Application-only authentication

coreyac · 2014-11-18T23:13:45.560Z

Can you verify if the Ads API works
with Application-only authentication? I’m able to get a valid ‘bearer’ token,
but then I get the following error when I try to make a call with the bearer
token:

{“errors”:[{“code”:“UNAUTHORIZED_CLIENT_APPLICATION”,“message”:“The
client application making this request does not have access to this
API”}],“request”:{“params”:{}}}

jillblaz · 2014-11-19T00:52:03.789Z

Hi @coreyac

Ads API does not support app-only authentication. User context is required for all Ads API activity. Here’s some more info: https://dev.twitter.com/ads/campaigns#HTTP_OAuth

coreyac · 2014-11-19T23:37:53.512Z

Thanks @jillblaz, I’ve tried the full OAUTH flow as well, but I still get the same error (I now see my screen name appended to the end of the error though). Is there any way to verify if my app has been whitelisted?

dimapv · 2014-11-20T09:27:09.285Z

Hi. I’m seeing the same error as well when trying to query https://ads-api.twitter.com/oauth/request_token with our api key/secret (also providing the oauth_callback parameter) - is there a problem or am i doing something wrong?

coreyac · 2014-11-20T18:08:28.772Z

@dimapv Looks like you may have an incorrect base URL. According to https://dev.twitter.com/ads/campaigns/getting-started, “OAuth for the Ads API is handled by the same system as the Twitter API.” Would love to hear if you’re able to get things working using https://api.twitter.com/oauth/request_token

TaliDolev · 2014-11-20T21:11:20.527Z

I’m getting the same error when trying to retrieve my accounts via a terminal (cURL command: curl --get ‘https://ads-api.twitter.com/0/accounts’ --header 'Authorization: OAuth oauth_consumer_key=…) and through a web browser (https://ads-api.twitter.com/0/accounts&oauth_consumer_key=…) .

jillblaz · 2014-11-21T01:23:20.403Z

Yeah, these all sound like OAuth issues.

@dimapv @coreyac - Can you please provide full requests and responses (feel free to redact personal info). It’s hard to tell what is going on without those details.

@TaliDolev - Have you tried using twurl instead of curl to test? twurl will take care of the header for you and likely make troubleshooting OAuth easier.

TaliDolev · 2014-11-21T02:56:32.684Z

@jillblaz - I tried twurl and got the “Authorization Successful” message. I’m also able to run the example commands (twurl /1.1/statuses/home_timeline.json; twurl account)

But I can’t get the ads api commands to work. I tried a few different combinations, but continue to get the same error. For example: twurl -H ads-api.twitter.com campaigns
{“errors”:[{“code”:“UNAUTHORIZED_CLIENT_APPLICATION”,“message”:“The client application making this request does not have access to this API”}],“request”:{“params”:{}}}

jillblaz · 2014-11-21T19:31:45.456Z

@TaliDolev @dimapv @coreyac Ok, I’ve confirmed the whitelisting for each of your organization’s accounts and ran the process again. Please try access the Ads API now.

coreyac · 2014-11-22T00:15:19.724Z

I’m in! Thanks @jillblaz

dimapv · 2014-11-23T12:20:46.909Z

Cool, it works!

As @coreyac suggested the oauth is done against the api.twitter.com domain, thanks!

TaliDolev · 2014-11-23T21:40:22.641Z

Worked for me too! thanks @jillblaz

hugnrams · 2015-03-25T15:40:28.891Z

Hi @jillblaz!

It seems we’re running into the same whitelisting-issue. While I’m able to get data from endpoints like accounts, targeting_data and funding_instruments, I get “UNAUTHORIZED_CLIENT_APPLICATION” when I try to create a campaign - write access is apparently denied.

I’m using twurl, the sandbox API and an access-token (with read-write access perms) of the organization the Application belongs to.

May you check the Applications my user granted access to?

Thanks!

hugnrams · 2015-03-27T10:58:43.431Z

@jillblaz nevermind - just read you forum policy concerning discussion of access levels

jaakkosf · 2015-03-27T14:08:20.560Z