401 Unauthorized response to mentions API call


Hello, I work on a large multi-tennant saas social media platform, built in C# with our own Twitter REST API layer. The system allows read and write access to Twitter on behalf of the users via persisted Oauth credentials.

We’ve experienced an issue where users with valid OAuth credentials stored are consistently returned a 401 Unauthorized error when attempting to access the Mentions endpoint. What seems to solve the issue is the user logging into Twitter website, visiting the settings area and simply re-saving their profile (without making changes).

This happened to one specific user 5 days ago (I made a post about it then which had no response, https://dev.twitter.com/discussions/7557). The problem has came back today, and re-saving the profile solved the issue immediately.

I’ve read through the OAuth checklist and specifications link that’s provided in many of the replies here and it hasn’t given any useful information to me.

The next time this issue happens, what information can I log to help the troubleshooting process? Are there any special tasks I should complete that will help diagnosis?

Thank you for your time


I should mention that this problem only effects a small number of our users. The rest of our Twitter services will function normally for other users during this time. It appears to be something related to the user’s account profile on Twitter’s end. After simply re-saving the profile via Twitter website, we successfully use the OAuth credentials we had stored previously.

Any ideas or suggestions would be appreciated.



We’re looking into this issue – as you note, it only happens to specific users – in this case, the error really should be a 500 series instead of a 40X.


Thank you @episod. Is there an official bug/issue/tracker link for this so I can follow the status?


Not at the moment – I will create one and affix it to this thread when I have enough details – it may be a two-stage problem: first getting the error to be a 50X series error instead of a 401, and then next determining and resolving why the condition is happening in the first place.

Which language/library are you using for this particular call? Are you sending cookies in any way?


We’re actualy not able to correlate your report with the previous reports of this problem – this may be something completely different. Can you share answers to the questions I pose above:

  • What language/library are you using for this call?
  • Are you sending cookies in any way, whether intentionally or unintentionally?
  • Header-based or query-string based OAuth? What’s the request look like when it fails?
  • What profile settings change when you save the profile?


I’m seeing exactly the same result in PHP, using the Zend oAuth lib. All other calls (user profile,get retweets, etc) are working normally. It is just https://api.twitter.com/1/statuses/mentions.json that is failing. I’ve also tried .xml, just in case, but to no avail.

HTTP/1.1 401 Unauthorized Date: Sun, 24 Jun 2012 09:26:48 UTC Server: tfe

Is all that’s returned.

The authenticated account I’m using is this one.