401 error on fetching playlist iOS

[MusicMonster20]

Hi Everyone,
We are implementing sound cloud functionality in our iOS app and trying to fetch the user playlist.

We are using the following API to get access token:
curl -X POST "https://api.soundcloud.com/oauth2/token" -H "accept: application/json; charset=utf-8" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=**********************&client_secret=**************************&code=3-292653-1184522413-9z87Q1rA8mpxH&redirect_uri=https%3A%2F%2Fmywebsite%2Fauth%2Fsoundcloud&refresh_token="

And after getting access token successfully, we are hitting following API to get the playlist
curl -X GET "https://api.soundcloud.com/me/playlists?show_tracks=true&linked_partitioning=true&limit=2" -H "accept: application/json; charset=utf-8" -H "Authorization: OAuth 2-292653--ATesTnYIoWRn4pClxLh67BD

We are getting 401-Unauthorized error every time. What we are missing here ? Kindly advise. Thank you in advance.

[dpreussler]

Hi there, is the user you are trying to get the playlist from the same that you authenticated?

[mgoodfellow]

It doesn't matter what user they are authenticated as because they are requesting the /me route - so this would serve up the playlists for that user context.

Good spot though, they aren't actually authenticated as a user at all! They are using a client_credentials grant which is a server token with no user context and therefore it cannot access any of the /me/... resources.

Client Credentials Token Exchange Flow
With applications, such as CLIs, or pure back-end services you would authenticate the application itself rather than a user. For instance, you might want to build an artist's website where you only need an access to their tracks, playlists, or user information. There is no need to go through the connect flow, as SoundCloud API provides the Client Credentials Flow for these purposes. You pass along the client_id and client_secret you have acquired at registration to authenticate and get a token.

@MusicMonster20 check out: https://developers.soundcloud.com/docs/api/guide#authentication

TL;DR you should be using authorization_code grant flow because you are providing a code parameter.

[dpreussler]

good catch, thanks @mgoodfellow

[MusicMonster20]

Hi, kindly check this: https://prnt.sc/Qqk_cCq9Iyde there is an error of invalid_grant.

[mgoodfellow]

If I had to guess, which is all I can do - I would say you have not sent your redirect_uri exactly as it is configured for your app.

The example you gave in your first comment doesn't look like the right form. Why would it end in refresh_token=?

[MusicMonster20]

Hi, so you mean we do not require refresh_token= at the end ?
So it will look like: "grant_type=authorization_code&client_id=*********************&client_secret=**************************&code=3-292653-1184522413-9z87Q1rA8mpxH&redirect_uri= **********://soundcloud/redirect" ?

[mgoodfellow]

Go to https://soundcloud.com/you/apps - copy what you have listed as the Redirect URI and put as the redirect_uri

[MusicMonster20]

Hi, yes we used that it gives us invalid_grant error: https://prnt.sc/nxK1j83m2kCl