diff --git a/backend/auth/session.py b/backend/auth/session.py
new file mode 100644
index 0000000..7510961
--- /dev/null
+++ b/backend/auth/session.py
@@ -0,0 +1,59 @@
+import base64
+import datetime
+import os
+import requests
+
+SPOTIFY_CLIENT_ID = os.getenv("SPOTIFY_CLIENT_ID")
+SPOTIFY_CLIENT_SECRET = os.getenv("SPOTIFY_CLIENT_SECRET")
+
+current_session = None
+
+class SessionData():
+    __access_token: str
+    __refresh_token: str
+    __expires_in: int 
+    __creation_date: datetime.datetime
+
+    def __init__(self, __access_token, __refresh_token, __expires_in, __creation_date):
+        self.__access_token = __access_token
+        self.__refresh_token = __refresh_token
+        self.__expires_in = __expires_in
+        self.__creation_date = __creation_date
+
+    def nearly_expired(self, before=30):
+        delta_time = datetime.datetime.now() -  self.__creation_date - before
+        return delta_time.seconds > self.__expires_in
+    
+    def is_expired(self):
+        return self.nearly_expired(0)
+
+    def refresh(self):
+        token_url = "https://accounts.spotify.com/api/token"
+        headers = {
+            "Authorization": "Basic " + base64.encode(SPOTIFY_CLIENT_ID + ":" + SPOTIFY_CLIENT_SECRET),
+            "Content-Type": "application/json"
+        }
+        data = {
+            "refresh_token": self.__refresh_token,
+            "grant_type": "refresh_token"
+        }
+
+        try:
+            response = requests.post(token_url, json=data, headers=headers)
+            response.raise_for_status()
+            result = response.json()
+
+            # Assumendo che la risposta contenga questi campi
+            self.__access_token = result["access_token"]
+            self.__refresh_token = result.get("refresh_token", self.__refresh_token)
+            self.__expires_in = result["expires_in"]
+            self.__creation_date = datetime.datetime.now()
+
+        except requests.exceptions.RequestException as e:
+            print(f"Errore durante il refresh del token: {e}")
+    
+    @property
+    def access_tokens(self):
+        return self.__access_token
+
+
diff --git a/backend/endpoints/spotify_api.py b/backend/endpoints/spotify_api.py
new file mode 100644
index 0000000..e7d32dd
--- /dev/null
+++ b/backend/endpoints/spotify_api.py
@@ -0,0 +1,49 @@
+from fastapi import APIRouter, Request, Depends
+from fastapi.responses import RedirectResponse
+import requests
+import os
+from auth.session import SessionData, current_session
+
+api = APIRouter(prefix="/music")
+
+SPOTIFY_CLIENT_ID = os.getenv("SPOTIFY_CLIENT_ID")
+SPOTIFY_CLIENT_SECRET = os.getenv("SPOTIFY_CLIENT_SECRET")
+SPOTIFY_REDIRECT_URI = os.getenv("HOST") + "/music/callback"
+SPOTIFY_AUTH_URL = "https://accounts.spotify.com/authorize"
+SPOTIFY_TOKEN_URL = "https://accounts.spotify.com/api/token"
+SPOTIFY_PLAY_URL = "https://api.spotify.com/v1/me/player/play"
+
+# Step 1: Redirect user to Spotify login
+@api.get("/login")
+def login():
+    scope = "user-modify-playback-state user-read-playback-state"
+    url = (
+        f"{SPOTIFY_AUTH_URL}?response_type=code"
+        f"&client_id={SPOTIFY_CLIENT_ID}"
+        f"&scope={scope}"
+        f"&redirect_uri={SPOTIFY_REDIRECT_URI}"
+    )
+    return RedirectResponse(url)
+
+# Step 2: Callback to get access token
+@api.get("/callback")
+def callback(code: str):
+    payload = {
+        "grant_type": "authorization_code",
+        "code": code,
+        "redirect_uri": SPOTIFY_REDIRECT_URI,
+        "client_id": SPOTIFY_CLIENT_ID,
+        "client_secret": SPOTIFY_CLIENT_SECRET,
+    }
+    response = requests.post(SPOTIFY_TOKEN_URL, data=payload)
+    token_info = response.json()
+    access_token = token_info.get("access_token")
+    refresh_token = token_info.get("refresh_token")
+    expires_in = token_info.get("expires_in")
+
+    # Salva access_token in sessione o database per usi futuri
+    if current_session is None:
+        current_session = SessionData(access_token, refresh_token, expires_in)
+
+    return {}
+