soundcloud-api-ts

The TypeScript SoundCloud API client built on the official API. Zero runtime dependencies, native fetch, OAuth 2.1 + PKCE, production-grade retry and deduplication, pluggable cache, raw escape hatch, and an interactive CLI.

Why This Package?

Most TypeScript SoundCloud clients fall into one of two categories: unmaintained wrappers that predate OAuth 2.1, or scrapers that harvest undocumented api-v2 client IDs from browser dev tools and break whenever SoundCloud ships a frontend update. soundcloud-api-ts is neither.

It is built on SoundCloud's official documented API with registered app credentials, OAuth 2.1 + PKCE, and a production-grade HTTP layer — all with zero runtime dependencies.

• Official API only — api.soundcloud.com + secure.soundcloud.com OAuth. No api-v2 scraping, no harvested client IDs, no terms violations.
• TypeScript-first — full types ship in the package. No @types/* installs, no casting to any.
• Zero dependencies — native fetch, nothing in node_modules at runtime. 4.5 KB min+gz.
• Production HTTP layer — exponential backoff on 429/5xx, Retry-After header respected, in-flight GET deduplication, pluggable cache interface, onRetry hook.
• Runtime portable — inject your own fetch and AbortController for Cloudflare Workers, Bun, Deno, and Edge runtimes.
• Raw escape hatch — sc.raw.get('/any/endpoint/{id}', { id }) calls anything in the spec, not just wrapped endpoints. Never blocked by a missing wrapper.
• Full auth support — client credentials flow for server-to-server, authorization code + PKCE for user-context operations, auto token refresh on 401.
• Pagination built-in — async iterators and fetchAll helpers across all paginated endpoints.
• Interactive CLI — sc-cli tracks <id>, sc-cli search <query>, sc-cli me from your terminal.
• LLM-friendly — ships llms.txt, llms-full.txt, and AGENTS.md for AI coding agents.

Comparison

| Feature | soundcloud-api-ts | soundcloud.ts | soundcloud-fetch | | --- | --- | --- | --- | | TypeScript | ✅ Native | ✅ | ✅ | | Dependencies | 0 | 1 | 3 (lodash, cookie, undici) | | Bundle size (min+gz) | 4.5 KB | ❌ unbundlable | 191 KB | | Auth method | Official OAuth 2.1 | ⚠️ Scrapes client ID | ⚠️ Scrapes client ID | | PKCE support | ✅ | ❌ | ❌ | | Auto token refresh | ✅ | ❌ | ❌ | | Auto retry (429/5xx) | ✅ + Retry-After | ❌ | ❌ | | In-flight deduplication | ✅ | ❌ | ❌ | | Pluggable cache interface | ✅ | ❌ | ❌ | | Fetch injection (Workers/Bun/Deno) | ✅ | ❌ | ❌ | | Raw escape hatch | ✅ sc.raw | ❌ | ❌ | | CLI tool | ✅ sc-cli | ❌ | ❌ | | Pagination helpers | ✅ async iterators | ❌ | ✅ | | Typed errors | ✅ SoundCloudError | ❌ | ❌ | | Test coverage | 100% | — | — | | API docs site | ✅ TypeDoc | ✅ | ❌ | | LLM/AI-friendly | ✅ llms.txt + AGENTS.md | ❌ | ❌ |

Why does auth method matter? soundcloud.ts and soundcloud-fetch scrape SoundCloud's undocumented api-v2 and require harvesting a client ID from browser dev tools. This breaks whenever SoundCloud ships a frontend update, and the API Terms of Use explicitly prohibit it: "any attempt to circumvent this and obtain a new client ID and Security Code is strictly prohibited."

Coming from soundcloud.ts? See the Migration Guide — most changes are find-and-replace.

Install

npm install soundcloud-api-ts

CLI

Explore the SoundCloud API right from your terminal — no code required:

# Install globally
npm install -g soundcloud-api-ts

# Set up credentials (interactive)
sc-cli auth

# Search tracks — colorful formatted table
sc-cli search "lofi beats"

# Get track details
sc-cli track 293

# View user profile
sc-cli user 12345

# Play a track in your terminal (mpv recommended)
sc-cli play 293

# Get stream URLs
sc-cli stream 293

# Show playlist with track listing
sc-cli playlist 456

# Resolve a SoundCloud URL
sc-cli resolve https://soundcloud.com/artist/track

# OAuth login for authenticated endpoints
sc-cli login
sc-cli me
sc-cli likes

Every command supports --json for machine-readable output (great for piping to jq or using in scripts). Run sc-cli --help for the full command list.

