Account Activity API returning error 261 when registering webhook


#1

I’m testing an extension to a Go library (anaconda) to use the Account Activity API in sandbox mode. My app has been approved for the Account Activity API.

To start, I’m sending a POST request to (with some information replaced with ‘example’):

https://api.twitter.com/1.1/account_activity/all/dev/webhooks.json?url=https%3A%2F%example.net%2Ftw%2F

and receiving a 403 Forbidden error with the error text:

{"errors":[{"code":261,"message":"Application cannot perform write actions. Contact Twitter Platform Operations through https://help.twitter.com/forms/platform."}]}

I contacted Platform Operations and they told me that the application is not restricted from accessing the Twitter API. They asked for more information, then referred me here.

I have tried making a request with the wrong API secret, and got a different error, so I don’t think it’s an OAuth problem. Any ideas what might be causing this problem?


#2

What app are you trying to use when accessing the Account Activity API?


#3

I’m using app 8276278, “Notif Agent”, since that is the app I intend to develop as a prototype once I get the library working. I have registered the “dev” environment label for that app.


#4

I believe that you might not have your permission levels set properly on that app.

Can you please follow these steps:

  1. Go into either apps.twitter.com or, if you have applied for a developer account, the Twitter app portal on developer.twitter.com
  2. Open up the app in question, and navigate to the ‘Keys and tokens’ tab.
  3. If the access level under ‘Access token & access token secret’ is set to ‘Read, write, and direct messages,’ please let me know. If not, please navigate to the ‘Permissions’ tab, adjust the access level to ‘Read, write, and direct messages,’ and then regenerate your access token & access token secret to apply the new settings.

Please let me know what comes from this.


#6

Progress! I’m now getting an error that is apparently due to an invalid CRC response, so I’ll go debug that.

I’m sort of surprised that read/write/DM access is needed for Account Activity API because all I’m doing is reading tweets. Anyway, thanks for your help.


#8

The Account Activity API also delivers direct message activities, hence the requirement of the additional permission level.

Let me know if I can help out with the CRC error as well. I just need to know what code and message you are receiving.


#9

Thanks; the permissions aren’t a problem for me but it seems like there might be applications that don’t need DMs and might want to prove that they aren’t going to tweet on behalf of the user.

The CRC error was just a dumb bug. I was calculating the CRC with the access token secret rather than the consumer API secret.

I made a couple of successful account activity requests, but now I’m getting error code 214: Too many resources already created. I have not been doing nearly enough requests to hit the rate limits, so I’m guessing I need to wait an hour or so for a CRC request to fail and the webhook to drop. While I’m testing, is there something I can do to kill off any active webhooks for my app, or should I store the webhook ID somewhere and do a DELETE to kill it off?