The next step is to create an access token. The access token is valid for a limited time. The clientSecret is sent with this request; if this were an application that was given to others, keeping the secret would be a challenge to overcome:
$accessToken = Invoke-RestMethod -Uri https://accounts.spotify.com/api/token -Method POST -Body @{ grant_type = 'authorization_code' code = $authorizationCode redirect_uri = $redirectUrl client_id = $clientId client_secret = $clientSecret }
The previous request used the HTTP method POST. The HTTP method, which should be used with a REST method, is documented in the developer guides for an interface.
Each of the requests that follow will use the access token from the previous request. The access token is placed in an HTTP header field named Authorization. The Authorization field is created using a hashtable:
$headers = @{ Authorization = 'Bearer {0}' -f $accessToken.access_token }