Queye logo Queye Help

Help Center / API

Use the Queye Music API

API Updated 2026-04-26

The Queye Music API is served from https://api.queyemusic.com and all endpoints are under /v1.

This API has two credential layers:

  • Client key (provider key): your app key from Queye for Partners, sent as X-Queye-Client-Key.
  • User access: each Queye Music user authorises access to their library with a user API key, exchanged for short-lived bearer tokens.

Base URL and headers

  • Base URL: https://api.queyemusic.com/v1
  • Client header: X-Queye-Client-Key: qm_client_...
  • Bearer header: Authorization: Bearer ...
  • Body format: application/json (unless noted)
  • HTTPS is required on every endpoint.

Recommended auth flow

  1. Obtain your client key from Queye for Partners.
  2. Ask the user for their Queye Music user API key from API Access.
  3. Exchange that user key for API tokens:
curl -X POST "https://api.queyemusic.com/v1/auth/exchange" \
  -H "Content-Type: application/json" \
  -H "X-Queye-Client-Key: qm_client_xxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxx" \
  -d '{"user_api_key":"qm_user_xxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxx"}'

A successful exchange returns:

{
  "access_token": "...",
  "expires_in": 3600,
  "refresh_token": "...",
  "scope": ["library.read", "stream"],
  "user": {"id": "u_..."}
}

If the user's key is locked, the API returns 403 approval_required and a request ID until the user approves your client.

Core endpoints

All of the following require X-Queye-Client-Key. Endpoints marked "Bearer" also require Authorization: Bearer <access_token>.

  • GET /health (no auth)
  • POST /auth/exchange (client key)
  • POST /auth/refresh (client key + refresh_token)
  • POST /auth/revoke (client key + bearer token)
  • GET /library/summary (Bearer)
  • GET /library/tracks (Bearer)
  • GET /library/albums (Bearer)
  • GET /library/albums/{album_id}/tracks (Bearer)
  • GET /library/playlists (Bearer)
  • GET /library/playlists/{playlist_id}/tracks (Bearer)
  • POST /stream/token (Bearer, send {"track_id":123})
  • GET /stream/{track_id}?st=... (stream token query parameter)

Pagination and filters

  • /library/tracks supports limit (1 to 200), uploaded_after, and cursor.
  • When more results are available, response includes next_cursor. Pass it back as ?cursor=....

Streaming

Generate a short-lived stream URL first, then request audio with that URL:

curl -X POST "https://api.queyemusic.com/v1/stream/token" \
  -H "Content-Type: application/json" \
  -H "X-Queye-Client-Key: qm_client_xxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Authorization: Bearer ACCESS_TOKEN" \
  -d '{"track_id":123}'

Stream tokens expire after 300 seconds. Streaming supports byte ranges, so standard media players can seek.

User-side management endpoints

These endpoints are for account management and require a user bearer token (OAuth or legacy API token):

  • GET /user/api-key
  • POST /user/api-key/rotate
  • POST /user/api-key/lock
  • GET /user/clients
  • POST /user/clients/{client_id}/approve
  • POST /user/clients/{client_id}/deny
  • POST /user/clients/{client_id}/revoke
  • GET /user/access-log

Errors

Error responses are JSON in this format:

{
  "error": {
    "code": "invalid_user_key",
    "message": "Invalid user API key"
  }
}

Common codes include https_required, missing_client_key, invalid_client_key, missing_access_token, invalid_access_token, and approval_required.