I’m new to Twitter API’s. I’m following the example curl command at POST /2/tweets | Docs | Twitter Developer Platform
This is the command:
curl -X POST https://api.twitter.com/2/tweets -H "Authorization: Bearer $ACCESS_TOKEN" -H "Content-type: application/json" -d '{"text": "Hello World!"}'
When I insert the value for $ACESS_TOKEN, the one associated with the Twitter account that owns the app, I get an error:
{
"title": "Unsupported Authentication",
"detail": "Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint. Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].",
"type": "https://api.twitter.com/2/problems/unsupported-authentication",
"status": 403
}
Posting tweets is only possible with user context only, not with an application only bearer token, so if you got your Bearer token from the Dashboard it’s the wrong one.
I would not recommend using curl for this - it gets too awkward adding your own headers. The new Oauth2 user access token OAuth 2.0 Authorization Code Flow with PKCE | Docs | Twitter Developer Platform is different to the Bearer token you get from the Dashboard - you have to generate this as described in OAuth 2.0 Making requests on behalf of users | Docs | Twitter Developer Platform
I’d try something like twurl GitHub - twitter/twurl: OAuth-enabled curl for the Twitter API or a library in whatever language you’re most comfortable with: Twitter API v2 tools & libraries | Docs | Twitter Developer Platform
Hope that helps!
Ok, thanks. I just assumed that the app owned by the Twitter account (@ExampleOfUsr) would already have permission and/or necessary credentials to tweet on behalf of of @ExampleOfUser without going through a more difficult process. I guess that’s not the case.
It seems the language on the site is inconsistent and that’s part of the problem. In the “Dashboard” it says:
Access Token and Secret
Generated January 26, 2022
For @ExampleOfUsr
From the description, it’s easy to imagine that this is the user access token for @ExampleOfUsr. If it isn’t the user access token, then what is it? The app access token?
Also, I’m unsure if there a difference between a “consumer key/secret” and the “API key/secret?” Or are they the same thing?
I’d really like to understand the lower level nuts and bolts of this process and get the terminology right but it’s a little confusing with the different API versions. I’m just not sure if the terminology has changed from one version to the next or what.
1 Like
Yes these are the same. The terminology is indeed confusing, especially with the new oAuth2 with user context. It used to be that oAuth 2 was application only, and oAuth 1.0a was with user context only, so it was easier to distinguish.
If you use the 4 parts, API key and secret and access token and secret from the dashboard with oAuth 1.0a it should work. But if you use the bearer token from the dashboard with oAuth 2 it won’t work.
2 Likes
Assuming the api key is a vehicle then the vehicle has a license, and the consumer key is a driver’s license, the two are separate.
the vehicle can be driven by someone else, with a different driver’s license from the first owner
You may get the bearer token for your account(user account) by following the below link:
then click on “Try a live request”
Click on three dots on the right-hand side. it will open up a window.
Click on the “Include access token” button and it will show your bear token in your curl command.
I just found it the hard way, after trying it for three days.
I hope it will help.
1 Like
I’m currently stuck on this. Is there any way I could just use a v1 url string?
You need Elevated Access to use v1.1 API, so you need to apply and get approved for that. Otherwise v2 is available. You may need to reset your access token to be read and write to post tweets.
1 Like
