tool which displays various requested information.
If you want to display a list of all the friends you follow with their recently listened tracks (`-l` flag):
```sh
spotify_monitor -l
```
It also displays your friend's Spotify username (often the user's first and last name) and user URI ID (often a string of random characters). The latter should be used as a tool's command-line argument to monitor the user.
To enable email notifications when a user becomes active:
- set `ACTIVE_NOTIFICATION` to `True`
- or use the `-a` flag
```sh
spotify_monitor -a
```
To be informed when a user gets inactive:
- set `INACTIVE_NOTIFICATION` to `True`
- or use the `-i` flag
```sh
spotify_monitor -i
```
Inactivity emails include recent songs from the session with skipped track status. Configure the number of recent songs to include via the `INACTIVE_EMAIL_RECENT_SONGS_COUNT` configuration option.
To get email notifications when a monitored track/playlist/album plays:
- set `TRACK_NOTIFICATION` to `True`
- or use the `-t` flag
For that feature you also need to create a file with a list of songs you want to track (one track, album or playlist per line). Specify the file using the `MONITOR_LIST_FILE` or `-s` flag:
```sh
spotify_monitor -t -s spotify_tracks_spotify_user_uri_id
```
Example file `spotify_tracks_spotify_user_uri_id`:
```
we fell in love in october
Like a Stone
Half Believing
Something Changed
I Will Be There
```
You can comment out specific lines with # if needed.
To enable email notifications for every song listened by the user:
- set `SONG_NOTIFICATION` to `True`
- or use the `-j` flag
```sh
spotify_monitor -j
```
To be notified when a user listens to the same song on loop:
- set `SONG_ON_LOOP_NOTIFICATION` to `True`
- or use the `-x` flag
```sh
spotify_monitor -x
```
To disable sending an email on errors (enabled by default):
- set `ERROR_NOTIFICATION` to `False`
- or use the `-e` flag
```sh
spotify_monitor -e
```
Make sure you defined your SMTP settings earlier (see [SMTP settings](#smtp-settings)).
Example email:
If you want to save all listened songs to a CSV file, set `CSV_FILE` or use `-b` flag:
```sh
spotify_monitor -b spotify_tracks_user_uri_id.csv
```
The file will be automatically created if it does not exist.
### Automatic Playback of Listened Tracks in the Spotify Client
If you want the tool to automatically play the tracks listened to by the user in your local Spotify client:
- set `TRACK_SONGS` to `True`
- or use the `-g` flag
```sh
spotify_monitor -g
```
Your Spotify client needs to be installed and running for this feature to work.
The tool fully supports automatic playback on **Linux** and **macOS**. This means it will automatically play the changed track and can also pause or play the indicated track once the user becomes inactive (see the `SP_USER_GOT_OFFLINE_TRACK_ID` configuration option).
For **Windows**, it works in a semi-automatic way: if you have the Spotify client running and you are not listening to any song, then the first track will play automatically. However, subsequent tracks will be located in the client, but you will need to press the play button manually.
You can change the playback method per platform using the corresponding configuration option.
For **macOS** set `SPOTIFY_MACOS_PLAYING_METHOD` to one of the following values:
- "**apple-script**" (recommended, **default**)
- "trigger-url"
For **Linux** set `SPOTIFY_LINUX_PLAYING_METHOD` to one of the following values:
- "**dbus-send**" (most common one, **default**)
- "qdbus" (try if dbus-send does not work)
- "trigger-url"
For **Windows** set `SPOTIFY_WINDOWS_PLAYING_METHOD` to one of the following values:
- "**start-uri**" (recommended, **default**)
- "spotify-cmd"
- "trigger-url"
The recommended defaults should work for most people.
Note: monitoring reports the listened track after the user finishes listening to it. This is how activities are reported by Spotify. It means you will be one song behind the monitored user and if the song currently listened to by the tracked user is longer than the previous one, then the previously listened song might be played in your Spotify client on repeat (and if shorter it might be changed in the middle of the currently played song).
For real-time playback tracking of a user's music activities, ask your friend to connect their Spotify account with [Last.fm](https://www.last.fm/). Then use my other tool: [lastfm_monitor](https://github.com/misiektoja/lastfm_monitor).
If you want to customize the polling interval, use `-c` flag (or `SPOTIFY_CHECK_INTERVAL` configuration option):
```sh
spotify_monitor -c 20
```
If you want to change the time required to mark the user as inactive (the timer starts from the last reported track), use `-o` flag (or `SPOTIFY_INACTIVITY_CHECK` configuration option):
```sh
spotify_monitor -o 900
```
### Signal Controls (macOS/Linux/Unix)
The tool has several signal handlers implemented which allow to change behavior of the tool without a need to restart it with new configuration options / flags.
List of supported signals:
| Signal | Description |
| ----------- | ----------- |
| USR1 | Toggle email notifications when user gets active/inactive (-a, -i) |
| USR2 | Toggle email notifications for every song (-j) |
| CONT | Toggle email notifications for tracked songs (-t) |
| PIPE | Toggle email notifications when user plays song on loop (-x) |
| TRAP | Increase the inactivity check timer (by 30 seconds) (-o) |
| ABRT | Decrease the inactivity check timer (by 30 seconds) (-o) |
| HUP | Reload secrets from .env file and token source credentials from Protobuf files |
Send signals with `kill` or `pkill`, e.g.:
```sh
pkill -USR1 -f "spotify_monitor "
```
As Windows supports limited number of signals, this functionality is available only on Linux/Unix/macOS.
### Coloring Log Output with GRC
You can use [GRC](https://github.com/garabik/grc) to color logs.
Add to your GRC config (`~/.grc/grc.conf`):
```
# monitoring log file
.*_monitor_.*\.log
conf.monitor_logs
```
Now copy the [conf.monitor_logs](https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/main/grc/conf.monitor_logs) to your `~/.grc/` and log files should be nicely colored when using `grc` tool.
Example:
```sh
grc tail -F -n 100 spotify_monitor_.log
```
To help with troubleshooting and development, two debug utilities are available in the [debug](https://github.com/misiektoja/spotify_monitor/tree/dev/debug) directory.
### Access Token Retrieval via sp_dc Cookie and TOTP
The [spotify_monitor_totp_test](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) tool retrieves a Spotify access token using a Web Player `sp_dc` cookie and TOTP parameters.
Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_totp_test.py) or:
```sh
wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_totp_test.py
```
Install requirements:
```sh
pip install requests python-dateutil pyotp
```
Run:
```sh
python3 spotify_monitor_totp_test.py --sp-dc "your_sp_dc_cookie_value"
```
You should get a valid Spotify access token, example output:
> **NOTE:** secrets used for TOTP generation (`SECRET_CIPHER_DICT`) expire every few days; you can either run the [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) and extract it by yourself (see [here](#secret-key-extraction-from-spotify-web-player-bundles) for more info) or you can pass `--fetch-secrets` flag in `spotify_monitor_totp_test` (available since v1.6). There is also a [xyloflake/spot-secrets-go/](https://github.com/xyloflake/spot-secrets-go/) repo which offers JSON files that are automatically updated with current secrets (you can pass `--download-secrets` flag in `spotify_monitor_totp_test` to get it automatically from remote URL, available since v1.8).
### Secret Key Extraction from Spotify Web Player Bundles
The [spotify_monitor_secret_grabber](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) tool automatically extracts secret keys used for TOTP generation in Spotify Web Player JavaScript bundles.
> 💡 **Quick tip:** The easiest and recommended way to run this tool is via Docker. Jump directly to the [Docker usage section below](#-secret-key-extraction-via-docker-recommended-easiest-way).
Download from [here](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber.py) or:
```sh
wget https://raw.githubusercontent.com/misiektoja/spotify_monitor/refs/heads/dev/debug/spotify_monitor_secret_grabber.py
```
Install requirements:
```sh
pip install playwright
playwright install
```
Run interactively (default output mode):
```sh
python3 spotify_monitor_secret_grabber.py
```
You should get output similar to below:
Show help:
```sh
python3 spotify_monitor_secret_grabber.py -h
```
---
The script supports several output modes for different use cases:
| Flag | Description | Output |
|------|--------------|--------|
| `--secret` | Prints plain JSON array of extracted secrets | `[{"version": X, "secret": "..."}, ...]` |
| `--secretbytes` | Prints JSON array with ASCII byte values | `[{"version": X, "secret": [..]}, ...]` |
| `--secretdict` | Prints JSON object/dict mapping version → byte list | `{"X": [..], "Y": [..]}` |
| `--all` | Extracts secrets and **writes all three outputs** to local files | `secrets.json`, `secretBytes.json`, `secretDict.json` |
Print extracted secrets in specific format, for example Python-friendly secret bytes (JSON object/dict) and save to indicated file:
```sh
python3 spotify_monitor_secret_grabber.py --secretdict > secretDict.json
```
Or, to generate and save all secret formats to files (`secrets.json`, `secretBytes.json`, `secretDict.json`) at once:
```sh
python3 spotify_monitor_secret_grabber.py --all
```
Default file paths and names can be configured directly in the `OUTPUT_FILES` dictionary at the top of the script.
---
### 🐳 Secret Key Extraction via Docker (Recommended Easiest Way)
A prebuilt multi-architecture image is available on Docker Hub: [`misiektoja/spotify-secrets-grabber`](https://hub.docker.com/r/misiektoja/spotify-secrets-grabber)
This image works on:
- macOS (Intel & Apple Silicon)
- Linux (x86_64 and ARM64)
- Windows (Docker Desktop / WSL2)
- Raspberry Pi 4/5 (64-bit OS)
Run interactively (default output mode):
```sh
docker run --rm misiektoja/spotify-secrets-grabber
```
Show help:
```sh
docker run --rm misiektoja/spotify-secrets-grabber -h
```
Print extracted secrets in specific format, for example Python-friendly secret bytes (JSON object/dict) and save to indicated file:
```sh
docker run --rm misiektoja/spotify-secrets-grabber --secretdict > secretDict.json
```
Or, to generate and save all secret formats to files (`secrets.json`, `secretBytes.json`, `secretDict.json`) at once:
```sh
docker run --rm -v .:/work -w /work misiektoja/spotify-secrets-grabber --all
```
*For SELinux hosts (Fedora/RHEL), use `-v .:/work:Z`.*
Or optionally use Docker Compose (a preconfigured [compose.yaml](https://github.com/misiektoja/spotify_monitor/blob/dev/debug/spotify_monitor_secret_grabber_docker/compose.yaml) file is included in the repo):
```sh
docker compose run --rm spotify-secrets-grabber --all
```
This will save all files into your current directory on any system (macOS, Linux or Windows).
---
You can now update the secrets used for TOTP generation (for example `SECRET_CIPHER_DICT` in `spotify_monitor_totp_test`, `spotify_monitor` and `spotify_profile_monitor`) either manually or by referencing an external `secretDict.json` file, which can be hosted in another repo or stored locally. See the description of `SECRET_CIPHER_DICT_URL` in those files for details.
See [RELEASE_NOTES.md](https://github.com/misiektoja/spotify_monitor/blob/main/RELEASE_NOTES.md) for details.
[](https://github.com/misiektoja)
[](https://github.com/tomballgithub)
Licensed under GPLv3. See [LICENSE](https://github.com/misiektoja/spotify_monitor/blob/main/LICENSE).