Spotify web API - 401 Permissions missing

Question

I'm trying to build a spotify web player using the spotify web API. I registered my Application on spotify and whitelist the callback URL. Then the authorization process works fine. I receive the token for make others requests. But when I try to make a simple currently-playing request,

https://developer.spotify.com/web-api/get-the-users-currently-playing-track/

I receive

Array ( [error] => Array ( [status] => 401 [message] => Permissions missing ) )

the PHP code is:

session_start();
$req = $_SESSION['token_type'] . " " . $_SESSION['token'];
$headers_after_token = array(
   "Accept: */*",
   "Authorization: " . $req);
$url="https://api.spotify.com/v1/me/player/currently-playing";
echo "<br>REQ-currently-playing: ".$req."<br>";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers_after_token);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($ch), true);
curl_close($ch);
echo "<br><br>";
print_r($response);

the $_SESSION['token_type'] contains "Bearer" as mentioned in the API endpoint-reference https://developer.spotify.com/web-api/endpoint-reference/

the $_SESSION['token'] contains the token retrieved after the authentication process.

Both are well formed thanks to the echo "<br>REQ-currently-playing: ".$req."<br>"; I can see that the 2 variables are set.

I'm using XAMPP v3.2.2 for deploy php pages.

Answer 1

To be able to fetch the current playing, you need to add the scope user-read-currently-playing and/or user-read-playback-state when you authorize a user.

With this kind of authorization, a user needs to agree what your app can do on their behalf. Some things are included by default, but some things (just like this) needs extra permissions from the user.

If you see in the documentation that it says that a function needs "this and that" scope, you need to add it to the authorization.