Application-only Authentication getting unexpected result


Morning all!

So I’ve spent the last couple of days trying to implement Application-only authentication ( and I seem to have reached a brick wall.

Below is the code I currently have that allows me not to get the 403 error I had been struggling with, but I don’t seem to get the result I’m expecting.

            // Step 1..
            string secret = "secret";
            string key = "key";

            var headerFormat = "Basic {0}";
            var authHeader = string.Format(headerFormat,
                        Convert.ToBase64String(Encoding.UTF8.GetBytes(Uri.EscapeDataString(key) + ":" +

            // Step 2..
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create("");

            request.Method = "POST";
            request.Host = "";
            request.UserAgent = "My Twitter App v0.0.1";
            request.Headers.Add("Authorization", authHeader);
            request.ContentType = "application/x-www-form-urlencoded;charset=UTF-8";
            request.Headers.Add("Accept-Encoding", "gzip");

            string postData = "grant_type=client_credentials";
            ASCIIEncoding encoding = new ASCIIEncoding();
            byte[] byte1 = encoding.GetBytes(postData);

            request.ContentLength = byte1.Length;

            Stream newStream = request.GetRequestStream();
            newStream.Write(byte1, 0, byte1.Length);

            var response = (HttpWebResponse)request.GetResponse();
            var reader = new StreamReader(response.GetResponseStream());


Here is the result I’m currently getting.

{content-encoding: gzip
pragma: no-cache
Content-Length: 141
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: application/json; charset=utf-8
Date: Tue, 23 Jul 2013 00:31:11 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
ETag: "dbac81adb4d348d3eac51b0c1af03fdc"
Last-Modified: Tue, 23 Jul 2013 00:31:11 GMT
Set-Cookie: _twitter_sess=BAh7CDoMY3NyZl9pZCIlYzY5NWJkNWY5YjM3ZDMwMTU4NjZhYThjZGUwNTVm%250AODg6B2lkIiUzMDBlNTJlYWQyNzcxZDk1ZDVlY2Q5YzljYmI3Zjg5MjoPY3Jl%250AYXRlZF9hdGwrCBbb7whAAQ%253D%253D--451ab2820af494ce22bde505d0c1824576457323;; path=/; HttpOnly,guest_id=v1%3A137453947152362559;; Path=/; Expires=Thu, 23-Jul-2015 00:31:11 UTC
Server: tfe
status: 200 OK
strict-transport-security: max-age=631138519
vary: Accept-Encoding
x-frame-options: DENY
x-mid: 0efefbfedfff7cbf20a62947ac6612a7df3a6259
x-runtime: 0.04725
x-transaction: 13a8f2bc9bfc5c9c
x-ua-compatible: IE=10,chrome=1

If anyone could help that would be great!


It looks like you’re getting a HTTP 200 OK back as your response. Have you tried evaluating the response body that came with that?


I have but I just get unrecognisable characters. Black diamonds with a white question make, and rectangles and the like.


That would be a GZIP-encoded response – you may need to explicitly GZIP-decode that.

When you set this header: request.Headers.Add(“Accept-Encoding”, “gzip”);

You instructed the system to send you back the response GZIP’d. Many HTTP libraries handle the compression for you. Looks like yours does not.


You’re a star, thank you!

Just in case anyone else has the same issue, I added the following line after I had declared my HttpWebRequest.

request.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;