400 "{"errors":[{"message":"Bad Authentication data","code":215}]}


We are currently receiving 400 errors when interacting with the API for previously working requests to verify_credentials.json. The following is the payload: "{“errors”:[{“message”:“Bad Authentication data”,“code”:215}]}

This is part of our new user signup workflow so basically new users are unable to signup.


Can you share a user ID this is happening with and any other information about the request? (The HTTP headers you’re sending, the exact URL you’re executing, and so on?) Thanks!


Here’s one for my user: 14402132

GET /1/account/verify_credentials.json HTTP/1.1
Authorization: OAuth realm="", oauth_token=“11300502-mR37JPiUPfgLifLOI3Lj2iv61DQ8DZEq0y0MDMUM”, oauth_consumer_key="", oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1353519448”, oauth_nonce=“11120750151629684”, oauth_version=“1.0”, oauth_signature="vd9lb%2FQMAJSs%2BLc1O4rxBIh11Pg%3D"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: api.twitter.com

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Content-Length: 61
Date: Wed, 21 Nov 2012 17:37:28 UTC
Server: tfe

{“errors”:[{“message”:“Bad Authentication data”,“code”:215}]}


Thanks, I’m looking into this issue.


Thank you.


Are you actually sending an empty oauth_consumer_key in this case or did you just omit it for the example?


I omitted.


I am encountering the same issue. I’m seeing it pop up in several threads over the last few days, so it must be a bug recently introduced. Any resolution yet?


I am having the same problem.

I have a working test bed where:

get(“lists/statuses”) works perfectly fine.

if i just swap it to get(“statuses/home_timeline”) I get the above response.

Am I doing something wrong or is this a bug?


Did anybody resolve this issue?


For what it’s worth, here’s what we sent received. It’s been working fine for like years until just a few days ago:

20:47:08,665 [http-4321-2] DEBUG Request:
20:47:08,665 [http-4321-2] DEBUG GET http://api.twitter.com/1/statuses/home_timeline.json?include_entities=false
20:47:08,673 [http-4321-2] DEBUG OAuth base string: GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json&include_entities%3Dfalse%26oauth_consum
20:47:08,675 [http-4321-2] DEBUG OAuth signature: Ke68GcXdObN3dkapvecPH1A8u5w=
20:47:08,678 [http-4321-2] DEBUG Authorization: ****************************************************************************************************************

20:47:08,679 [http-4321-2] DEBUG X-Twitter-Client-URL: http://twitter4j.org/en/twitter4j-2.1.11.xml
20:47:08,679 [http-4321-2] DEBUG X-Twitter-Client: Twitter4J
20:47:08,679 [http-4321-2] DEBUG Accept-Encoding: gzip
20:47:08,680 [http-4321-2] DEBUG User-Agent: twitter4j http://twitter4j.org/ /2.1.11
20:47:08,680 [http-4321-2] DEBUG X-Twitter-Client-Version: 2.1.11
20:47:08,912 [http-4321-2] DEBUG Response:
20:47:08,913 [http-4321-2] DEBUG HTTP/1.1 400 Bad Request
20:47:08,914 [http-4321-2] DEBUG Date: Fri, 23 Nov 2012 01:47:24 UTC
20:47:08,915 [http-4321-2] DEBUG Content-Length: 86
20:47:08,915 [http-4321-2] DEBUG Content-Encoding: gzip
20:47:08,916 [http-4321-2] DEBUG Content-Type: application/json; charset=utf-8
20:47:08,917 [http-4321-2] DEBUG Server: tfe
20:47:08,919 [http-4321-2] DEBUG {“errors”:[{“message”:“Bad Authentication data”,“code”:215}]}


Not for me, still not working here. Any status?


Any resolution on this? I am still seeing this error on “verify_credentials” call. Please update the thread if anybody is able to resolve this issue.


I have the same issue while I am trying to upload a picture to https://api.twitter.com/1.1/statuses/update_with_media.json:

OAUTH 1.0: Base string: POST&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fstatuses%2Fupdate_with_media.json&oauth_consumer_key%3DpgdxowbuLIgB93xD5qw84g%26oauth_nonce%3D2335383970711083%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1354007164%26oauth_token%3D56183112-cbXnWNKdVuKK9fXBiuxojwehNeK75cmrPZtaaKeYa%252CpTOvVy4CsKXs6wMOI8a8mGVVfjfQrRPyzmoHjg%26oauth_version%3D1.0. OAUTH 1.0 (request): Using cosumer key: pgdxowbuLIgB93xD5qw84g, consumer secret: [[[OMITTED]]], token secret: [[[OMITTED]]]. HEADERS (request): Sending Content-Type (multipart/form-data; boundary=---------------------------7dc1251e10222). HEADERS (request): Sending Connection (close). HEADERS (request): Sending Accept-Language (en-US). HEADERS (request): Sending Accept (text/html, application/xhtml+xml, */*). HEADERS (request): Sending User-Agent (Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)). HEADERS (request): Sending Dnt (1). HEADERS (request): Sending Authorization (OAuth oauth_consumer_key="pgdxowbuLIgB93xD5qw84g", oauth_nonce="2335383970711083", oauth_signature="LpGAOVa%2BpEwWieeGqS4oxy%2FL91c%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1354007164", oauth_token="56183112-cbXnWNKdVuKK9fXBiuxojwehNeK75cmrPZtaaKeYa%2CpTOvVy4CsKXs6wMOI8a8mGVVfjfQrRPyzmoHjg", oauth_version="1.0").


Thanks for nothing. Workaround applied at our end. Let us know if you ever do get around to this :frowning:


Can you share your workaround?


We’re seeing the same problem, with our app. Any advice on how to work it around?


@dbounds did you solve the problem?


Yes Please give us a hint on how to work around the issue.

Thanks in advance.


Should the oauth_consumer_key be included? The Zend lib that I’m using omits it.