Skip to content

Instantly share code, notes, and snippets.

Last active March 17, 2023 09:44
Show Gist options
  • Save ahallora/4aac6d048742d5de0e65 to your computer and use it in GitHub Desktop.
Save ahallora/4aac6d048742d5de0e65 to your computer and use it in GitHub Desktop.
Get Spotify Access Token (client credentials) with PHP and cURL
$client_id = '<insert your spotify app client id>';
$client_secret = '<insert your spotify app client secret>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, '' );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials' );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic '.base64_encode($client_id.':'.$client_secret)));
echo $result;
Copy link

thanks. i was struggling too.

Copy link

tmdevde commented Jun 9, 2017

thank you!

Copy link

thank you!

Copy link

I was very stressful owing to Spotify Oauth.
Many Thanks.

Copy link

Thanks, still working. You made my day easier, I was going to use a library for cURL then I found this.

Copy link

Mcgurk125 commented Jun 13, 2018

Does this still work? - It does not seem to work for me! Can somebody else try?

Copy link

Thank you a lot! It worked perfectly for me!

Copy link

Thank you so much !!!!

Copy link


Copy link

Thank you!

Copy link

Thanks much!

Copy link

I have an error:

HTTP/1.1 400 Bad Request
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-type: application/json
Content-Length: 99
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sun, 06 Sep 2020 01:49:21 GMT
server: envoy
Via: HTTP/2 edgeproxy, 1.1 google
Alt-Svc: clear

  "error": {
    "status": 400,
    "message": "Only valid bearer authentication supported"

Who can help me?

Copy link

Wondarar commented Sep 7, 2020 via email

Copy link

0Blanck0 commented Sep 10, 2020

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

Copy link

owalid commented Jan 28, 2021

Hi @ahallora your gist helped me a lot, thank you very much!

But I spent some time to translate it into nodejs, I made a gist like you:

Do not hesitate to look at
Hoping that this will help
Peace ;)

Copy link

Thank you brother

Copy link

Mikzael commented Mar 5, 2021

You sir are so kind to share this knowledge, I was having trouble with this, i was passing to CURLOPT_POSTFIELDS an array but I didnt realized it required a string... thank you again sir.

Copy link

f13dev commented Apr 11, 2021

Still working nicely in 2021 - One minor recommendation, add 'curl_close($ch);' before the final echo for best practices.

Copy link

Superb, this helped me with another API service too. Thanks so much!

Copy link

Thanks a lot!

Copy link

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

where to add

Copy link

hi! This has worked for me several years, but now it suddenly gives the following error: Error: Forbidden
Your client does not have permission to get URL /api/token from this server. Anyone else facing the same issue? Any ideas what has been changed and how to fix this?

Copy link


Copy link

Still worked for me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment