Bad Authentication data



trying to get the top trends worldwide in a web browser, using the following request:***&oauth_version=1.0

However, it keeps showing me this message instead:

{"errors":[{"code":215,"message":"Bad Authentication data."}]}

How can I send an authorized URL request ?? This is not clear to me! thanks


You need to provide the correctly calculated OAuth Authorization header. You can use the OAuth Tool (can be found at the bottom of any endpoint documentation when signed in) to get a cURL command line. Alternatively you can use a tool called twurl.


My authentications work when I use the curl command and they return the data I requested. However, when converting the curl command to a normal URL for the web browser, it returns the bad authentication error I showed you. why do you think is that?


Afaik that’s not possible, OAuth needs some specific HTTP headers to be set.


Could you show me how to properly write a specific http header?


and I do have the credentional for the Consumer key, Consumer secret, Access token, and Access token secret.


Ok I just tried it myself, and it actually is possible, contrary to what I suspected, to encode it all into the URL.

You end up with a URL like:

(Line breaks added for readability)
You have to use the correct parameters (you can use the ones from the cURL command) and it will actually work. Note that those are only valid for a very short amount of time, usually a few minutes!


Thanks, but it didnt work… This is getting frustrating. The following is my URL (with the actual tokens, no prob, these are for testing only):

and still, the result is:

{"errors":[{"code":215,"message":"Bad Authentication data."}]}

What am I doing wrong there?


I literally just took the curl command generated by twitter from:

and turned it into a URL.


Sorry no idea, it could literally be anything, it’s not really appropriated to use a browser for such requests IMO.


Yeah I know, it’s not. But Im just trying it out, and it wont even work! Unbelievable. Well, thanks anyways.


Just tried your URL with cURL and another test tool and it works fine.
Even works fine in my Browser (Safari), so I suspect your browser sends something additional that causes things to break, which is easily possible as the calculated signature can only take into account the data it knows about, not what else the browser might send.


Well, I was using Chrome but I just triend Internet Explorer and it worked!

So it was the browser all along? Ha… I will try figure this one out now.

How can I use a URL that doesn’t get expired?


That’s impossible. It would defeat the purpose of OAuth.


Okay, thank you.


In case you don’t need User context though, take a look at App only authentication


I have the error code 215 too with using command curl.
I do Application-only authentication from this page:

1 step. I have registered my application and create Base64 encoded bearer token credentials: MY_REGISTRATION_KEY

2 step. I enter command:

curl --request POST '' --data 'grant_type=client_credentials' --header 'Authorization':'Basic MY_REGISTRATION_KEY' --header 'Content-Type':'application/x-www-form-urlencoded;charset=UTF-8' -c ~/MNITI/twitter/cookie.txt --connect-timeout 999

I’ve got the token in response:


And I’ve got the id in file cookie.txt:

# Netscape HTTP Cookie File
# This file was generated by libcurl! Edit at your own risk.    TRUE    /    FALSE    1550666430    guest_id    v1%3A148759443075881772

**3 step.**Authenticate API requests with the bearer token. My command line:

curl --request GET --cookie "guest_id=v1%3A148759443075881772" '' --header 'Authorization:Bearer MY_TOKEN' -I

The response is:

HTTP/1.1 200 OK
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-disposition: attachment; filename=json.json
content-length: 434187
content-type: application/json;charset=utf-8
date: Mon, 20 Feb 2017 11:40:53 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Mon, 20 Feb 2017 11:40:53 GMT
pragma: no-cache
server: tsa_o
status: 200 OK
strict-transport-security: max-age=631138519
x-access-level: read
x-connection-hash: 12d05179471378f792241127c5fa5958
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rate-limit-limit: 1500
x-rate-limit-remaining: 1498
x-rate-limit-reset: 1487591350
x-response-time: 200
x-transaction: 006af4d000c5ba96
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 1; mode=block

The line expires: Tue, 31 Mar 1981 05:00:00 GMT is very strange…

4 step
Search request:

curl "

And all… I have the error:

{"errors":[{"code":215,"message":"Bad Authentication data."}]}

Help me please!!


Got this: {“errors”:[{“code”:215,“message”:“Bad Authentication data.”}]}


The API doesn’t use cookies, you have to append --header 'Authorization:Bearer MY_TOKEN' for every request when using application auth.


The endpoint :[HERE]&oauth_consumer_key=[HERE]&oauth_consumer_secret=[HERE]&oauth_token=[HERE]&oauth_token_secret=[HERE]
I am placing the Authorization tokens generated but the request sends me {Error Code: 215 “Bad Authentication Data”}. Is there something wrong with the headers for authorization or something else?