POST to Xbox Services API through REST Interface using PHP

Question

As a learning exercise I thought I'd try to access the Xbox services API through the RESTful interface. I don't have much experience with APIs, but using PHP I tried simply sending a POST request as described on this MS users batch profile settings post guide.

$url = "https://profile.xboxlive.com/users/batch/profile/settings";
$data = array(
    "userIds" => ["2533274791381930"],
    "settings" => ["GameDisplayName", "GameDisplayPicRaw", "Gamerscore", "Gamertag"]
);

$options = array(
    'http' => array(
        'header'  => "x-xbl-contract-version: 2\r\n".
                     "Content-Type: application/json\r\n",                   
        'method'  => 'POST',
        'content' => json_encode($data),
    ),
);

$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);
echo $result;

Running this gives an error:

Warning: file_get_contents(https://profile.xboxlive.com/users/batch/profile/settings): Failed to open stream: HTTP request failed! HTTP/1.1 401 Unauthorized

This error implies that I need some authorisation, but the guide linked above doesn't say anything about requesting/including tokens/secrets but I thought I'd try anyway...so after configuring an application in the Azure Portal I updatd my code as shown below using the client ID and client secret I created.

$clientId = 'xxxxxxxxxxxxxxxxxxx';
$clientSecret = 'yyyyyyyyyyyyyyyyyyyy';
$grantType = 'client_credentials';
$scope = 'https://graph.microsoft.com/.default';

// Get an access token
$tokenUrl = 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
$data = array(
    'client_id' => $clientId,
    'client_secret' => $clientSecret,
    'grant_type' => $grantType,
    'scope' => $scope
);

$options = array(
    'http' => array(
        'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
        'method'  => 'POST',
        'content' => http_build_query($data),
    ),
);

$context  = stream_context_create($options);
$result = file_get_contents($tokenUrl, false, $context);
$accessToken = json_decode($result)->access_token;

// Make a request to the API
$url = "https://profile.xboxlive.com/users/batch/profile/settings";
$data = array(
    "userIds" => ["2533274791381930"],
    "settings" => ["GameDisplayName", "GameDisplayPicRaw", "Gamerscore", "Gamertag"]
);

$options = array(
    'http' => array(
        'header'  => "Authorization: Bearer ".$accessToken."\r\n".
                      "x-xbl-contract-version: 2\r\n".
                     "Content-Type: application/json\r\n",
        'method'  => 'POST',
        'content' => json_encode($data),
    ),
);

$context  = stream_context_create($options);
$result = file_get_contents($url, false, $context);
echo $result;

This gives a different error:

file_get_contents(https://login.microsoftonline.com/common/oauth2/v2.0/token): Failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request

At this point I'm at a total loss and not even sure I'm going down the right path. I don't think there's anything wrong with my code so maybe I'm missing something? I'm trying to do this using PHP and no middleware or third party APIs. I didn't think it would be this hard!

Do I need to be part of the Xbox Live Creators Program to access the API? There's conflicting information online.

Any advice is greatly appreciated.