App posting status update gets 403 errors, only with media_ids



I have just built a web app through which users can post status updates. This uses the service and their javascript client.

It can post status updates, ok. The problem is when including media_ids the response is 403, “Could not authenticate you.” … which is clearly false but I guess it is a general case including spam detection etc (?).

To be clear, the actual post to the media upload endpoint is successful. It is the subsequent status update post that fails, if it includes media_ids.

I did manage to post just one status update with media_ids (one image) but, strangely, that image now 24 hours later has disappeared! I’m pretty sure it was attached to this tweet or it might have been another one around that time if the whole tweet has disappeared.

Here is an example of a failure.

Request URL:
Request Method:POST
Remote Address:

Request Headers

POST /request/twitter/%2F1.1%2Fstatuses%2Fupdate.json HTTP/1.1
Connection: keep-alive
Content-Length: 68
Accept: */*
oauthio: k=G8cnIzClY3nbnOniOAQzkHvMcfE&oauthv=1&oauth_token=***********&oauth_token_secret=************
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8

Form Data



Status Code:401 Unauthorized

{"errors":[{"code":32,"message":"Could not authenticate you."}]}

One second earlier… the media upload

Request URL:
Request Method:POST
Status Code:200 OK


Pretty odd - I can still see that media ID does exist and has not yet expired. Are you able to attach it to a Tweet sent using the same credentials, via any other tool (e.g. twurl)?

You seem to be specifying media_ids[]=803965075908390912 which I’m not sure is valid either - try dropping the square brackets?

Something else worth looking at is that you’re not specifying a media_category on upload (which should be tweet_image in this case).


Many thanks for your reply. Indeed, the problem was the brackets on media_ids. That is automatically added by Javascript’s FormData when the data is given as an array. I used an array because the endpoint specifies “A list of media_ids…” - perhaps it should say “a comma-separated list” or something.

Btw, on your other point, the simple media upload does not list media_category as a parameter.

In case you can pass on feedback, it would be nice if the response error was less misleading than “Could not authenticate you.” Also, it would be great if the API doc page could include an example of media_ids.

Anyway, all is well now. Cheers.


Great feedback. I’m glad this is resolved for you! I can definitely take those suggestions on board, and in particular able to update the docs, so I’ll see what we can do there.