A secure, high-performance Rust proxy server for the Spotify Web API. Exposes current playback state via REST endpoints with built-in security, rate limiting, and token caching.
- Token caching with automatic refresh
- Per-IP rate limiting (configurable RPM)
- Multi-origin CORS via environment variable
- Security headers (HSTS, X-Frame-Options, XSS protection, nosniff)
- Structured logging with
tracing - Health check endpoint for monitoring
- Shields.io badge endpoint
cp .env.example .env
# Fill in your Spotify credentials| Variable | Required | Default | Description |
|---|---|---|---|
SPOTIFY_CLIENT_ID |
Yes | — | Spotify OAuth client ID |
SPOTIFY_CLIENT_SECRET |
Yes | — | Spotify OAuth client secret |
SPOTIFY_REFRESH_TOKEN |
Yes | — | Spotify OAuth refresh token |
ALLOWED_ORIGINS |
No | * (any) |
Comma-separated allowed CORS origins |
PORT |
No | 3000 |
Server port |
RATE_LIMIT_RPM |
No | 60 |
Max requests per minute per IP |
RUST_LOG |
No | — | Log level filter (e.g. info, debug) |
Returns current Spotify playback state.
Returns shields.io endpoint badge JSON.
Returns {"status": "ok"} for uptime monitoring.
cargo runcargo build --release