Authentication error - Code : 32




I’m currently facing an issue of authentication when trying to send a basic GET request.
The result I get from that attempt looks like this :

{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}

I’m familiar with the fact that this error is rather common, but I find the problem intriguing, as it is still occurring after many hours trying to solve it. I used the app Postman ( to achieve this.

Here are the things I’ve tried to do :

  • Ensuring that the time and timezone of my machine are correctly set up
  • Ensuring that the timezone of my Twitter is correctly set up
  • Ensuring that the credentials are correct (identical to those from my Twitter app)
  • Adding some basic parameters to my request
  • Putting a link into the “callback_url” field in the app’s settings
  • Using another library - Tweetinvi (
  • Checking that the request URL was correct

All from those previous attempts have been vain. No solution that I found was able to resolve my problem.
Here’s a brief look at what my configuration in Postman looks like :

Thank you for your help.


In Postman, can you try unchecking “Add empty params to signature” & “Encode OAuth signature”?


Thank you very much. It solved the problem !
I realized that the only necessary checkbox was “Add params to header” though.


I barely did the same thing and get the same error Code 32.
Could u tell me what should i do to correct this bug?


Are you regenerating the timestamp on each request?


I think postman regenerate timestamp on every each request, doesn’t it ?


it says it will auto generate the timestamp IF LEFT BLANK.


any idea to solve this?


I have an Idea. I will just for trying out, make a pseudo-request including signature and stuff and you try to make the request making the same data and check whether the complete requests match. it will take a while though since building this stuff manually is complicated as hell and stuff.


okay I am through with the stuff

try out whether you get the same signatures and stuff using the values I provided. I even have all the steps included so you can check whether something in the middle is correct or not.

consumer key: 0123456789abcdef
con secret  : fedcba9876543210
oauth token : 0011223344556677
token secret: 7766554433221100
Nonce       : 8899aabbccddeeff
Time        : 1511970896
Oauth Version: 1.0

Method: GET

q: hello world
-> encoding: hello%20world

Sig-Method: HMAC-SHA1

HMAC-Key: fedcba9876543210&7766554433221100 (Consumer Secret & token secret)

sorting all of this (and encoding parameters if needed):


parameter String:


encoded again:

Signature base (Method & URL & Parameters)

Signature (HEX): 4ea45dffa47d82c4b51de08771b041e93ea5321e
Signature (B64): TqRd/6R9gsS1HeCHcbBB6T6lMh4= (you need to get the HMAC as byte sequence and then base64 encode)
Signature: Encoded: TqRd%2F6R9gsS1HeCHcbBB6T6lMh4%3D

Authorization Header:

OAuth oauth_consumer_key="0123456789abcdef", oauth_nonce="8899aabbccddeeff", oauth_signature="TqRd%2F6R9gsS1HeCHcbBB6T6lMh4%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1511970896", oauth_token="0011223344556677", oauth_version="1.0"