⚡ sc-cli — Explore the SoundCloud API from your terminal

Commands: auth, login, search, track, user, playlist, play, stream, resolve, me, likes
Options:  --json (raw JSON output), --url (play: print URL only), --help (per-command help)

Play controls: [space] pause/resume (mpv/ffplay), [q] quit
Supported players: mpv (recommended — IPC pause/resume), ffplay, afplay (macOS)

Quick Start

import { SoundCloudClient } from "soundcloud-api-ts";

const sc = new SoundCloudClient({
  clientId: "your-client-id",
  clientSecret: "your-client-secret",
  redirectUri: "https://yourapp.com/callback",
});

// Get a client token and store it
const token = await sc.auth.getClientToken();
sc.setToken(token.access_token);

// Now all calls use the stored token automatically
const results = await sc.search.tracks("electronic");
const me = await sc.me.getMe();
const track = await sc.tracks.getTrack(123456);
const streams = await sc.tracks.getStreams(123456);

OAuth 2.1 Flow

import { SoundCloudClient, generateCodeVerifier, generateCodeChallenge } from "soundcloud-api-ts";

const sc = new SoundCloudClient({
  clientId: "...",
  clientSecret: "...",
  redirectUri: "https://yourapp.com/callback",
  // Optional: auto-refresh tokens on 401
  onTokenRefresh: async (client) => {
    const newToken = await client.auth.refreshUserToken(client.refreshToken!);
    // Persist newToken to your DB here
    return newToken;
  },
});

// 1. Generate PKCE pair (for public clients / SPAs)
const verifier = generateCodeVerifier();
const challenge = await generateCodeChallenge(verifier);

// 2. Build authorization URL and redirect the user
const authUrl = sc.auth.getAuthorizationUrl({ state: "random", codeChallenge: challenge });
// → redirect user to authUrl

// 3. Exchange the code for tokens (in your callback handler)
const token = await sc.auth.getUserToken(code, verifier);
sc.setToken(token.access_token, token.refresh_token);

// 4. Use the API — token is used automatically
const me = await sc.me.getMe();
const tracks = await sc.search.tracks("lofi beats");

// 5. Override token per-call if needed
const otherMe = await sc.me.getMe({ token: "other-users-token" });

// 6. Refresh manually if needed
const refreshed = await sc.auth.refreshUserToken(token.refresh_token);
sc.setToken(refreshed.access_token, refreshed.refresh_token);

// 7. Sign out
await sc.auth.signOut(token.access_token);
sc.clearToken();

Auth at a glance

| Endpoint category | Client Credentials | User Token | |---|---|---| | tracks, users, search, playlists, resolve | ✅ | ✅ | | /me endpoints | ❌ | ✅ | | likes, reposts | ❌ | ✅ | | create/update/delete | ❌ | ✅ |

See Auth Guide for full details, token provider patterns, and troubleshooting.

Client Class

The SoundCloudClient class organizes all endpoints into namespaces. Token is resolved automatically when setToken() has been called. Override per-call via { token: "..." } options object.

const sc = new SoundCloudClient({ clientId, clientSecret, redirectUri });

// Token management
sc.setToken(accessToken, refreshToken?)
sc.clearToken()
sc.accessToken   // getter
sc.refreshToken  // getter

// Auth
sc.auth.getAuthorizationUrl({ state?, codeChallenge? })
sc.auth.getClientToken()
sc.auth.getUserToken(code, codeVerifier?)
sc.auth.refreshUserToken(refreshToken)
sc.auth.signOut(accessToken)

// Me (authenticated user) — primary params first, options last
sc.me.getMe(options?)
sc.me.getActivities(limit?, options?)
sc.me.getActivitiesOwn(limit?, options?)
sc.me.getActivitiesTracks(limit?, options?)
sc.me.getLikesTracks(limit?, options?)
sc.me.getLikesPlaylists(limit?, options?)
sc.me.getFollowings(limit?, options?)
sc.me.getFollowingsTracks(limit?, options?)
sc.me.follow(userUrn, options?)
sc.me.unfollow(userUrn, options?)
sc.me.getFollowers(limit?, options?)
sc.me.getPlaylists(limit?, options?)
sc.me.getTracks(limit?, options?)
sc.me.getConnections(options?)  // connected social accounts; may require app approval

// Users
sc.users.getUser(userId, options?)
sc.users.getFollowers(userId, limit?, options?)
sc.users.getFollowings(userId, limit?, options?)
sc.users.getTracks(userId, limit?, options?)
sc.users.getPlaylists(userId, limit?, options?)
sc.users.getLikesTracks(userId, limit?, cursor?, options?)
sc.users.getLikesPlaylists(userId, limit?, options?)
sc.users.getWebProfiles(userId, options?)

// Tracks
sc.tracks.getTrack(trackId, options?)
sc.tracks.getTracks(ids[], options?)  // batch fetch by IDs
sc.tracks.getStreams(trackId, options?)
sc.tracks.getComments(trackId, limit?, options?)
sc.tracks.createComment(trackId, body, timestamp?, options?)
sc.tracks.getLikes(trackId, limit?, options?)
sc.tracks.getReposts(trackId, limit?, options?)
sc.tracks.getRelated(trackId, limit?, options?)
sc.tracks.update(trackId, params, options?)
sc.tracks.delete(trackId, options?)

// Playlists
sc.playlists.getPlaylist(playlistId, options?)
sc.playlists.getTracks(playlistId, limit?, offset?, options?)
sc.playlists.getReposts(playlistId, limit?, options?)
sc.playlists.create(params, options?)
sc.playlists.update(playlistId, params, options?)
sc.playlists.delete(playlistId, options?)

// Likes
sc.likes.likeTrack(trackId, options?)
sc.likes.unlikeTrack(trackId, options?)
sc.likes.likePlaylist(playlistId, options?)
sc.likes.unlikePlaylist(playlistId, options?)

// Reposts
sc.reposts.repostTrack(trackId, options?)
sc.reposts.unrepostTrack(trackId, options?)
sc.reposts.repostPlaylist(playlistId, options?)
sc.reposts.unrepostPlaylist(playlistId, options?)

// Search
sc.search.tracks(query, pageNumber?, options?)
sc.search.users(query, pageNumber?, options?)
sc.search.playlists(query, pageNumber?, options?)

// Resolve
sc.resolve.resolveUrl(url, options?)

// Raw escape hatch — call any endpoint sc.raw.get('/tracks/{id}', { id: 123456 }) sc.raw.post('/tracks/{id}/comments', { body: { body: 'great track' } }) sc.raw.request({ method: 'GET', path: '/me', query: {} })

Where options is { token?: string } — only needed to override the stored token.

Standalone Functions

Every endpoint is also available as a standalone function (token is always required):

import {
  getClientToken, getUserToken, getAuthorizationUrl,
  generateCodeVerifier, generateCodeChallenge,
  getMe, searchTracks,
} from "soundcloud-api-ts";

const token = await getClientToken("clientId", "clientSecret");
const me = await getMe(token.access_token);
const tracks = await searchTracks(token.access_token, "lo-fi");

// Build auth URL
const authUrl = getAuthorizationUrl("clientId", "https://yourapp.com/callback", { state: "xyz" });

Types

All response types match the SoundCloud API spec:

import type {
  SoundCloudUser,
  SoundCloudMe,
  SoundCloudTrack,
  SoundCloudPlaylist,
  SoundCloudComment,
  SoundCloudToken,
  SoundCloudStreams,
  SoundCloudWebProfile,
  SoundCloudActivity,
  SoundCloudActivitiesResponse,
  SoundCloudPaginatedResponse,
  TokenOption,
} from "soundcloud-api-ts/types";

PKCE (Proof Key for Code Exchange)

For public clients (SPAs, mobile apps), use PKCE:

import { generateCodeVerifier, generateCodeChallenge } from "soundcloud-api-ts";

const verifier = generateCodeVerifier();
const challenge = await generateCodeChallenge(verifier);

// Pass challenge when building auth URL
const url = sc.auth.getAuthorizationUrl({ codeChallenge: challenge });

