Bad authentication data for my activity api code 32



Unable to create test webhook, I have set up my app on the dev environment, and I am copy pasting the keys, tried using curl, postman and insomnia.


Hi @pb1646a.

Could you read through the following troubleshooting guide for error 32 to see if this addresses the error? If it continues to give you the error after trying the steps in the guide, please let us know.



Hi, will do, I finally got it to work using an oauth1.0a package on node and adding that to my request. It’s not ideal, because I wanted to build my library on axioms. But I guess it will do. I am able to get the header with the correct info but it doesn’t seem to work other than with this oauth1.0a package I installed. I have tried on postman and insomnia as well, I have checked the encoded string against the template from the Twitter documentation but still nothing. I even tried to copy the encoded url from the oauth1.0a and add it as a header directly in both postman, insomnia and a curl request and still nothing. Hopefully someday someone will post a full example with all the required steps and extras and pitfalls that would make this not work on certain platforms but work on others…


Could you confirm I have access? I’m getting a forbidden error when I try and post?
I can see on my sandbox that my dev environment label is twittergpg on app name SportsTrons with ID 15314024
But my application email didn’t tell me specifically which app it was I had requested?


Hi @pb1646a it looks like your account is set up and everything checks out with your app. I think you probably haven’t secured your webhook:

Review Step 3 here:

Make sure you’ve set up your webhook correctly:

Please review these docs and make sure your webhook is able to return the correct response_token.


Well I am using ngrok for testing webhooks, the issue is I am getting a bad authentication before it even hits the webhook. I know this because the ngrok dashboard is showing that there was attempt to reach the webhook.


The forbidden error (error 200) will deliver if you haven’t set up access via the developer portal or have formed your request URL incorrectly (double check your environment name).

If it is bad authentication (error 32) before it hits the webhook, then you should check to make sure that you have done the following:

  1. you are using the proper auth keys that you pulled from the Twitter app that is designated as your AAAPI dev environment. Since this endpoint requires user auth, you will need to use both your consumer keys and access tokens.
  2. you have properly generated the oauth nonce, oauth_signature, and oauth_timestamp for your request.

If you have properly set up your Twitter app, then chances are that you aren’t handling number two properly. If so, please consider using an oauth library (example), one of our github repositories (account-activity-dashboard or twitter-webhook-boilerplate-node), or try using Twurl.

closed #9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.