An open-source, reverse-engineered client specification and library implementation for the internal JioSaavn music streaming API. This repository provides documentation, schemas, and a standalone, publish-ready TypeScript client to fetch songs, albums, artists, playlists, lyrics, and decrypt high-quality audio streams.
1. Installation
Install the packaged library using your preferred package manager:
npm install jiosaavn
# or
yarn add jiosaavn
# or
pnpm add jiosaavn
# or
bun add jiosaavn2. Quick Start
The package supports both ES Modules (import) and CommonJS (require), compiled with high-fidelity type declarations (.d.ts).
i. Import the Client
ES Modules (TypeScript / Modern JavaScript)
import { JioSaavnAPI } from 'jiosaavn';
const api = new JioSaavnAPI();CommonJS (Node.js)
const { JioSaavnAPI } = require('jiosaavn');
const api = new JioSaavnAPI();ii. Client Initialization (Browser CORS Proxy)
Since the raw JioSaavn API endpoints block CORS requests from web browsers, you should pass your own reverse proxy URLs (CORS proxies) to the client during instantiation. The client handles automatic failover and rotates through the proxy list if any endpoint fails.
const api = new JioSaavnAPI([
'/api-saavn', // Local proxy path
'https://yourproxy.com/api-saavn' // Remote fallback proxy
]);iii. Fetching Details Example
// Fetch details of a specific song
const songs = await api.getSongById('sSongId123');
console.log(songs[0].name);
// Decrypt high-quality audio streams
const encryptedUrl = songs[0].downloadUrl[4].url; // 320kbps stream3. Audio Stream Decryption Algorithm
JioSaavn wraps its media URLs in an encrypted string (encrypted_media_url or media_url parameters) using the DES (Data Encryption Standard) cipher in ECB (Electronic Codebook) mode.
Cryptographic Parameters
- Algorithm: DES-ECB
- Cipher Key:
38346591 - Initialization Vector (IV):
00000000(unused in ECB, but required as empty block fallback) - Format Encoding: Base64 encoded
Decrying Media Streams Using the Client
The library exposes a static, high-performance method decryptUrl to easily decrypt these values without setting up custom ciphers:
import { JioSaavnAPI } from 'jiosaavn';
const encryptedMediaUrl = 'base64_encrypted_string_from_api';
const directAudioUrl = JioSaavnAPI.decryptUrl(encryptedMediaUrl);
console.log(directAudioUrl);
// Returns: "https://aac.saavncdn.com/999/some_hash_320.mp4"Once decrypted, you can replace the bitrate suffix in the URL (e.g. _160) to obtain different audio stream qualities:
_12for 12 kbps_48for 48 kbps_96for 96 kbps_160for 160 kbps_320for 320 kbps (high quality stream)
4. Core API Specification
The base endpoint for JioSaavn's client-side API calls is: https://www.jiosaavn.com/api.php
All requests are GET requests and should specify the following base query parameters:
_format:json_marker:0ctx:web6dot0api_version:4
Endpoints (__call parameter)
5. Features of the Standalone Client
- Zero dependencies except
node-forge(for cryptography). - Strongly Typed: Highly-typed schema models and responses.
- Failover Protection: Rotation logic across multiple proxy endpoints.
- Modern Build: Supports ESM, CJS, and TypeScript typings out of the box.
6. Credits & Reverse Engineering
This API was reverse-engineered, documented, and packaged by:
- Sagar Kewat
- Chirag Vishwakarma
If this reverse engineering specification or client helps you in your projects, please consider dropping a star! 