https://community.spotify.com/t5/Spotify-for-Developers/Authorization-code-flow-get-access-token-error-invalid-client-id/m-p/5027638#M1051 <P data-unlink="true">Hey guys !&nbsp;<BR /><BR />I'm building a webapp based on Spotify API using RoR. To get the access token, I use the Autorization Code Flow process.</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">At step 2, I when make the [POST] to&nbsp;<A href="https://accounts.spotify.com/api/token," target="_blank">https://accounts.spotify.com/api/token,</A>&nbsp;sending my client_id and client_secret base64 encoded, I have a 400 "Invalid client_id".<BR />Then I tried to sending it in the headers and this time I have a 400 "Invalid authorization_code".</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">I'm a bit lost right now, your help is greatly appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P data-unlink="true">&nbsp;</P><P>&nbsp;</P><LI-CODE lang="ruby"> def get_token api_endpoint = 'https://accounts.spotify.com/api/token' encoded_auth = Base64.encode64(ENV['SPOTIFY_CLIENT'] + ENV['SPOTIFY_SECRET']).delete("\n") body = { grant_type: 'authorization_code', code: params['code'], redirect_uri: "http://localhost:3000/auth/spotify/callback", client_id: ENV['SPOTIFY_CLIENT'], client_secret: ENV['SPOTIFY_SECRET'] } headers = { Authorization: "Authorization: Basic #{encoded_auth}" } resp = HTTParty.post( api_endpoint, headers: headers, body: body ) end</LI-CODE><P>&nbsp;</P><P>&nbsp;</P> Tue, 01 Sep 2020 10:19:58 GMT pablior 2020-09-01T10:19:58Z https://community.spotify.com/t5/Spotify-for-Developers/Authorization-code-flow-get-access-token-error-invalid-client-id/m-p/5027638#M1051 <P data-unlink="true">Hey guys !&nbsp;<BR /><BR />I'm building a webapp based on Spotify API using RoR. To get the access token, I use the Autorization Code Flow process.</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">At step 2, I when make the [POST] to&nbsp;<A href="https://accounts.spotify.com/api/token," target="_blank">https://accounts.spotify.com/api/token,</A>&nbsp;sending my client_id and client_secret base64 encoded, I have a 400 "Invalid client_id".<BR />Then I tried to sending it in the headers and this time I have a 400 "Invalid authorization_code".</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">I'm a bit lost right now, your help is greatly appreciated <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P data-unlink="true">&nbsp;</P><P>&nbsp;</P><LI-CODE lang="ruby"> def get_token api_endpoint = 'https://accounts.spotify.com/api/token' encoded_auth = Base64.encode64(ENV['SPOTIFY_CLIENT'] + ENV['SPOTIFY_SECRET']).delete("\n") body = { grant_type: 'authorization_code', code: params['code'], redirect_uri: "http://localhost:3000/auth/spotify/callback", client_id: ENV['SPOTIFY_CLIENT'], client_secret: ENV['SPOTIFY_SECRET'] } headers = { Authorization: "Authorization: Basic #{encoded_auth}" } resp = HTTParty.post( api_endpoint, headers: headers, body: body ) end</LI-CODE><P>&nbsp;</P><P>&nbsp;</P> Tue, 01 Sep 2020 10:19:58 GMT https://community.spotify.com/t5/Spotify-for-Developers/Authorization-code-flow-get-access-token-error-invalid-client-id/m-p/5027638#M1051 pablior 2020-09-01T10:19:58Z https://community.spotify.com/t5/Spotify-for-Developers/Authorization-code-flow-get-access-token-error-invalid-client-id/m-p/5028768#M1061 <P>Shouldn't you have separated the client ID and client secret with a colon character? And why is it prefixed with a hash character?</P> Wed, 02 Sep 2020 15:37:08 GMT https://community.spotify.com/t5/Spotify-for-Developers/Authorization-code-flow-get-access-token-error-invalid-client-id/m-p/5028768#M1061 kingosticks4 2020-09-02T15:37:08Z