diff --git a/docs/content/modules/spotify.md b/docs/content/modules/spotify.md
index f80a24c..e2945d6 100644
--- a/docs/content/modules/spotify.md
+++ b/docs/content/modules/spotify.md
@@ -24,6 +24,8 @@ Start with going to the [Spotify for Developers Dashboard](https://developer.spo
 - From the "Settings" button of your app get the "Client ID" and "Client secret" and note them down
 - Optional: If you need to authorize multiple channels (i.e. for multiple users of the bot instance) you can edit the "Redirect URIs" on the "Settings" page and add more.
 
+{{< alert style="info" >}}If you are managing a bot instance for multiple persons having their own Spotify accounts you need to invite them to the Spotify app as long as it is in development-mode. You can do that in the Spotify Developer Dashboard under "User Management" (up to 25 users). As an alternative every person can create an own Spotify app and you can enter their `clientId` / `clientSecret` into the config for their respective channel.{{< /alert >}}
+
 Now head into the configuration file and configure the Spotify module:
 
 ```yaml
diff --git a/internal/actors/spotify/client.go b/internal/actors/spotify/client.go
index aa2dfb3..97fdb32 100644
--- a/internal/actors/spotify/client.go
+++ b/internal/actors/spotify/client.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 
@@ -24,6 +25,12 @@ func getCurrentTrackForChannel(channel string) (track currentPlayingTrackRespons
 		return track, fmt.Errorf("loading oauth token: %w", err)
 	}
 
+	defer func() {
+		if err := db.StoreEncryptedCoreMeta(strings.Join([]string{"spotify-auth", channel}, ":"), token); err != nil {
+			logrus.WithError(err).Error("storing back Spotify auth token")
+		}
+	}()
+
 	ctx, cancel := context.WithTimeout(context.Background(), spotifyRequestTimeout)
 	defer cancel()
 
@@ -42,14 +49,34 @@ func getCurrentTrackForChannel(channel string) (track currentPlayingTrackRespons
 		}
 	}()
 
-	defer func() {
-		if err := db.StoreEncryptedCoreMeta(strings.Join([]string{"spotify-auth", channel}, ":"), token); err != nil {
-			logrus.WithError(err).Error("storing back Spotify auth token")
-		}
-	}()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return track, fmt.Errorf("reading response body: %w", err)
+	}
 
-	if err = json.NewDecoder(resp.Body).Decode(&track); err != nil {
-		return track, fmt.Errorf("decoding response: %w", err)
+	switch resp.StatusCode {
+	case http.StatusOK:
+		// This is perfect, continue below
+
+	case http.StatusUnauthorized:
+		// The token is FUBAR
+		return track, fmt.Errorf("token expired (HTTP 401 - unauthorized)")
+
+	case http.StatusForbidden:
+		// The request is FUBAR
+		return track, fmt.Errorf("bad oAuth request, report this to dev (HTTP 403 - forbidden): %q", body)
+
+	case http.StatusTooManyRequests:
+		// We asked too often
+		return track, fmt.Errorf("rate-limited (HTTP 429 - too many requests)")
+
+	default:
+		// WTF?
+		return track, fmt.Errorf("unexpected HTTP status %d", resp.StatusCode)
+	}
+
+	if err = json.Unmarshal(body, &track); err != nil {
+		return track, fmt.Errorf("decoding response (%q): %w", body, err)
 	}
 
 	return track, nil