https://community.spotify.com/t5/Spotify-for-Developers/How-to-request-several-scopes-for-a-token-to-Spotify-API/m-p/5070420#M1525 <P>Hey&nbsp;<a href="https://community.spotify.com/t5/user/viewprofilepage/user-id/24053759">@jpmolinamatute</a>, thanks for reaching out on the Spotify Community!</P><P>&nbsp;</P><P>Hmm, the documentation about the client-credentials authorization flow says the following: "<SPAN>However that this flow does not include </SPAN>authorization<SPAN> and therefore cannot be used to access or to manage a user private data". This means that you can't use that endpoint with the authorization flow that you're using.</SPAN></P><P>&nbsp;</P><P><SPAN>Could you try it with another authorization flow? That should help.&nbsp;</SPAN><SPAN>Keep me in loop!</SPAN></P><P>&nbsp;</P><P><SPAN>Happy coding,</SPAN></P><P><SPAN>Hubo</SPAN></P> Thu, 12 Nov 2020 11:20:00 GMT Hubo 2020-11-12T11:20:00Z https://community.spotify.com/t5/Spotify-for-Developers/How-to-request-several-scopes-for-a-token-to-Spotify-API/m-p/5069469#M1517 <P>I need to "authorize" the bearer token to delete some tracks from a list (from my personal Spotify account) I'm following this <A href="https://developer.spotify.com/documentation/general/guides/authorization-guide/#client-credentials-flow" target="_self">flow</A> I first make a POST request to <A href="https://accounts.spotify.com/api/token" target="_blank" rel="noopener">https://accounts.spotify.com/api/token</A> using `"Authorization: Basic ZjM4ZjAw...WY0MzE="` header and with the desired scope in the body and then another POST request to the actual endpoint with<BR />`f"Authorization: Bearer {response_dict['access_token']}"` header. Getting these two tokens seems to work without a problem.</P><P>I have checked similar question in StackOverflow, but they either not address my problem specifically or they don't have an answer at all</P><P>this is my actual python code:</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="python">cred = f"{environ['SPOTIPY_CLIENT_ID']}:{environ['SPOTIPY_CLIENT_SECRET']}" cred = cred.encode("ascii") cred = base64.b64encode(cred) cred = cred.decode("ascii") headers = {"Authorization": f"Basic {cred}"} data = { "grant_type": "client_credentials", "scope": "playlist-modify-private user-library-read", } url = "https://accounts.spotify.com/api/token" response = requests.post(url, headers=headers, data=data) if response.status_code != 200: raise Exception(response.reason) session = requests.Session() response_dict = response.json() session.headers.update({ "Content-Type": "application/json", "Authorization": f"Bearer {response_dict['access_token']}", })</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>then I got the scope in the first response as a "confirmation that they granted" (at least that's my interpretation of seeing the same scope that I request in their response)</P><P>**HOWEVER**: when I attempt to delete some tracks I get a 403 error, forbidden to do so <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> When I use the token from <A href="https://developer.spotify.com/console/delete-playlist-tracks/" target="_self">their site</A> everything works as expected... any idea what could it be or what am I missing????</P><P>thanks in advance!</P><P>&nbsp;</P> Tue, 10 Nov 2020 16:56:02 GMT https://community.spotify.com/t5/Spotify-for-Developers/How-to-request-several-scopes-for-a-token-to-Spotify-API/m-p/5069469#M1517 jpmolinamatute 2020-11-10T16:56:02Z https://community.spotify.com/t5/Spotify-for-Developers/How-to-request-several-scopes-for-a-token-to-Spotify-API/m-p/5070420#M1525 <P>Hey&nbsp;<a href="https://community.spotify.com/t5/user/viewprofilepage/user-id/24053759">@jpmolinamatute</a>, thanks for reaching out on the Spotify Community!</P><P>&nbsp;</P><P>Hmm, the documentation about the client-credentials authorization flow says the following: "<SPAN>However that this flow does not include </SPAN>authorization<SPAN> and therefore cannot be used to access or to manage a user private data". This means that you can't use that endpoint with the authorization flow that you're using.</SPAN></P><P>&nbsp;</P><P><SPAN>Could you try it with another authorization flow? That should help.&nbsp;</SPAN><SPAN>Keep me in loop!</SPAN></P><P>&nbsp;</P><P><SPAN>Happy coding,</SPAN></P><P><SPAN>Hubo</SPAN></P> Thu, 12 Nov 2020 11:20:00 GMT https://community.spotify.com/t5/Spotify-for-Developers/How-to-request-several-scopes-for-a-token-to-Spotify-API/m-p/5070420#M1525 Hubo 2020-11-12T11:20:00Z