yala
← help

pre-save (spotify).

fans grant spotify access through the official OAuth flow on a pre-release landing. on release day, yala’s worker auto-saves the track to their library. fans can also opt into a release-day email in the same click.

what fans actually do.

  • fan visits a pre-release link (yours, while it’s before release day).
  • they see a countdown + a pre-save button + a tiny checkbox: also email me when it drops (default on).
  • they click pre-save → bounced to spotify’s OAuth screen asking for the “modify your library” scope (we also request user-read-email so we can read their email back when they opted into the broadcast).
  • they accept → bounced back to your landing with a confirmation.
  • on release day, our worker quietly auto-saves the track to their library. they get a normal “new release saved” surface in spotify the next time they open the app.
  • if they kept the email checkbox on, we ALSO add their email to workspace → subscribers so your release- day broadcast (if you scheduled one) goes to them too.

what consent we capture.

for GDPR compliance + general decency we record on every pre- save row:

  • fan’s spotify user id + display name + email (when scope allows).
  • their IP and user-agent at consent time.
  • timestamp.
  • the granted OAuth scope.
  • a one-click revoke token they can use any time to de-authorize without contacting anyone.

the refresh token itself is envelope-encrypted with AES-256-GCM using a per-environment key. plaintext never lives on disk; we decrypt only inside the worker process the moment we need to call spotify’s save endpoint.

what fires on release day.

a worker job wakes up at the scheduled release time (UTC, set on the link). it pulls every active pre-save subscription for that link, decrypts the refresh token, calls spotify’s save endpoint for that fan, and updates the row to delivered. failed saves get an error string + a retry; eventually mark failed with the reason surfaced to admins.

the success rate’s usually 95%+. the 5% that fail are almost always fans who revoked the spotify auth between pre-save and release day — which is fine; that’s the feature working.

apple music?

spotify pre-save works today. apple music pre-add lands q3 2026. apple requires a paid developer account + a JWT-signed MusicKit token, which we’re wiring up. as soon as we ship it, every existing pre-release link in your account picks it up automatically — no migration needed.

setting it up.

on a pre-release link’s basics tab, scroll to page setup:

  • release date + time — when the release drops. drives the countdown + the pre-save fire.
  • pre-save URL — the spotify URL of the future track. yala uses this both as the post-save listen-on target and as the auto-save target.
  • subtitle (optional) — what shows above the countdown. e.g. “next single from the album.”

presave admin panel.

on the share tab of any pre-release link, there’s a presave panel: 4 KPIs (pending / delivered / failed / revoked), the subscriber list, and a deliver now button for testing or forcing early delivery. handy for soft-launches.

next uprelease-day emailsingle broadcast per link, sent to every fan who captured their email. open + click rates surface in insights.