I have been asked to create web pages that will be stored on a company website and will access their hosted Canvas LMS instance

They want to sell access to their Canvas training courses

My program flow is:
- Query the companies available Canvas courses (with a courseID) to see if its still active and obtain the current price.
- Collect student info (name, email, credit card etc) via webform
- Process the credit card payment
- Query Canvas to see if student already exists, if not create them in Canvas
- Enrol student in course

I have been issued a company developer key and the key ID (I think).

Documentation talks about the Client Secret, is that same as the developer key?

This seems really easy and I have done similar things with other LMS systems via APIs.
However I cant even get a course list without authorization errors so I guess it needs to use oauth to get a token?
Is that correct?

Does anyone have a basic example of obtaining a token via oauth from a hosted canvas instance? Any language will do but I will be using PHP

Appreciate any and all assistance