Skip to main content
Rosy Music Bot requires API credentials from YouTube and Spotify to search and play music. This guide walks you through obtaining these credentials.

Overview

The bot needs three API credentials configured in your .env file: 
YOUTUBE_API_KEY=your_youtube_api_key
SPOTIFY_CLIENT_ID=your_spotify_client_id
SPOTIFY_CLIENT_SECRET=your_spotify_client_secret
All API credentials are free for personal use and moderate traffic. You won’t need to provide payment information unless you exceed generous free tier limits.

YouTube API Key

The YouTube Data API v3 allows the bot to search for and retrieve YouTube videos.
1

Access Google Cloud Console

Navigate to Google Cloud Console and sign in with your Google account.
2

Create a New Project

  1. Click the project dropdown at the top of the page (next to “Google Cloud”)
  2. Click “New Project”
  3. Enter a project name (e.g., “Rosy Music Bot”)
  4. Click “Create”
  5. Wait for the project to be created, then select it
If you already have a Google Cloud project you want to use, you can skip this step and select that project instead.
3

Enable YouTube Data API v3

  1. In the left sidebar, go to “APIs & Services”“Library”
  2. Search for “YouTube Data API v3”
  3. Click on “YouTube Data API v3” from the results
  4. Click the “Enable” button
  5. Wait for the API to be enabled
4

Create API Credentials

  1. Go to “APIs & Services”“Credentials”
  2. Click “Create Credentials” at the top
  3. Select “API Key”
  4. Your API key will be generated and displayed
  5. Click “Copy” to copy the key to your clipboard
Keep this key secure. While it’s less sensitive than OAuth tokens, it should still be kept private to prevent quota abuse.
5

Restrict API Key (Recommended)

For better security, restrict your API key:
  1. Click “Edit API key” (or find your key in the credentials list)
  2. Under “API restrictions”, select “Restrict key”
  3. Choose “YouTube Data API v3” from the dropdown
  4. Click “Save”
This ensures the key can only be used for YouTube API requests.
6

Save API Key

Store this key temporarily. You’ll add it to your .env file later:
YOUTUBE_API_KEY=AIzaSyC-your-api-key-here

YouTube API Quota Limits

The YouTube Data API v3 has a free daily quota of 10,000 units. Here’s what this means:
  • Search: ~100 units per query
  • Video details: ~1 unit per video
This allows approximately 100 searches per day at the free tier, which is sufficient for personal use and small servers.
If you exceed the quota:
  • The bot will return errors when trying to play YouTube videos
  • The quota resets at midnight Pacific Time (PT)
  • For high-traffic bots, you can request a quota increase from Google
  • Consider using Spotify or direct URLs as alternatives

Spotify API Credentials

Spotify credentials allow the bot to play Spotify tracks and playlists. The bot uses the @distube/spotify plugin configured in index.js:28-33.
1

Access Spotify Developer Dashboard

Navigate to Spotify Developer Dashboard and log in with your Spotify account.
You don’t need Spotify Premium. A free Spotify account is sufficient for API access.
2

Create an App

  1. Click “Create app” button
  2. Fill in the app information:
    • App name: “Rosy Music Bot” (or any name)
    • App description: “Discord music bot for playing Spotify tracks”
    • Redirect URI: http://localhost:3000 (required but not used)
  3. Check the checkbox to agree to Spotify’s Terms of Service
  4. Click “Save”
3

Get Client ID

After creating the app:
  1. You’ll be taken to your app’s dashboard
  2. Your Client ID is displayed prominently
  3. Click “Copy” or manually copy the Client ID
4

Get Client Secret

  1. On the same page, click “Show Client Secret”
  2. Your Client Secret will be revealed
  3. Click “Copy” or manually copy the Client Secret
The Client Secret is sensitive. Never share it publicly or commit it to version control.
5

Save Credentials

Store both credentials temporarily. You’ll add them to your .env file:
SPOTIFY_CLIENT_ID=your_32_character_client_id
SPOTIFY_CLIENT_SECRET=your_32_character_client_secret

How Spotify Integration Works

The bot integrates Spotify using the DisTube Spotify plugin: 
new SpotifyPlugin({
    api: {
        clientId: process.env.SPOTIFY_CLIENT_ID,
        clientSecret: process.env.SPOTIFY_CLIENT_SECRET
    }
})
This configuration is found in index.js:28-33. The plugin handles Spotify authentication automatically using your credentials.

