Cannot get API POST "collections/entries/curate.json" to work



Hello, I’d like some insight on how to successfully make this call to add multiple tweets to a collection.

The documentation states that this call differs from others since it is requesting that a JSON body be posted for the request.

I am trying to understand how this JSON body get’s bundled along with the oAuth credentials required to authenticate.

I an using PHP for my oAuth request and passing the fields to CURLOPT_POSTFIELDS, however I am consistently receiving the error “malformed JSON body”.

Please assist. Thank you.


Hey @Travbert, can you provide an example JSON body that doesn’t seem to work?


Hi Jon,

Thank you for responding!

Here is an example of one attempt that I made in sending the JSON body:


For reference, I’ve also provided an example of the array of post fields that are sent, you’ll see that the JSON body is tacked on to the end of the post array.

[10065]=> string(68) “D:\home\site\wwwroot\Includes\common\php\twitter\oAuthApi\cacert.pem”
[78]=> int(5)
[42]=> bool(true)
[10023]=> array(3)
[0]=> string(24) “Accept: application/json”
[1]=> string(321) “Authorization: OAuth oauth_version=“1.0”,
oauth_timestamp=“1469052652”, oauth_consumer_key=“xxxxxxxxxxxxxxxxxxxxxx”,
[2]=> string(7) “Expect:”
[19913]=> bool(true)
[81]=> int(2)
[64]=> bool(true)
[13]=> int(5)
[10002]=> string(59) “
[10018]=> string(40) “TwitterOAuth (+”
[10102]=> string(4) “gzip”
[47]=> bool(true)
[10015]=> string(145) “0=%7B%22id%22%3A%22custom-755492810149683200%22%2C%22changes%22%3A%5B%7B%22op%22%3A%22add%22%2C%22tweet_id%22%3A%22710205975505063937%22%7D%5D%7D” }


Just asked around and someone pointed out a note on the docs that many people miss and may be relevant.

Please note: This method does not accept POST bodies of the typical application/x-www-form-urlencoded variety. Instead, POST bodies should have an explicit Content-Type of application/json.


Thanks Jon,

The issue I am having now is that since the posted body content type is explicitly set to application/json, the request does not appear to be recognizing my oAuth credentials for the request.

I am now receiving the error “Could not authenticate you.”

Just curious if you might happen to know any developers that may have a working example of this? :slight_smile:

Thanks again for your help!


I don’t know of any examples personally. Other advocates closer to this product may be able to help.


Thanks Jon, I’ll keep playin’ around on my end to see if I can get it working but if there’s someone out there with some deeper knowledge on this particular request. Thaw would be great!



I have a bunch of examples using twurl - this gist may be useful in understanding, if you run it in verbose mode?


Hi Andy,

Thanks for responding. For this specific request, I keep encountering an authentication error when attempting to post the JSON body to the request. I am always getting the error “Could not authenticate you.”. However, when I perform a standard POST request such as “collections/entries/add.json”. Everything works perfectly.

Not sure why the post to the body would cause an authentication error to occur since the auth credentials are passed in the header.

I’m using php curl so I’m not sure how it would differ from twurl. Do you know of any devs that may have this particular POST request working in php?

Thanks for your help.



Hi Andy, Jon,

Using the Twitter oAuth Tool, I generated the curl request for the “collections/entries/curate.json” request using my credentials:

   curl --request 'POST' '' --data '%7B%22id%22%3A%22custom-755492810149683200%22%2C%22changes%22%3A_%7B%22op%22%3A%22add%22%2C%22tweet_id%22%3A%22710205975505063=' --header 'Authorization: OAuth oauth_consumer_key="sxA17S0PxgJhVjwdVkZzVQ", oauth_nonce="f09a239cc6ff9b1c5bc2ba15fb6e6389", oauth_signature="DzLKj9dawOecij9qqQZPtl23XvQ%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1469206686", oauth_token="171551808-hdn7Lw8hVPhTgbSYkqU10qBDSwcrOy6uK2sAbPB9", oauth_version="1.0"' --verbose

I executed the curl request through Terminal on my Mac and just like my request within my php library, I am still receiving the “Could not authenticate you.” error:

{“errors”:[{“code”:32,“message”:“Could not authenticate you.”}]}

For this particular request, do I require any special access? Perhaps something to do with the curator API?



No, there’s nothing related to Curator here, or any special permissions - this is a regular, public API. The only assumption I would make is that there’s a difference between your request, and what happens if you use twurl and the gist example I provided.


--data '%7B%22id%22%3A%22custom-...'

