Spotify web API - 401 Permissions missing

2
votes

I'm trying to build a spotify web player using the spotify web API. I registered my Application on spotify and whitelist the callback URL. Then the authorization process works fine. I receive the token for make others requests. But when I try to make a simple currently-playing request,

https://developer.spotify.com/web-api/get-the-users-currently-playing-track/

I receive 

Array ( [error] => Array ( [status] => 401 [message] => Permissions missing ) )

the PHP code is:

session_start();
$req = $_SESSION['token_type'] . " " . $_SESSION['token'];
$headers_after_token = array(
   "Accept: */*",
   "Authorization: " . $req);
$url="https://api.spotify.com/v1/me/player/currently-playing";
echo "<br>REQ-currently-playing: ".$req."<br>";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers_after_token);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
echo "<br><br>";
print_r($response);

the $_SESSION['token_type'] contains "Bearer" as mentioned in the API endpoint-reference https://developer.spotify.com/web-api/endpoint-reference/

the $_SESSION['token'] contains the token retrieved after the authentication process.

Both are well formed thanks to the echo "<br>REQ-currently-playing: ".$req."<br>"; I can see that the 2 variables are set.

I'm using XAMPP v3.2.2 for deploy php pages.

1
phpspotify
When you authorized the user, did you have the user-read-currently-playing and/or user-read-playback-state scope?Magnus Eriksson
Did you solve the issue or have you given up?Magnus Eriksson
no of course I didn't give up, no I don't have this scope. Where I have to insert that string?Alfox
ok it works with scope inside the first request. Thanks. So if I need others privileges I need to resend the authorization ? If you write an answer I can set as "solution". Thanks againAlfox
@Magnus Eriksson, I couldn't help it ... I have a friend in Sweden named Erik Magnusson! How rare is this? (Sorry, guys!)Apostolos

1 Answers

10
votes

To be able to fetch the current playing, you need to add the scope user-read-currently-playing and/or user-read-playback-state when you authorize a user.

With this kind of authorization, a user needs to agree what your app can do on their behalf. Some things are included by default, but some things (just like this) needs extra permissions from the user.

If you see in the documentation that it says that a function needs "this and that" scope, you need to add it to the authorization.