// Pass verifier when exchanging the code
const token = await sc.auth.getUserToken(code, verifier);

Pagination

Paginated endpoints return SoundCloudPaginatedResponse<T>:

interface SoundCloudPaginatedResponse<T> {
  collection: T[];
  next_href: string; // URL for next page
}

Automatic Pagination

The client provides three helpers that automatically follow next_href across pages:

// Stream pages — yields T[] for each page
for await (const page of sc.paginate(() => sc.users.getTracks(userId))) {
  console.log(`Got ${page.length} tracks`);
}

// Stream individual items — yields one T at a time
for await (const track of sc.paginateItems(() => sc.search.tracks("lofi"))) {
  console.log(track.title);
}

// Collect all into a flat array (with optional limit)
const allTracks = await sc.fetchAll(() => sc.users.getTracks(userId));
const first100 = await sc.fetchAll(() => sc.search.tracks("lofi"), { maxItems: 100 });

The standalone functions are also exported for advanced use:

import { paginate, paginateItems, fetchAll, scFetchUrl } from "soundcloud-api-ts";

Utilities

import { getSoundCloudWidgetUrl } from "soundcloud-api-ts";

// Generate a SoundCloud embed widget URL
const widgetUrl = getSoundCloudWidgetUrl(trackId);

Error Handling

All API errors throw a SoundCloudError with structured properties:

import { SoundCloudError } from "soundcloud-api-ts";

try {
  await sc.tracks.getTrack(999);
} catch (err) {
  if (err instanceof SoundCloudError) {
    console.log(err.status);     // 404
    console.log(err.statusText); // "Not Found"
    console.log(err.message);    // "404 - Not Found" (from SC's response)
    console.log(err.errorCode);  // "invalid_client" (on auth errors)
    console.log(err.errors);     // ["404 - Not Found"] (individual error messages)
    console.log(err.docsLink);   // "https://developers.soundcloud.com/docs/api/explorer/open-api"
    console.log(err.body);       // full parsed response body

    // Convenience getters
    if (err.isNotFound) { /* handle 404 */ }
    if (err.isRateLimited) { /* handle 429 */ }
    if (err.isUnauthorized) { /* handle 401 */ }
    if (err.isForbidden) { /* handle 403 */ }
    if (err.isServerError) { /* handle 5xx */ }
  }
}

Error messages are parsed directly from SoundCloud's API response format, giving you the most useful message available.

Raw API — Call Any Endpoint

sc.raw is a low-level escape hatch that lets you call any SoundCloud API endpoint — including ones not yet wrapped — while still using your configured auth and fetch.

import { SoundCloudClient, type RawResponse } from 'soundcloud-api-ts';

const sc = new SoundCloudClient({ clientId, clientSecret });
const token = await sc.auth.getClientToken();
sc.setToken(token.access_token);

// Path templating: {id} is replaced from the params object
const res: RawResponse = await sc.raw.get('/tracks/{id}', { id: 123456 });
console.log(res.data);    // parsed JSON body
console.log(res.status);  // 200
console.log(res.headers); // response headers

// POST with body
await sc.raw.post('/tracks/{id}/comments', { id: 123456, body: { body: 'great track', timestamp: 30000 } });

// Fully generic
await sc.raw.request({ method: 'DELETE', path: '/tracks/{id}', query: { id: 123456 } });

sc.raw returns RawResponse<T = unknown> — { data: T, status: number, headers: Record<string, string> }. It does not throw on non-2xx status codes; check res.status yourself.

In-Flight Deduplication & Caching

GET Coalescing (default on)

When multiple callers fire the same GET request simultaneously (SSR, React StrictMode, concurrent components), only one fetch is made. All callers share the same promise.

const sc = new SoundCloudClient({
  clientId, clientSecret,
  dedupe: true,  // default — set false to disable
});

Pluggable Cache

Bring your own cache backend — in-memory, Redis, Cloudflare KV, whatever. The base package defines the interface only (no implementation, no deps):

import { SoundCloudClient, type SoundCloudCache } from 'soundcloud-api-ts';

const myCache: SoundCloudCache = {
  get: (key) => store.get(key),
  set: (key, value, { ttlMs }) => store.set(key, value, ttlMs),
  delete: (key) => store.delete(key),
};

const sc = new SoundCloudClient({
  clientId, clientSecret,
  cache: myCache,
  cacheTtlMs: 30_000, // 30s default per GET response
});

Runtime Portability

Pass a custom fetch implementation to work in any runtime — Cloudflare Workers, Deno, Bun, or environments without a global fetch:

const sc = new SoundCloudClient({
  clientId, clientSecret,
  fetch: myCustomFetch,          // optional: custom fetch
  AbortController: myAbortCtrl, // optional: custom AbortController
});

No Node-only APIs are used at runtime. The client works anywhere fetch is available.

Rate Limiting & Retries

The client automatically retries on 429 Too Many Requests and 5xx Server Errors with exponential backoff:

import { SoundCloudClient, type RetryInfo } from 'soundcloud-api-ts';

const sc = new SoundCloudClient({
  clientId: "...",
  clientSecret: "...",
  maxRetries: 3,         // default: 3
  retryBaseDelay: 1000,  // default: 1000ms
  onDebug: (msg) => console.log(msg), // optional retry logging
  onRetry: (info: RetryInfo) => {
    console.warn(`[SC] retry #${info.attempt} — ${info.reason} (${info.status}) delay=${info.delayMs}ms url=${info.url}`);
  },
});

• 429 responses use the Retry-After header value as the delay (capped at 60s)
• 5xx responses (500, 502, 503, 504) are retried with exponential backoff
• 4xx errors (except 429) are NOT retried — they throw immediately
• 401 errors trigger onTokenRefresh (if configured) instead of retry
• Backoff formula: baseDelay × 2^attempt with jitter

Request Telemetry

Hook into every API request for logging, metrics, or observability:

import { SoundCloudClient, type SCRequestTelemetry } from 'soundcloud-api-ts';

const sc = new SoundCloudClient({
  clientId: '...',
  clientSecret: '...',
  onRequest: (t: SCRequestTelemetry) => {
    console.log(`[SC] ${t.method} ${t.path} status=${t.status} ${t.durationMs}ms retries=${t.retryCount}`);
  },
});

The SCRequestTelemetry object includes:

| Field | Type | Description | |---|---|---| | method | "GET" \| "POST" \| "PUT" \| "DELETE" | HTTP method | | path | string | API path or full URL (for pagination) | | durationMs | number | Total wall-clock time including retries | | status | number | Final HTTP status code | | retryCount | number | Number of retries (0 = first attempt succeeded) | | error | string? | Error message if the request failed |

Telemetry fires on every code path: direct calls, pagination, retries, and 401 token refresh. It's fully optional — zero overhead when onRequest is not set.

API Terms Compliance

This package is built on SoundCloud's official documented API (api.soundcloud.com) and follows the API Terms of Use:

• ✅ Uses registered app credentials (client ID + client secret) via OAuth 2.1 on secure.soundcloud.com
• ✅ No undocumented or internal API endpoints (api-v2)
• ✅ No client ID scraping or credential circumvention
• ✅ No content downloading, ripping, or stream capture
• ✅ No content aggregation into alternative streaming services

Important: SoundCloud's API Terms prohibit using User Content (audio, tracks, metadata) to train or develop AI/ML models. The "LLM-friendly" features of this package (llms.txt, AGENTS.md) are for helping AI coding agents use the package itself — not for feeding SoundCloud content to AI systems. Please review the full terms before building your application.

AI / LLM Integration

This package is designed to be easily used by AI coding agents:

• llms.txt — Complete method reference in plain text, optimized for LLM consumption
• AGENTS.md — Setup guide, common patterns, and gotchas for AI agents
• Full JSDoc with @example on every export — works great with GitHub Copilot, Cursor, etc.

Documentation

Full API documentation is available at twin-paws.github.io/soundcloud-api-ts — auto-generated from source with TypeDoc.

Requirements

• Node.js 20+ (uses native fetch)
• SoundCloud API credentials

Changelog

See CHANGELOG.md for release history.

Related Packages

• soundcloud-api-ts-next — React hooks + Next.js API route handlers built on this package. Use it when building Next.js apps that need SoundCloud data with secrets kept server-side.
• soundcloud-widget-react — React component for the SoundCloud HTML5 Widget API. Embed SoundCloud players and control playback programmatically. Complements this package for full SoundCloud integration.

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

License

MIT © Twin Paws