Soundcloud API authentication always throws "401 - Unauthorized"

Question

Due to the new updates of the Soundcloud API, I'm trying to update the authentication flow in my code ( the project was using login and password ).

But I'm blocked by a problem, and I'm losing my head.

I follow instructions on this page : https://developers.soundcloud.com/blog/security-updates-api

I manage to get a refresh token and an access token with this :

curl --request POST \
--url https://api.soundcloud.com/oauth2/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=CLIENT_ID \
--data client_secret=CLIENT_SECRET \
--data grant_type=client_credentials

But I'm not able to execute this request, which is an example in the mentionned page, with the access token I got with the previous request :

curl --request GET \
--url 'https://api.soundcloud.com/me/tracks?limit=1' \
--header 'Authorization: OAuth ACCESS_TOKEN'

The request response is always :{"code":401,"message":"","link":"https://developers.soundcloud.com/docs/api/explorer/open-api","status":"401 - Unauthorized","errors":[],"error":null}

I tried with a refresh of my access token, and with the url "https://api.soundcloud.com/me" instead of "https://api.soundcloud.com/me/tracks?limit=1". And always returning the same error.

Can someone help me ?

Thanks by advance, and thanks for reading.

Answer 1

OK, I think I got it, thanks to this question on github : https://github.com/soundcloud/api/issues/76

"The client_credentials auth flow is meant only for server-side integration and allows access to public endpoints only. Meaning that for endpoint /me or any other user-related endpoint you have to use the Authorization Code flow which provides the client-side integration."

And here : https://developers.soundcloud.com/docs/api/guide#authentication : "if your app needs to access only public resources, you can use the OAuth Client Credentials Flow"

I'm done with the error messages too blurry... and with me reading too fast !

I will add the correct authentication method in comments later.

UPDATE : "manual" authentication flow

As the project is behind a VPN, I can't use normal authentication flow ( redirect_uri can't be called by soundcloud !)

So :

1. Get a "code"

   First, authenticate on SoundCloud with the account you want to access ( or ask your customer to do it )

   In your browser, type this url :

   https://api.soundcloud.com/connect?client_id=YOUR_CLIENT_ID&response_type=code&scope=&state=[random_string]&redirect_uri=YOUR_REDIRECT_URI

   Accept the demand and this will redirect you to an URL with the code inside : code=YOUR_CODE. Keep it. If this is done by your customer, simply ask him to copy-paste the url. That's not really secure, but you can't avoid it if your redirect uri is not accessible from Soundcloud.

2. Obtain a refresh token and an access token :

   With curl, to keep your Client Secret, or App Secret, secret ( indeed :D ). And also the access token.

   curl -X POST "https://api.soundcloud.com/oauth2/token"
   -H "accept: application/json; charset=utf-8"
   -H "Content-Type: application/x-www-form-urlencoded"
   -d "grant_type=authorization_code&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=YOUR_REDIRECT_URI&code=YOUR_CODE"

This last request will answer in json format. Inside, you'll find an access token, and a refresh token. Register the refresh token in your projet to reuse it to refresh your access token when needed !