403 Forbidden in App-Only When Using the Returned Bearer Token


I followed the guide on application only authentication and managed to get a bearer token using cURL in php. When I use this token with GET statuses/user_timeline; in the header as ‘Bearer: AAAAAA…’ I get nothing but a header with 403 Forbidden back from the API. No body whatsoever informing me of the error (Content-Length: 0). What could be the reason for this?



To request data on behalf of users (like user_timeline) you need to implement the full OAuth flow. Application Only Auth is only for endpoints that don’t require user context, like [node:10287].


Then why does https://dev.twitter.com/docs/api/1.1/get/statuses/user_timeline say that the rate limit is 300 per app? and 180 per user?