Get Spotify Access Token (client credentials) with PHP and cURL

getSpotifyAccessToken

<?php

$client_id = '<insert your spotify app client id>'; 
$client_secret = '<insert your spotify app client secret>'; 

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,            'https://accounts.spotify.com/api/token' );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_POST,           1 );
curl_setopt($ch, CURLOPT_POSTFIELDS,     'grant_type=client_credentials' ); 
curl_setopt($ch, CURLOPT_HTTPHEADER,     array('Authorization: Basic '.base64_encode($client_id.':'.$client_secret))); 

$result=curl_exec($ch);
echo $result;

?>

Thank you a lot! It worked perfectly for me!

Thank you so much !!!!

Nice!

Thank you!

Thanks much!

I have an error:

HTTP/1.1 400 Bad Request
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-type: application/json
Content-Length: 99
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sun, 06 Sep 2020 01:49:21 GMT
server: envoy
Via: HTTP/2 edgeproxy, 1.1 google
Alt-Svc: clear

{
  "error": {
    "status": 400,
    "message": "Only valid bearer authentication supported"
  }
}

Who can help me?

it means you don't have a valid token to access the api. you need to register at spotify developers and use this token

…

On Sun, 6 Sep 2020 at 04:46, alamaxjashek ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ I have an error: HTTP/1.1 400 Bad Request www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported" access-control-allow-origin: * access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH access-control-allow-credentials: true access-control-max-age: 604800 content-type: application/json Content-Length: 99 strict-transport-security: max-age=31536000 x-content-type-options: nosniff date: Sun, 06 Sep 2020 01:49:21 GMT server: envoy Via: HTTP/2 edgeproxy, 1.1 google Alt-Svc: clear { "error": { "status": 400, "message": "Only valid bearer authentication supported" } } Who can help me? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://gist.github.com/4aac6d048742d5de0e65#gistcomment-3443459>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ANCB6TNKEJE4AY3MOMFOTVLSELZYPANCNFSM4H4XBOXA> .

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

Hi @ahallora your gist helped me a lot, thank you very much!

But I spent some time to translate it into nodejs, I made a gist like you: https://gist.github.com/owalid/cf7a2425d9733b6aee80832f6fbc660c

Do not hesitate to look at
Hoping that this will help
Peace ;)

Thank you brother

You sir are so kind to share this knowledge, I was having trouble with this, i was passing to CURLOPT_POSTFIELDS an array but I didnt realized it required a string... thank you again sir.

Still working nicely in 2021 - One minor recommendation, add 'curl_close($ch);' before the final echo for best practices.

Superb, this helped me with another API service too. Thanks so much!

Thanks a lot!

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

where to add

hi! This has worked for me several years, but now it suddenly gives the following error: Error: Forbidden
Your client does not have permission to get URL /api/token from this server. Anyone else facing the same issue? Any ideas what has been changed and how to fix this?

Thanks!

Still worked for me!