I sent a request to the public API for Spotify and noticed that it was filled with spam urls. How come this is the case?
The API contains all points ever linked to a service, including those that are now declined.
A spammer seems to have created a point using the reviewing feature and has filled it with spam. Although a curator declined it and thus it doesn’t appear in the add-on or tosdr.org, it remains publicly accessible through Phoenix and the API due to ToS;DR transparency policy.