Spotify

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.soundtrap.com URL critical
Soundtrap was acquired by Spotify in 2017.
*.spotify.com URL critical
The spotify.com domain is used for product and corporate-focused websites. This includes, but is not limited to, the webplayer at http://play.spotify.com/, https://open.spotify.com/browse, and https://accounts.spotify.com
Other Spotify websites OTHER critical
Please use this asset for non *.spotify.com websites. This includes sites in the domans forspotify.com, tospotify.com, fromspotify.com and atspotify.com.
api.spotify.com URL critical
Based on simple REST principles, the Spotify Web API endpoints return JSON metadata about music artists, albums, and tracks, directly from the Spotify Data Catalogue. Web API also provides access to user related data, like playlists and music that the user saves in the Your Music library. Such access should be enabled through selective authorization, by the user. A full list of the objects returned by the endpoints of the Spotify Web API - https://developer.spotify.com/documentation/web-api/reference/object-model/
com.soundtrap.studioapp APPLE_STORE_APP_ID critical
Soundtrap https://itunes.apple.com/us/app/soundtrap/id991031323
com.soundtrap.studioapp GOOGLE_PLAY_APP_ID critical
Soundtrap - Make Music Online https://play.google.com/store/apps/details?id=com.soundtrap.studioapp
com.spotify.client APPLE_STORE_APP_ID critical
Spotify - Music and Podcasts https://itunes.apple.com/us/app/spotify-music-and-podcasts/id324684580
com.spotify.music GOOGLE_PLAY_APP_ID critical
Spotify - Music and Podcasts https://play.google.com/store/apps/details?id=com.spotify.music
com.spotify.s4a APPLE_STORE_APP_ID none critical
Spotify for Artists https://itunes.apple.com/us/app/spotify-for-artists/id1222021797
com.spotify.s4a GOOGLE_PLAY_APP_ID critical
Spotify for Artists https://play.google.com/store/apps/details?id=com.spotify.s4a
com.spotify.tv.android GOOGLE_PLAY_APP_ID critical
Spotify Music - for Android TV https://play.google.com/store/apps/details?id=com.spotify.tv.android
https://developer.spotify.com/ SOURCE_CODE critical
#Spotify SDKs Spotify for developers home is at https://developer.spotify.com/ ##iOS SDK * https://developer.spotify.com/documentation/ios/ * https://github.com/spotify/ios-sdk * https://github.com/spotify/ios-streaming-sdk ##Android SDK * https://developer.spotify.com/documentation/android/ * https://github.com/spotify/android-sdk * https://github.com/spotify/android-streaming-sdk ##Web Playback SDK * https://developer.spotify.com/documentation/web-playback-sdk/
*.loudr.com URL critical
Loudr was acquired by Spotify in 2018.
*.spotify.net URL critical
Spotify websites in the *.spotify.net domain.
*.spotifyforbrands.com URL critical
Websites in the *.spotifyforbrands.com domain.
Spotify desktop application (Windows and Mac) DOWNLOADABLE_EXECUTABLES critical
*.loudr.fm URL critical
Loudr was acquired by Spotify in 2018.
*.gimletmedia.com URL critical
Spotify acquired Gimlet Media in February 2019
Gimlet OTHER high high high critical
Spotify acquired Gimlet Media in February 2019 Find below a list of in-scope targets. Note that it is continuously updated: ~~~ annoyanceindex.com chompers.dental extraordinariesonthemic.com geistguest.com gimlet.design gimletmedia.com gimlittles.com gimstaging.com gophergripes.com hearuptone.com nodtothehairstons.com replyall.gift surprisinglyawesome.com thenodbuysblack.com thesecrettovictory.com
Loudr OTHER high high high critical
Loudr was acquired by Spotify in 2019. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ loudr.fm
Niland OTHER high high high critical
Niland was acquired by Spotify in 2013. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ niland.io
Parcast OTHER high high high critical
Parcast was acquired by Spotify in 2016. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ parcast.com toasty.fm
Preact OTHER high high high critical
Preact was acquired by Spotify in 2016. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ everynoise.com preact.io pterohq.com
Soundtrap OTHER high high high critical
Soundtrap was acquired by Spotify in 2017. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ soundtrap.com
Android SDK SOURCE_CODE high high high critical
* https://developer.spotify.com/documentation/android/ * https://github.com/spotify/android-sdk * https://github.com/spotify/android-streaming-sdk
Spotify SDKs SOURCE_CODE critical
For Spotify SDK (note: there is a specific scope for Web, Android and IOs SDK) * https://developer.spotify.com/
Web Playback SDK SOURCE_CODE high high high critical
* https://developer.spotify.com/documentation/web-playback-sdk/
com.spotify.kids APPLE_STORE_APP_ID high high high critical
Spotify Kids https://apps.apple.com/ie/app/Spotify-Kids/id1470209570
com.spotify.kids URL high high high critical
Spotify Kids https://play.google.com/store/apps/details?id=com.spotify.kids
com.spotify.lite GOOGLE_PLAY_APP_ID high high high critical
Spotify Lite https://play.google.com/store/apps/details?id=com.spotify.lite
com.spotify.stations APPLE_STORE_APP_ID high high high critical
Spotify Stations https://apps.apple.com/us/app/spotify-stations/id1453043471
com.spotify.zerotap GOOGLE_PLAY_APP_ID high high high critical
Spotify Stations https://play.google.com/store/apps/details?id=com.spotify.zerotap
iOS SDK SOURCE_CODE high high high critical
* https://developer.spotify.com/documentation/ios/ * https://github.com/spotify/ios-sdk * https://github.com/spotify/ios-streaming-sdk

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
assets.spotify.com URL none
anchor.fm URL none
Anchor OTHER high high high none
Anchor was acquired by Spotify in 2019. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ anchor.fm
Other OTHER high high high none
This scope should be selected if none of the scope above apply.
Soundbetter OTHER high high high none
Soundbetter was acquired by Spotify in 2019. Find below a list of in-scope targets. Note that it is continuously updated: ~~~ soundbetter.com - to be added at a later date (NOT IN SCOPE TODAY)