403 Forbidden uploading Tailored Audiences to TON Api



Ok, once again having trouble with Twitter API. ( Didn’t had any problems using same functionality for other social websites, btw, so you have something to think about )

Trying to upload something to Twitter TON Api using CURL ( PHP ). Here is the log:

POST /1.1/ton/bucket/ta_partner.json HTTP/1.1
Host: ton.twitter.com
User-Agent: TwitterOAuth v0.2.0-beta2
Accept: */*
Content-Type: text/plain
X-Ton-Expires: Tue, 06 Sep 2016 19:55:15 GMT
Content-Length: 424
Authorization: OAuth oauth_body_hash="xxx", oauth_consumer_key="xxx", oauth_nonce="xxx", oauth_signature="xxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1472586915", oauth_token="xxx", oauth_version="1.0"

* upload completely sent off: 424 out of 424 bytes
< HTTP/1.1 403 Forbidden

What could be wrong here is oauth_body_hash , because I added it as experiment by looking at other forum posts and don’t know the exact value it should have, but I couldn’t find any information about this variable. Other variables are correct, though.

Any help would be appreciated.


I just tried to upload with twurl and it worked perfectly fine. So my only guess is that I was setting incorrect oauth_body_hash in my curl request.

Can someone please explain what the value of oauth_body_hash should be?


How/why same request works with TWURL, but not with PHP/CURL.

<- "POST /1.1/ton/bucket/ta_partner HTTP/1.1\r\nContent-Type: text/plain\r\nX-Ton-Expires: Tue, 06 Sep 2016 19:35:39 CEST\r\nContent-Length: 12\r\nAccept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r\nAccept: */*\r\nUser-Agent: OAuth gem v0.5.1\r\nAuthorization: OAuth oauth_body_hash=\"ZmqMusMfLNliIT45yUqjwqfwUQ0%3D\", oauth_consumer_key=\"s9eoznsaLE0GZlqJh77HsFemO\", oauth_nonce=\"1LKmmT7t2Fhk03dE1Y11dI3oGgkyZ3lv1VGlfhppDgE\", oauth_signature=\"Mzmlfzor2jde7p9Iqcsjo8rX%2BcE%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1472665064\", oauth_token=\"same_as_in_curl_request\", oauth_version=\"1.0\"\r\nConnection: close\r\nHost: ton.twitter.com\r\n\r\n" <- "aaa@test.com"


-> "HTTP/1.1 201 Created\r\n"


> POST /1.1/ton/bucket/ta_partner.json HTTP/1.1 Host: ton.twitter.com User-Agent: TwitterOAuth v0.2.0-beta2 Accept: */* Content-Type: text/plain X-Ton-Expires: Tue, 06 Sep 2016 19:41:33 CEST Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3 Content-Length: 12 Authorization: OAuth oauth_body_hash="ZmqMusMfLNliIT45yUqjwqfwUQ0%3D", oauth_consumer_key="s9eoznsaLE0GZlqJh77HsFemO", oauth_nonce="0e40334b786b2423bbbd7e103352bd19", oauth_signature="OxjFRPjreFvCk4eLUsKRQfb7uYI%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1472665293", oauth_token="same_as_in_curl_request", oauth_version="1.0" Connection: close


HTTP/1.1 403 Forbidden

How on earth is this possible? oauth_body_hash and oauth_token are exactly the same.


Hi, @divireizdivi. Sorry to hear you’re running into trouble using PHP cURL.

My understanding is that oauth_body_hash is the base64-encoded hashed (using SHA256) content—the content being the tailored audience data, such as email addresses.

Is this what you used as the $content in:

'oauth_body_hash' => base64_encode(sha1($content));


Hey! You can check my lib, Twitter ads php sdk in github,. I Solved this before and you can see the code


Sorry, here you have the link: https://github.com/hborras/twitter-php-ads-sdk


yeap, that’s exactly what I have for the oauth_body_hash. I tried both base64_encode(sha1($content)) and base64_encode(sha1($content, true)), but no luck.

As I mentioned, my oauth_body_hash with CURL was exactly the same as in TWURL, but no luck anyway…



I’ll check it out maybe later today or after few days and will let you know how it went! :slight_smile:


Good luck, @divireizdivi! Please let us know how it goes. Thanks!


Hi, could you able to UPLOAD the data using the TON API, I am getting the same error, could you pass me an example code please?



Just try @hector_borras library - https://github.com/hborras/twitter-php-ads-sdk - it works.

I have spent 1-2 hours trying to understand why it works and why my curl request doesn’t, even though my all variables were created the same way that in the library, but no luck. If you will be able to do plain curl request that works, please let me know :slight_smile:



I’m happy that it works for you. If it works with my lib, what do you need else?

Anyway, you could post your plain request with headers and the process, and I’ll try to help you!


@hector_borras i am using your lib and i am working with very basic example to create campaign through api but i am getting message as Forbidden as i have googled it and got few answers that my app need to be white listed so i requested this in the morning but i didnt get any reply from twitter about the status. Can u tell me is this issue with my code or i have to wait for the app to be white listed? Your help will be much appreciable. :slight_smile:


If you can catch the exception, and paste here the response will be better to understand whats the problem. And also the code you’re using.