Skip to content

Instantly share code, notes, and snippets.

@ahallora
Last active March 17, 2023 09:44
Show Gist options
  • Save ahallora/4aac6d048742d5de0e65 to your computer and use it in GitHub Desktop.
Save ahallora/4aac6d048742d5de0e65 to your computer and use it in GitHub Desktop.
Get Spotify Access Token (client credentials) with PHP and cURL
<?php
$client_id = '<insert your spotify app client id>';
$client_secret = '<insert your spotify app client secret>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://accounts.spotify.com/api/token' );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials' );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic '.base64_encode($client_id.':'.$client_secret)));
$result=curl_exec($ch);
echo $result;
?>
@ahallora
Copy link
Author

ahallora commented Jul 9, 2014

I know it's basic, but I struggled to figure out how to retrieve the access token from the Spotify web service as the only example provided by Spotify was written in node.js. Hopefully this will save you the time and hassle I went through to get this simple script to work. :)

@thiagoguarnieri
Copy link

Excellent

@Bugs1012
Copy link

thanks. i was struggling too.

@tmdevde
Copy link

tmdevde commented Jun 9, 2017

thank you!

@ludasolo
Copy link

thank you!

@angeloliva
Copy link

I was very stressful owing to Spotify Oauth.
Many Thanks.
🥇

@alxbarron
Copy link

Thanks, still working. You made my day easier, I was going to use a library for cURL then I found this.

@Mcgurk125
Copy link

Mcgurk125 commented Jun 13, 2018

Does this still work? - It does not seem to work for me! Can somebody else try?

@marcocadei
Copy link

Thank you a lot! It worked perfectly for me!

@gustavo9601
Copy link

Thank you so much !!!!

@Lucasmg37
Copy link

Nice!

@pablocoronel
Copy link

Thank you!

@Wondarar
Copy link

Thanks much!

@alamaxjashek
Copy link

I have an error:

HTTP/1.1 400 Bad Request
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-type: application/json
Content-Length: 99
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sun, 06 Sep 2020 01:49:21 GMT
server: envoy
Via: HTTP/2 edgeproxy, 1.1 google
Alt-Svc: clear


{
  "error": {
    "status": 400,
    "message": "Only valid bearer authentication supported"
  }
}

Who can help me?

@Wondarar
Copy link

Wondarar commented Sep 7, 2020 via email

@0Blanck0
Copy link

0Blanck0 commented Sep 10, 2020

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

@owalid
Copy link

owalid commented Jan 28, 2021

Hi @ahallora your gist helped me a lot, thank you very much!

But I spent some time to translate it into nodejs, I made a gist like you: https://gist.github.com/owalid/cf7a2425d9733b6aee80832f6fbc660c

Do not hesitate to look at
Hoping that this will help
Peace ;)

@joehari9
Copy link

Thank you brother

@Mikzael
Copy link

Mikzael commented Mar 5, 2021

You sir are so kind to share this knowledge, I was having trouble with this, i was passing to CURLOPT_POSTFIELDS an array but I didnt realized it required a string... thank you again sir.

@f13dev
Copy link

f13dev commented Apr 11, 2021

Still working nicely in 2021 - One minor recommendation, add 'curl_close($ch);' before the final echo for best practices.

@juliebugmtl
Copy link

Superb, this helped me with another API service too. Thanks so much!

@odysseuscm
Copy link

Thanks a lot!

@kartikCedcoss
Copy link

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

where to add

@veskempp
Copy link

hi! This has worked for me several years, but now it suddenly gives the following error: Error: Forbidden
Your client does not have permission to get URL /api/token from this server. Anyone else facing the same issue? Any ideas what has been changed and how to fix this?

@bsprengelmeijer
Copy link

Thanks!

@pale2hall
Copy link

Still worked for me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment