Help Wizard

Step 1


Bearer token request results in 403 Error: "This request requires user authentication."

Bearer token request results in 403 Error: "This request requires user authentication."

My Question or Issue

I am trying to edit a playlist using the Spotify API and Python. To do this, I first make a request for a new bearer token:









credentials = f"{client_id}:{client_secret}"
encoded_credentials = b64encode(credentials.encode("ascii")).decode("ascii")

headers = {
    "Authorization": f"Basic {encoded_credentials}"

params = {
    "grant_type": "client_credentials",
    "scope": "playlist-modify-public user-library-read playlist-modify-private"

token_request =
token = token_request.json()["access_token"]










I then try to use the token to edit a playlist:









auth_header = {'Authorization': f"Bearer {token}"}
formatted_song_uris = ",".join(song_uris)

api_request = f"{playlist_id}/tracks?position=0&uris={formatted_song_uris}"

api_call =, headers = auth_header)










Which results in the following error:


"error" : {
"status" : 403,
"message" : "This request requires user authentication."


When I manually request a bearer token from the Console at and use this with Postman and the same url as in the script, it works fine.


Does anyone have any clues as to what is causing the issues? Thanks in advance!

9 Replies

You get this error, because this endpoint requires user authentication.

To let make it work, you'll need to implement the Authorization Code Flow, but I recommend you to use the python module SpotiPy.



Thanks for the quick reply.

Does that mean that it is not possible to do it fully automatically, i.e. without any manual user interaction required?

With SpotiPy, you have to log in once. It then stores the tokens in a .cach file. If you run your Python script again, it uses the tokens in that file for authorization.

Note: everytime you change the scopes, the user needs to log in again.

And to answer your question: letting scripts or programs doing things on the behalf if the user, without the user's authorization, would be a big security risk. Also, without logging in, a script or program wouldn't even know on the behalf of wich user it must act.

hey im getting the same error with my JS code , the user access token gets generated successfully but after that when I try to create a playlist with the token the same error pops up . 

@lazy3 do you use the Authorization Code Flow?

Getting the same error using postman. I generate the bearer, works with GET calls but when I  call a POST or PUT  

        "message""This request requires user authentication."

Are you using a code generated through the Client Credentials Flow or the Authorization Code Flow?

@Ximzend last year I was still able to get a bearer token from the console page at and used that token in curl to add tracks to my playlist. Now that console page disappears. Luckily, the bearer token from requests that the spotify web app uses seems to be good enough to add tracks to a playlist. However, the issue is that after a track is added to the playlist with the web api, the playlist doesn't show that track. Do you know what I miss here?

@kfjordt @GustavoParada if you're ok with getting the bearer token manually, you can get it from the developer tools of your browser.

Suggested posts