The error is (based on my experience) almost certainly correct; it means you’re proving an invalid appsecret_proof with your API call
Assuming you’re using the standard PHP SDK without modifications, the most likely reasons for this are:
- You configured the wrong app ID in the SDK code
- You configured the wrong app secret in the SDK code
- You’re trying to use an access token from the wrong / another app