SoundCloud for Developers

Discover, connect and build

We use cookies for various purposes including analytics and personalized marketing. By continuing to use the service, you agree to our use of cookies as described in the Cookie Policy.

Backstage Blog RSS

You're browsing posts of the category Announcements

  • April 11th, 2014 Announcements Security Security update: Heartbleed vulnerability in OpenSSL By Astera Schneeweisz

    HeartbleedOn Monday, April 7th, 2014, a major security vulnerability in OpenSSL was made public. The vulnerability was filed as CVE-2014-0160 and later dubbed “Heartbleed”, because the bug lies within OpenSSL’s heartbeat extension, which is used for keepalive monitoring. As a result of the bug, process memory can be read out remotely by an attacker—potentially including certificates, keys, credentials, tokens, or other sensitive data processed by the server.

    OpenSSL works as a cryptographic library that allows for authenticity and confidentiality across the entire Internet. Because the reported Heartbleed bug affects a vast number of internet services using OpenSSL to secure their services (such as HTTPS, SMTP, IMAPS, and POP3), a patched OpenSSL version was released by the maintainers within hours. Linux and UNIX distributions, which depend on the OpenSSL implementation, received patches by their respective upstream maintainers.

    SoundCloud too uses OpenSSL in many of our services to increase the security and privacy of our users. We therefore moved quickly to patch the vulnerability, and did so within hours of the patch being made available. We’ve also been in close communications with our vendors and service providers, to ensure that they have applied the appropriate fixes as well. We have confirmed that our implementations of OpenSSL are no longer vulnerable to this bug.

    Because we consider our users’ security and privacy of the utmost importance, we have further taken the precautionary measures to rotate SSL certificates and keys, and expire authentication tokens, such as session cookies, remember tokens, and OAuth access and refresh tokens. This means that users will be signed out of their SoundCloud accounts. Along with top security researchers and responsible companies, we have also recommended to our users that they change their passwords on all accounts (not just SoundCloud) that they have signed-in with in the past week. Developers of API clients that check our SSL fingerprints will need to update them.

    While the Heartbleed bug marks a sad day for the Internet as a whole, with SoundCloud’s rollout of Perfect Forward Secrecy (PFS) support last year, we ensured that the impact of an attack with the purpose of stealing private keys and reading previously encrypted traffic is minimized. In the same spirit we will also strive to find more such opportunities in the future and preemptively provide our users with the highest possible level of safety.

    For more details about this bug, go to To use tools to check your services, go to or FiloSottile/Heartbleed on GitHub.

  • April 11th, 2014 Announcements Welcome to SoundCloud's redesigned developer site By Erik Michaels-Ober

    We've taken some time to bring all our developer resources together into a single site. In doing so, we've reorganized the layout to make things easier to find and also given the site a fresh new look.

    We hope you like it!

    If you have any feedback about the new design, follow @SoundCloudDev on Twitter and let us know.

  • April 16th, 2013 Announcements Removing 'hotness' parameter By Paul Osman

    The /tracks endpoint has traditionally accepted an order parameter for ordering results by either creation date or 'hotness'. The method for calculating a tracks 'hotness' has never been clearly explained, but generally speaking is based on the number of likes and listens a track receives.

    Recently we started to experience problems with the query that returns tracks ordered by hotness. In the past weeks, these problems started to effect and even cause outages for API users.

    We have decided that the best way forward is to remove this parameter. Starting soon, GET requests to the /tracks endpoint will ignore the order parameter and default to ordering by creation date.

    In the future, we look forward to releasing support for more stable and idiomatic search and order parameters. In the meantime, it is still possible to approximate the result sets previously returned by specifying order=hotness by manually sorting the returned tracks by a combination of favoritings\_count and playback\_count.

  • September 18th, 2012 Announcements The Next App Gallery Update By Amir Shaikh

    We're making some changes to how we manage our App Gallery and wanted to take some time to explain them to you, our developer community.

    The App Gallery is where we highlight interesting and useful SoundCloud powered apps and services for our users. As our developer community continues to grow, it's even more important that we keep a high bar for apps found in App Gallery. Having a high standard protects the value of being featured in App Gallery for all of our developers while giving our users a sense of confidence in the caliber of content we're showcasing there.

    When evaluating a newly submitted app for App Gallery, we consider the following:

    • Is the app both high quality and adhering to our API Terms of Use?

    • Does it enable new and valuable experiences for SoundCloud users?

    • Has it shown notable traction in gaining connected users?

    Moving forward, we'll be proactively reaching out to folks who meet this criteria about adding their apps to App Gallery instead of accepting mass submissions like we have in the past. Our long term hope is to completely rebuild App Gallery to work in conjunction with Next SoundCloud in a way that better serves our entire developer community. That includes ideas like better attribution of content within SoundCloud products and easier, relevant discovery within App Gallery for SoundCloud users.

    If you're confident your app meets our criteria and we haven't gotten in touch with you, feel free to drop us a line at

  • August 13th, 2012 Announcements SDKs Introducing the CloudSeeder Devkit By David Shu

    Today we're featuring a guest post from our friends at Retronyms. They've built some amazing community features into their app Tabletop using the SoundCloud API and have open sourced their CloudSeeder Devkit. This post was written for us by David Shu. David is a software engineer at the Retronyms and has worked on a number of iOS apps, including Tabletop and Dokobots. He currently resides in San Francisco, CA.

    We recently built a SoundCloud-powered community into our app Tabletop, a modular audio environment for the iPad, using the CocoaSoundCloudAPI. The project, CloudSeeder, lets users browse, stream, favorite, and comment on Tabletop tracks without ever leaving the app.

    As developers, we discovered tons of talented users in our Tabletop community. At the same time, our users found inspiration from each other and a new showcase for their creations. To share in the excitement of community creation with all developers, today we're releasing the CloudSeeder Devkit as open source on Google Code.