I have been using the api without any incident until I changed my app’s permissions from ‘read and write’ to read, ‘write and access direct messages’. Since then I keep receiving a 500 error and ‘Authorization is required for the operation, but the API binding was created without authorization’. I have tried regenerated a new Consumer Key and Consumer Secret but nothing has worked. I am using Spring Boot if that helps. Any help is appreciated I am out of ideas. Thx.
When you change the permissions on an application, any existing user authenticated application keys you have, also need to re-authenticate.
Example. I’m @andypiper. I auth to your app. I click OK. You receive an auth token relating to my account. Your app has read access to my account. Your app can read my timeline and profile and content etc.
You update your app permissions to read and write.
If you try to use the same auth token I granted you previously, you have only READ access to my account. You need to force me to re-authenticate as @andypiper to your app, for me to be presented with the new authentication opt-in screen, and for you to receive my new permissions in an new auth token.
Does that help? I realise I omitted Direct Message permissions, but the model is identical. The permissions are valid only at the time when the token was granted.
thnx that hepled