Spotify API Limits

Spotify’s free tier is generous:
  • Rate limit: Rarely an issue for music bots
  • No daily quota: Unlike YouTube, Spotify doesn’t have daily quotas
  • Extended Rate Limit Mode: Automatically applied if limits are exceeded (very rare)

Security Best Practices

API keys and secrets should be treated as passwords. Follow these security practices:

Storing Credentials Securely

  1. Use Environment Variables
    • Store all credentials in .env file
    • Never hardcode them in source code
    • The bot uses dotenv package to load them (see index.js:1)
  2. Add .env to .gitignore 
    # Environment variables
.env
.env.local
.env.*.local
  3. Use .env.example as Template The repository includes .env.example as a template: 
    TOKEN=tu_token_de_discord_aquí
YOUTUBE_API_KEY=tu_clave_api_de_youtube
SPOTIFY_CLIENT_ID=tu_client_id_de_spotify
SPOTIFY_CLIENT_SECRET=tu_client_secret_de_spotify
    Copy this file and fill in your real credentials: 
    cp .env.example .env

What NOT to Do

  • Don’t commit .env to Git: Always keep it in .gitignore
  • Don’t share in Discord/chat: Never paste credentials in messages
  • Don’t include in screenshots: Be careful when sharing screenshots
  • Don’t use in client-side code: These are server-side credentials only
  • Don’t share your .env file: Each deployment should have its own credentials

Rotating Compromised Keys

If you accidentally expose credentials:
  1. Go to Google Cloud Console
  2. Navigate to APIs & ServicesCredentials
  3. Find your API key and click the delete icon
  4. Create a new API key following the steps above
  5. Update your .env file with the new key
  6. Restart the bot
  1. Go to Spotify Developer Dashboard
  2. Open your app
  3. Click “Show Client Secret”
  4. Click “Rotate Client Secret”
  5. Copy the new secret
  6. Update your .env file with the new secret
  7. Restart the bot
The Client ID doesn’t change when rotating the secret.

Verifying API Setup

After obtaining all credentials, verify they’re configured correctly:
1

Create .env File

In your bot’s root directory, create .env file:
TOKEN=your_discord_bot_token
YOUTUBE_API_KEY=your_youtube_api_key
SPOTIFY_CLIENT_ID=your_spotify_client_id
SPOTIFY_CLIENT_SECRET=your_spotify_client_secret
Make sure there are no spaces around the = sign and no quotes around the values.
2

Check File Format

Verify your .env file:
  • No empty lines between variables
  • No comments (lines starting with #)
  • No quotes around values
  • No spaces around =
3

Test the Bot

Start the bot to test the configuration:
npm start
Look for successful connection messages:
✓ ¡Bot conectado como YourBotName#1234!
4

Test Music Playback

In Discord, test different sources:YouTube:
r!play never gonna give you up
Spotify:
r!play https://open.spotify.com/track/...
If both work, your API setup is complete!

Troubleshooting

Error: “Invalid API key”
  • Verify the key is copied correctly in .env
  • Check there are no extra spaces or quotes
  • Ensure YouTube Data API v3 is enabled in Google Cloud Console
Error: “Quota exceeded”
  • You’ve hit the daily limit of 10,000 units
  • Wait until midnight PT for quota reset
  • Consider requesting quota increase from Google
  • Use Spotify or direct URLs temporarily
Error: “API key not found”
  • Ensure .env file exists in root directory
  • Verify YOUTUBE_API_KEY is spelled correctly
  • Restart the bot after updating .env
Error: “Invalid client”
  • Verify Client ID and Secret are correct
  • Check for typos in .env
  • Ensure no extra spaces or quotes around values
Error: “Authentication failed”
  • Client Secret may have been rotated
  • Generate new credentials from Spotify Dashboard
  • Update .env with new credentials
Spotify links don’t play:
  • Verify both Client ID and Secret are set
  • Check the bot console for specific error messages
  • Ensure @distube/spotify package is installed
Credentials not being read:
  1. Verify .env is in the root directory (same level as index.js)
  2. Check file is named exactly .env (not .env.txt)
  3. Ensure dotenv package is installed: npm install dotenv
  4. Verify require('dotenv').config(); is at the top of index.js:1
  5. Restart the bot completely (Ctrl+C and npm start again)
On Windows:
  • Ensure you can see file extensions
  • File might be saved as .env.txt by default
  • Rename to .env without any extension

Next Steps

With all API credentials obtained and saved, proceed to: Configuration - Configure bot settings and start using Rosy Music Bot
Keep your .env file secure and backed up safely. These credentials are required every time you run the bot.

Build docs developers (and LLMs) love

Get started for freeTalk to us