website/docs/user-guide/features/spotify.md
Hermes can control Spotify directly — playback, queue, search, playlists, saved tracks/albums, and listening history — using Spotify's official Web API with PKCE OAuth. Tokens are stored in ~/.hermes/auth.json and refreshed automatically on 401; you only log in once per machine.
Unlike Hermes' built-in OAuth integrations (Google, GitHub Copilot, Codex), Spotify requires every user to register their own lightweight developer app. Spotify does not let third parties ship a public OAuth app that anyone can use. It takes about two minutes and hermes auth spotify walks you through it.
403 Forbidden with a "no active device" message; open Spotify on any device and retry.hermes tools or first-run setupThe fastest path. Run:
hermes tools
Scroll to 🎵 Spotify, press space to toggle it on, then s to save. The same toggle is also available during the first-run hermes setup / hermes setup tools flow. Spotify stays opt-in, so enabling it there runs the same provider-aware configuration as hermes tools.
Hermes drops you straight into the OAuth flow — if you don't have a Spotify app yet, it walks you through creating one inline. Once you finish, the toolset is enabled AND authenticated in one pass.
If you prefer to do the steps separately (or you're re-authing later), use the two-step flow below.
hermes tools
Toggle 🎵 Spotify on, save, and when the inline wizard opens, dismiss it (Ctrl+C). The toolset stays on; only the auth step is deferred.
hermes auth spotify
The 7 Spotify tools only appear in the agent's toolset after step 1 — they're off by default so users who don't want them don't ship extra tool schemas on every API call.
If no HERMES_SPOTIFY_CLIENT_ID is set, Hermes walks you through the app registration inline:
https://developer.spotify.com/dashboard in your browser~/.hermes/.env so future runs skip this stepAfter you approve, tokens are written under providers.spotify in ~/.hermes/auth.json. The active inference provider is NOT changed — Spotify auth is independent of your LLM provider.
When the dashboard opens, click Create app and fill in:
| Field | Value |
|---|---|
| App name | anything (e.g. hermes-agent) |
| App description | anything (e.g. personal Hermes integration) |
| Website | leave blank |
| Redirect URI | http://127.0.0.1:43827/spotify/callback |
| Which API/SDKs? | check Web API |
Agree to the terms and click Save. On the next page click Settings → copy the Client ID and paste it into the Hermes prompt. That's the only value Hermes needs — PKCE doesn't use a client secret.
If SSH_CLIENT or SSH_TTY is set, Hermes skips the automatic browser open during both the wizard and the OAuth step. Copy the dashboard URL and the authorization URL Hermes prints, open them in a browser on your local machine, and proceed normally — the local HTTP listener still runs on the remote host on port 43827. Your laptop's browser can't reach the remote loopback without an SSH local-forward:
ssh -N -L 43827:127.0.0.1:43827 user@remote-host
For jump-box / bastion setups and other gotchas (mosh, tmux, port conflicts), see OAuth over SSH / Remote Hosts.
hermes auth status spotify
Shows whether tokens are present and when the access token expires. Refresh is automatic: when any Spotify API call returns 401, the client exchanges the refresh token and retries once. Refresh tokens persist across Hermes restarts, so you only re-auth if you revoke the app in your Spotify account settings or run hermes auth logout spotify.
Once logged in, the agent has access to 7 Spotify tools. You talk to the agent naturally — it picks the right tool and action. For the best behavior, the agent loads a companion skill that teaches canonical usage patterns (single-search-then-play, when not to preflight get_state, etc.).
> play some miles davis
> what am I listening to
> add this track to my Late Night Jazz playlist
> skip to the next song
> make a new playlist called "Focus 2026" and add the last three songs I played
> which of my saved albums are by Radiohead
> search for acoustic covers of Blackbird
> transfer playback to my kitchen speaker
All playback-mutating actions accept an optional device_id to target a specific device. If omitted, Spotify uses the currently active device.
spotify_playbackControl and inspect playback, plus fetch recently played history.
| Action | Purpose | Premium? |
|---|---|---|
get_state | Full playback state (track, device, progress, shuffle/repeat) | No |
get_currently_playing | Just the current track (returns empty on 204 — see below) | No |
play | Start/resume playback. Optional: context_uri, uris, offset, position_ms | Yes |
pause | Pause playback | Yes |
next / previous | Skip track | Yes |
seek | Jump to position_ms | Yes |
set_repeat | state = track / context / off | Yes |
set_shuffle | state = true / false | Yes |
set_volume | volume_percent = 0-100 | Yes |
recently_played | Last played tracks. Optional limit, before, after (Unix ms) | No |
spotify_devices| Action | Purpose |
|---|---|
list | Every Spotify Connect device visible to your account |
transfer | Move playback to device_id. Optional play: true starts playback on transfer |
If Home Assistant manages speakers that already support Spotify Connect (for example Sonos, Echo, Nest, or other Connect-capable speakers), they appear in spotify_devices list automatically whenever Spotify can see them. Hermes does not need a Home Assistant ↔ Spotify bridge for this path — Spotify handles the device routing natively.
Ask Hermes to transfer playback by the speaker's display name (for example, “transfer Spotify to the kitchen speaker”), or call spotify_devices list and pass the exact device_id to spotify_devices transfer when scripting. If the speaker is missing, open the Spotify app or the speaker's Spotify integration once so Spotify registers it as an active Connect target.
spotify_queue| Action | Purpose | Premium? |
|---|---|---|
get | Currently queued tracks | No |
add | Append uri to the queue | Yes |
spotify_searchSearch the catalog. query is required. Optional: types (array of track / album / artist / playlist / show / episode), limit, offset, market.
spotify_playlists| Action | Purpose | Required args |
|---|---|---|
list | User's playlists | — |
get | One playlist + tracks | playlist_id |
create | New playlist | name (+ optional description, public, collaborative) |
add_items | Add tracks | playlist_id, uris (optional position) |
remove_items | Remove tracks | playlist_id, uris (+ optional snapshot_id) |
update_details | Rename / edit | playlist_id + any of name, description, public, collaborative |
spotify_albums| Action | Purpose | Required args |
|---|---|---|
get | Album metadata | album_id |
tracks | Album track list | album_id |
spotify_libraryUnified access to saved tracks and saved albums. Pick the collection with the kind arg.
| Action | Purpose |
|---|---|
list | Paginated library listing |
save | Add ids / uris to library |
remove | Remove ids / uris from library |
Required: kind = tracks or albums, plus action.
Read-only tools work on Free accounts. Anything that mutates playback or the queue requires Premium.
| Works on Free | Premium required |
|---|---|
spotify_search (all) | spotify_playback — play, pause, next, previous, seek, set_repeat, set_shuffle, set_volume |
spotify_playback — get_state, get_currently_playing, recently_played | spotify_queue — add |
spotify_devices — list | spotify_devices — transfer |
spotify_queue — get | |
spotify_playlists (all) | |
spotify_albums (all) | |
spotify_library (all) |
Because Spotify tools are regular Hermes tools, a cron job running in a Hermes session can trigger playback on any schedule. No new code needed.
hermes cron add \
--name "morning-commute" \
"0 7 * * 1-5" \
"Transfer playback to my kitchen speaker and start my 'Morning Commute' playlist. Volume to 40. Shuffle on."
What happens at 7am every weekday:
spotify_devices list to find "kitchen speaker" by name, then spotify_devices transfer → spotify_playback set_volume → spotify_playback set_shuffle → spotify_search + spotify_playback play.hermes cron add \
--name "wind-down" \
"30 22 * * *" \
"Pause Spotify. Then set volume to 20 so it's quiet when I start it again tomorrow."
403 no active device. For morning playlists, the trick is to target a device that's always on (Sonos, Echo, a smart speaker) rather than your phone.hermes tools for the cron session to see the Spotify tools.skip_memory=True so they don't write to your memory store.Full cron reference: Cron Jobs.
hermes auth logout spotify
Removes tokens from ~/.hermes/auth.json. To also clear the app config, delete HERMES_SPOTIFY_CLIENT_ID (and HERMES_SPOTIFY_REDIRECT_URI if you set it) from ~/.hermes/.env, or run the wizard again.
To revoke the app on Spotify's side, visit Apps connected to your account and click REMOVE ACCESS.
403 Forbidden — Player command failed: No active device found — You need Spotify running on at least one device. Open the Spotify app on your phone, desktop, or web player, start any track for a second to register it, and retry. spotify_devices list shows what's currently visible.
403 Forbidden — Premium required — You're on a Free account trying to use a playback-mutating action. See the feature matrix above.
204 No Content on get_currently_playing — nothing is currently playing on any device. This is Spotify's normal response, not an error; Hermes surfaces it as an explanatory empty result (is_playing: false).
INVALID_CLIENT: Invalid redirect URI — the redirect URI in your Spotify app settings doesn't match what Hermes is using. The default is http://127.0.0.1:43827/spotify/callback. Either add that to your app's allowed redirect URIs, or set HERMES_SPOTIFY_REDIRECT_URI in ~/.hermes/.env to whatever you registered.
429 Too Many Requests — Spotify's rate limit. Hermes returns a friendly error; wait a minute and retry. If this persists, you're probably running a tight loop in a script — Spotify's quota resets roughly every 30 seconds.
401 Unauthorized keeps coming back — Your refresh token was revoked (usually because you removed the app from your account, or the app was deleted). Run hermes auth spotify again.
Wizard doesn't open the browser — If you're over SSH or in a container without a display, Hermes detects it and skips the auto-open. Copy the dashboard URL it prints and open it manually.
By default Hermes requests the scopes needed for every shipped tool. Override if you want to restrict access:
hermes auth spotify --scope "user-read-playback-state user-modify-playback-state playlist-read-private"
Scope reference: Spotify Web API scopes. If you request fewer scopes than a tool needs, that tool's calls will fail with 403.
hermes auth spotify --client-id <id> --redirect-uri http://localhost:3000/callback
Or set them permanently in ~/.hermes/.env:
HERMES_SPOTIFY_CLIENT_ID=<your_id>
HERMES_SPOTIFY_REDIRECT_URI=http://localhost:3000/callback
The redirect URI must be allow-listed in your Spotify app's settings. The default works for almost everyone — only change it if port 43827 is taken.
| File | Contents |
|---|---|
~/.hermes/auth.json → providers.spotify | access token, refresh token, expiry, scope, redirect URI |
~/.hermes/.env | HERMES_SPOTIFY_CLIENT_ID, optional HERMES_SPOTIFY_REDIRECT_URI |
| Spotify app | owned by you at developer.spotify.com/dashboard; contains the Client ID and the redirect URI allow-list |