Skip to content

Instantly share code, notes, and snippets.

@ahallora
Last active March 17, 2023 09:44
Show Gist options
  • Save ahallora/4aac6d048742d5de0e65 to your computer and use it in GitHub Desktop.
Save ahallora/4aac6d048742d5de0e65 to your computer and use it in GitHub Desktop.
Get Spotify Access Token (client credentials) with PHP and cURL
<?php
$client_id = '<insert your spotify app client id>';
$client_secret = '<insert your spotify app client secret>';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://accounts.spotify.com/api/token' );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_POST, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, 'grant_type=client_credentials' );
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic '.base64_encode($client_id.':'.$client_secret)));
$result=curl_exec($ch);
echo $result;
?>
@tmdevde
Copy link

tmdevde commented Jun 9, 2017

thank you!

@ludasolo
Copy link

thank you!

@angeloliva
Copy link

I was very stressful owing to Spotify Oauth.
Many Thanks.
🥇

@alxbarron
Copy link

Thanks, still working. You made my day easier, I was going to use a library for cURL then I found this.

@Mcgurk125
Copy link

Mcgurk125 commented Jun 13, 2018

Does this still work? - It does not seem to work for me! Can somebody else try?

@marcocadei
Copy link

Thank you a lot! It worked perfectly for me!

@gustavo9601
Copy link

Thank you so much !!!!

@Lucasmg37
Copy link

Nice!

@pablocoronel
Copy link

Thank you!

@Wondarar
Copy link

Thanks much!

@alamaxjashek
Copy link

I have an error:

HTTP/1.1 400 Bad Request
www-authenticate: Bearer realm="spotify", error="invalid_request", error_description="Only valid bearer authentication supported"
access-control-allow-origin: *
access-control-allow-headers: Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH
access-control-allow-credentials: true
access-control-max-age: 604800
content-type: application/json
Content-Length: 99
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Sun, 06 Sep 2020 01:49:21 GMT
server: envoy
Via: HTTP/2 edgeproxy, 1.1 google
Alt-Svc: clear


{
  "error": {
    "status": 400,
    "message": "Only valid bearer authentication supported"
  }
}

Who can help me?

@Wondarar
Copy link

Wondarar commented Sep 7, 2020 via email

@0Blanck0
Copy link

0Blanck0 commented Sep 10, 2020

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

@owalid
Copy link

owalid commented Jan 28, 2021

Hi @ahallora your gist helped me a lot, thank you very much!

But I spent some time to translate it into nodejs, I made a gist like you: https://gist.github.com/owalid/cf7a2425d9733b6aee80832f6fbc660c

Do not hesitate to look at
Hoping that this will help
Peace ;)

@joehari9
Copy link

Thank you brother

@Mikzael
Copy link

Mikzael commented Mar 5, 2021

You sir are so kind to share this knowledge, I was having trouble with this, i was passing to CURLOPT_POSTFIELDS an array but I didnt realized it required a string... thank you again sir.

@f13dev
Copy link

f13dev commented Apr 11, 2021

Still working nicely in 2021 - One minor recommendation, add 'curl_close($ch);' before the final echo for best practices.

@juliebugmtl
Copy link

Superb, this helped me with another API service too. Thanks so much!

@odysseuscm
Copy link

Thanks a lot!

@kartikCedcoss
Copy link

How do I add the scope?

$scopes = array( 'user-read-playback-state', 'user-read-playback-position' );

where to add

@veskempp
Copy link

hi! This has worked for me several years, but now it suddenly gives the following error: Error: Forbidden
Your client does not have permission to get URL /api/token from this server. Anyone else facing the same issue? Any ideas what has been changed and how to fix this?

@bsprengelmeijer
Copy link

Thanks!

@pale2hall
Copy link

Still worked for me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment