Last week, Spotify implemented abrupt changes to its API policies, catching developers off guard just before Thanksgiving. These updates restrict access to certain types of data for new and in-development apps, leaving many developers scrambling to adjust their projects.
Announced on November 27th, the new policies specifically target “Web API use cases.” Developers of new apps and those working on apps in development mode—which includes those under construction or limited to up to 25 users—can no longer access specific endpoints. These restricted data points include information about related artists and Spotify’s algorithmic and editorial playlists. Notably, these changes apply to new apps registered on or after the announcement date, effectively cutting off some capabilities for new projects.
For existing, widely available apps, it appears that functionality remains unchanged, allowing continued access to previously available endpoints. However, developers creating or refining apps for limited audiences have been left disappointed. The timing and lack of notice have compounded frustrations.
Faisal Alquaddoomi, a developer working on an app to visualize music through a DIY LED display, expressed his disappointment. “Basically, without warning and on a major holiday, Spotify cut access to a bunch of very useful API endpoints that they’d been providing for years,” he explained. Alquaddoomi, like many others, only learned of the changes through Spotify’s blog post and noted the lack of proactive communication from the company.
Douglas Adams, a software engineer collaborating with UCLA on a project studying the therapeutic effects of music on patients undergoing life-saving treatments, also faced challenges. The Spotify APIs were essential to his study, and the changes forced him to work through the holiday weekend to minimize their impact. “The alternative is not a straightforward replacement and will take weeks of work to approach the capability I had before Spotify’s change,” Adams said, highlighting the disruption caused to his critical research.
Artists and producers have also been affected. Lo-fi producer Broken Holiday had been developing an app to help musicians manage multiple playlists through automation. However, the new API restrictions now prevent the app from accessing playlist contents, effectively stalling the project’s progress.
In its blog post announcing the changes, Spotify attributed the updates to its commitment to platform security. “The aim of creating a more secure platform” was cited as the reason for the restrictions. In a community forum post addressing developers’ concerns, a Spotify representative reiterated the focus on ensuring a “safe and secure environment” for all users. Despite this, the lack of clarity and abrupt nature of the policy shift have sparked frustration among developers, with community forums filling up with complaints and questions.
Brittney Le Roy, a spokesperson for Spotify, stated that these changes are part of the company’s ongoing efforts to tackle modern security challenges. However, Spotify has not provided specific reasons for the sudden implementation or why developers were not warned in advance.
This situation echoes recent examples of other platforms modifying their API policies with minimal notice, leaving developers in precarious positions. For instance, Strava recently introduced API restrictions limiting data sharing, and Reddit’s decision to implement API pricing changes last year led to widespread protests. Spotify’s abrupt updates serve as another reminder of the challenges and uncertainties developers face when building applications reliant on third-party platforms.
For many developers, these changes represent more than just a technical hurdle; they disrupt months of work and jeopardize the viability of their projects. While Spotify has framed the policy updates as necessary for security, the lack of clear communication and abrupt enforcement has left many in the development community grappling with both immediate obstacles and broader concerns about the reliability of platform partnerships.