Easiest way for non-coder to upload tracks to own account using API?

[cloudgreen]

Hi all!

I'm interested in automating track uploading to my own SoundCloud account, as I frequently upload the same or updated tracks (demos and versions) to record labels and collaborators.

My aim is to use Curl on Windows and I have regged an "app" via helpdesk so I have the Client ID and Client Secret.

I realized I have to use the Authorization Code Flow to access my user data. But I think I got in over my head with this... :( I don't understand how to accomplish the required PKCE, Redirect URI and Code Challenge parts in the Authorization Code Flow.

It all seems very geared towards public app building, user authentication and integration, and not for local automation tasks for a single user.

Do you experienced coders think it's feasible for a non-coder to pull this off? Or does anyone know of any pre-fabricated script that might help with this (others have asked before me)? (There was apparently an old Python script that's now deprecated.)

[fabianbernhart]

Did you register a app here?

• https://soundcloud.com/you/apps

I checked creating a new App is not available currently.

If you have an ACCESS TOKEN

1. Go to:

• https://developers.soundcloud.com/docs/api/explorer/open-api

2. Add your API Token there.
   

3. Go to

• https://developers.soundcloud.com/docs/api/explorer/open-api#/me/get_me

4. Execute
   Excute the API Endpoint

5. Next Upload Tracks:

• https://developers.soundcloud.com/docs/api/explorer/open-api#/tracks/post_tracks
  Or with Curl:

   $ curl -X POST "https://api.soundcloud.com/tracks" \
       -H  "accept: application/json; charset=utf-8" \
       -H "Authorization: OAuth ACCESS_TOKEN" \
       -H  "Content-Type: multipart/form-data" \
       -F "track[title]=YOUR_TITLE" \
       -F "track[asset_data]=@PATH_TO_A_FILE"
  

• https://developers.soundcloud.com/docs/api/guide#uploading

[cloudgreen]

Thanks for helping, @fabianbernhart!

Yes, I recently got API access via SoundCloud support. SoundCloud wrote recently in the API Access thread, that one can file a support ticket to get API access.

I think I run into problems right at the start, getting the correct type of access token:

Using Curl, I have only managed to get a token with "grant_type=client_credentials". But if I understand correctly, I need to get a token of type "grant_type=authorization_code" to manage my private tracks?

[fabianbernhart]

Hey @cloudgreen

i think you can just excute the following CURL:

$ curl -X POST "https://secure.soundcloud.com/oauth/token" \
     -H  "accept: application/json; charset=utf-8" \
     -H  "Content-Type: application/x-www-form-urlencoded" \
     -H  "Authorization: Basic Base64(client_id:client_secret)" \
     --data-urlencode "grant_type=client_credentials"

This will return a apiKey.

In the Souncloud Public API Specification oauth is deprecated.

Source:

• https://developers.soundcloud.com/docs/api/guide#authentication
• https://developers.soundcloud.com/docs/api/explorer/open-api#/oauth

Cheeers

Thanks for thanking

[cloudgreen]

Thanks again for taking your time, @fabianbernhart!

When I try your CURL command (but using my personal client_id and client_secret, obviously), I get {"error":"invalid_client"}. It's a bit generic and hard to troubleshoot...

Oh, do I need to Base64 encode the ID and secret?

Also, I'm a bit confused that your command has "grant_type=client_credentials", since the API documentation says the following about grant type: "Client Credentials: Your application intends to access public resources only."

In the previous paragraph, they say that you have to have grant type "authorization code" to upload tracks. Quote: "Authorization Code: Your application intends to perform actions on a user's behalf (track upload)..."

It makes my head spin... 🤔😅

[fabianbernhart]

Hey,

@cloudgreen
Oh, do I need to Base64 encode the ID and secret?

Yes, i think so.

[mgoodfellow]

Aha, just came across this, the docs are a bit misleading - basically you want to take the Base64 of client_id:client_secret

You then put that in the authorization header after Basic

So it looks like:

$ curl -X POST "https://secure.soundcloud.com/oauth/token" \
     -H  "accept: application/json; charset=utf-8" \
     -H  "Content-Type: application/x-www-form-urlencoded" \
     -H  "Authorization: Basic SOME_BASE64_STRING " \
     --data-urlencode "grant_type=client_credentials"

So in c# for example:

var plainTextBytes = System.Text.Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}");
var authHeader = $"Basic {Convert.ToBase64String(plainTextBytes)}";

i.e. you don't put the Base64() bit into the header, that's actually telling you you need the output of a Base64 function and you replace the whole section after the Basic prefix.

As an aside, this client_credentials grant won't give you any access to a user context. So you can use this to request public API information, such as a user profile, or a list of public tracks from a user, but you cannot use it to access /me endpoints, and you also can't use it to mutate any state, such as uploading etc. All mutation would require the authorization_code flow in order to get a specific user context to modify.

[cloudgreen]

As an aside, this client_credentials grant won't give you any access to a user context. So you can use this to request public API information, such as a user profile, or a list of public tracks from a user, but you cannot use it to access /me endpoints, and you also can't use it to mutate any state, such as uploading etc. All mutation would require the authorization_code flow in order to get a specific user context to modify.

Thank you so much for chiming in, @mgoodfellow! Sorry for my late reply.

Yes, my goal is to upload tracks to my own Soundcloud profile, so I definitely need a user context. But I don't understand how to use the Authorization Code Flow to access my user data: the details about PKCE, Redirect URI and Code Challenge. Is this doable with simple Curl command lines, would you say?

As per the thread title (😂), I'm not a developer but a computer nerd nonetheless. My hope is to be able to automate my track upload with Curl (on Windows), unless it's way above my head...

Any pointers welcome! :)