It looks like you are taking the JSON that it supposed to be on the POST body and putting it in the “Request query” field. In there it gets encoded and added to the OAuth signature. If you want to use the OAuth signature tool, leave “Request query” blank and add --data '{"foo":"bar"}' after the request is generated.


Hi Abraham,

Thank you for responding!

I attempted what you suggested on the OAuth signature tool and appear to be getting the same “Cannot authenticate” issue.

Here is the curl request that I am sending:

curl --request ‘POST’ ‘’ --header ‘Authorization: OAuth oauth_consumer_key=“sxA17S0PxgJhVjwdVkZzVQ”, oauth_nonce=“90457bd2c5484c4b357c2d825967be6d”, oauth_signature=“ABa3cTgPvnmiTgl0PXjq0JcxfxE%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1469212711”, oauth_token=“171551808-hdn7Lw8hVPhTgbSYkqU10qBDSwcrOy6uK2sAbPB9”, oauth_version=“1.0”’ --data ‘%7B%22id%22%3A%22custom-755492810149683200%22%2C%22changes%22%3A%5B%7B%22op%22%3A%22add%22%2C%22tweet_id%22%3A%22710205975505063937%22%7D%5D%7D’ --verbose

Does this appear to be correct or am I still providing the data incorrectly?

Thank you,


The JSON body should not be encoded. It should look like this --data '{"foo":"bar"}'.


Here is my updated curl request:

curl --request ‘POST’ ‘’ --header ‘Authorization: OAuth oauth_consumer_key=“sxA17S0PxgJhVjwdVkZzVQ”, oauth_nonce=“90457bd2c5484c4b357c2d825967be6d”, oauth_signature=“ABa3cTgPvnmiTgl0PXjq0JcxfxE%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1469212711”, oauth_token=“171551808-hdn7Lw8hVPhTgbSYkqU10qBDSwcrOy6uK2sAbPB9”, oauth_version=“1.0”’ --data ‘{“id”: “custom-388061495298244609”, “changes”: [ { “op”: “add”, “tweet_id”: “390890231215292416”} ]}’ --verbose

Unfortunately I’m still getting the error.


Is it possible the request expired before you used it? Once you generate a signature for a curl request it’s only good for a max of five minutes before you have to generate a new one.


Yes I have been using it right after I have generated so I don’t think it’s expiring.

Here’s something interesting:

I tried generating a curl request for the api request “collections/entries/add.json” and I am also getting the “Cannot authenticate” error when I send it via Terminal. However, this post request works perfectly when called via the PHP library within my website.

F.Y.I: Based on your advice on how the json object should be formatted for the “collections/entries/curate.json” request, I tested it via the PHP library and I still get the “Cannot authenticate” error.

F.Y.I: All get requests generated from the OAuth Tool and sent via terminal work perfectly.

Here is the curl request that failed for the “collections/entries/add.json” when sent via Terminal:

curl --request ‘POST’ ‘’ --header ‘Authorization: OAuth oauth_consumer_key=“sxA17S0PxgJhVjwdVkZzVQ”, oauth_nonce=“13fdd9322a4e614a90262a948e3d8ff3”, oauth_signature=“eVjjTLR3bYxCD21c1%2BAJ%2BkEaBBI%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1469216320”, oauth_token=“171551808-hdn7Lw8hVPhTgbSYkqU10qBDSwcrOy6uK2sAbPB9”, oauth_version=“1.0”’ --data ‘tweet_id=390890231215292416&id=custom-388061495298244609’ --verbose

Thanks again!


From your request I pulled up the timeline custom-388061495298244609 and it’s owned by user @oauth_dancer. From the oauth_token header I pulled up the user with the id 171551808 and it belongs to the user @mentionmapp. AFAIK only the owner of a collection can add/modify it.


Ooops. you’re right, makes sense.

Here is a version of the curl request with Mentionmapp as both the oAuth bearer and the owner of collection “custom-756607134587117568”.

Alas, I’m still getting the error.

curl --request ‘POST’ ‘https:/horization: OAuth oauth_consumer_key=“sxA17S0PxgJhVjwdVkZzVQ”, oauth_nonce=“96c5022bf941936b1cd45d6ca92bbec8”, oauth_signature=“VXMTTAkVi3I%2F8nwbBsZ5J9G41%2BY%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1469225190”, oauth_token=“171551808-hdn7Lw8hVPhTgbSYkqU10qBDSwcrOy6uK2sAbPB9”, oauth_version=“1.0”’ --data ‘tweet_id=390890231215292416&id=custom-756607134587117568’ --verbose


Hi Abraham,

Hope you had a good weekend. Any insight on why the most recent curl request failed for me. Collection id specified belongs to Mentionmapp who is also the oAuth token bearer.