ALERT! Invalid OAuth credentials detected for API v1.1 for already worked tokens



Today I’ve came into some of API v1.1 calls stopped worked with my application.
So for example for I get Invalid OAuth credentials detected but the same token worked fine with

Here is my requests:

  1. This is doesn’t work (but it’s worked yesterday):

  2. This is still work


Do you know what your signature base string looks like in the case of the failing request?


Yes, here is it:



Thanks. That looks right by eyeball anyway. Are there any 1.1 endpoints that work for you?


Further investigation shows then regardless header “X-Warning” with value “Invalid OAuth credentials detected”, Twitter API returns correct results. For example for API end point:

ad@MacBook-Pro-Andrew:~/Projects/crm/nimble-all/server$ ./bin/python spikes/
“Content-Length”: “279”,
“Vary”: “Accept-Encoding”,
“Last-Modified”: “Thu, 15 Nov 2012 17:15:06 GMT”,
“Etag”: ““3c5ea6226d18c1609b9f801cfa175cad””,
“X-Rate-Limit-Limit”: “15”,
“X-Frame-Options”: “SAMEORIGIN”,
“Status”: “200 OK”,
“X-Warning”: “Invalid OAuth credentials detected”,
“Expires”: “Tue, 31 Mar 1981 05:00:00 GMT”,
“X-Runtime”: “0.03477”,
“Pragma”: “no-cache”,
“Date”: “Thu, 15 Nov 2012 17:15:06 GMT”,
“X-Mid”: “c2c44b9f635023a75baa9a752251243b0a50a295”,
“Server”: “tfe”,
“X-Rate-Limit-Reset”: “1353000583”,
“X-Rate-Limit-Remaining”: “14”,
“X-Transaction”: “2d4d57e08d65c51c”,
“Content-Encoding”: “gzip”,
“X-Access-Level”: “read-write-directmessages”,
“X-Transaction-Mask”: “a6183ffa5f8ca943ff1b53b5644ef11431c40d6d”,
“Cache-Control”: “no-cache, no-store, must-revalidate, pre-check=0, post-check=0”,
“Content-Type”: “application/json; charset=utf-8”

So only problem Twitter API set incorrect X-Warning header


In this case the X-Warning header is being passed to your erroneously. We’re working to resolve that as well. Thanks!


i also (still) get his HEADER Message using the API 1.1 (oAuth)

“X-Warning”: “Invalid OAuth credentials detected”,

request works, the results are fine, so the authorization seems to be correct,
but there is this (wrong) X-Warning (Header) Message ?!? :frowning:




did you resolve this issue? I’m getting the same i think:

1 down vote favorite

I’m having trouble authenticating with the Twitter api. I’m using the oauth2 module in Python to conduct a single user sign-in.

I’ve been using the following function to request follower ids:

import oauth2 as oauth

def oauth_req(url, key, secret, http_method=“GET”, post_body=None, http_headers=None):
consumer = oauth.Consumer(key=key, secret=secret)
token = oauth.Token(key=key, secret=secret)
client = oauth.Client(consumer, token)
resp, content = client.request(
return content

I’ll then run it from a document call as per the below example:

ids = twitter_auth.oauth_req(‘’, ‘CONSUMER_KEY’, ‘CONSUMER_SECRET’)

It then just returns the following:
’{“errors”:[{“message”:“Invalid or expired token”,“code”:89}]}’

I can’t seem to get it work, my application details are fine and not expired - so I’m assuming they might be invalid in some way - I just can’t work out how.

It returns the results when i specify the api version as 1.


Make sure that you’re leveraging an access token and access token secret in your request – it looks like by the request signature you’re just leveraging consumer key and secret, which isn’t supported in API v1.1.


Can anybody give me proper ans?

I have get invalid token. Error below,

{“errors”:[{“message”:“Bad Authentication data”,“code”:215}]}

any one put some code if possible…