The access token and client ID need to be specified as a header
Not a query string parameter
An example:
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Client-ID: ' . CLIENT_ID,
'Authorization: Bearer ' . $keys->access_token
));
you shouldn’t do BOTH like you have
Additionally, the error suggests you generated the wrong type of token
You need a response_type: code with the required scope attached
but made a response_type: client_credentials