Code 32: Could not authenticate you - DELETE method



Can POST direct message, cannot DELETE direct message.

RWD Permissions are set to read, write, & direct message, oauth consumer key / tokens newly generated and implemented.

Using oauth-1.0a

Request 1:

{ method: ‘POST’,
{ ‘Content-Type’: ‘application/json’,
Accept: ‘application/json’,
‘OAuth oauth_consumer_key=“My_Oauth_Consumer_Key”, oauth_nonce=“Generated_Code”, oauth_signature=“Generated_Sig_1”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1545191139”, oauth_token=“My_OAuth_Token”, oauth_version=“1.0”’ },
‘{“event”:{“type”:“message_create”,“message_create”:{“target”:{“recipient_id”:“ID”},“message_data”:{“text”:“bboew3va7br”}}}}’ })

Response 1:

{ event:
{ type: ‘message_create’,
id: ‘Message_ID’,
created_timestamp: ‘1545191139491’,

Request 2:

{ method: ‘DELETE’,
{ ‘Content-Type’: ‘application/json’,
Accept: ‘application/json’,
‘OAuth oauth_consumer_key=“My_Oauth_Consumer_Key”, oauth_nonce=“Generated_Code”, oauth_signature=“Generated_Sig_2”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1545191139”, oauth_token=“My_OAuth_Token”, oauth_version=“1.0”’ } } )

Response 2:

{ errors: [ { code: 32, message: ‘Could not authenticate you.’ } ],



Thanks for reaching out here. You might want to take a look at our troubleshooting guide on error 32. You may want to double check the auth keys that you pulled from the Twitter app and that you are using the proper authentication.

One follow up question, do you have the code you are using to make the request here? Are you using a service like using Insomnia, or try using Twurl.

Hope this helps!



I’m using a Jest test suite to send requests (using cross-fetch Twurl works. As far as I’ve been able to deduce, the problem must be in the OAuth signature, as everything else is uniform. Read the resources you provided but haven’t found a solution.

Full code is here -

I’m trying to add a delete method (to the twitter.js file in that repo), which follows. Still have no idea why my generated OAuth signature would consistently work for GET and POST methods but not DELETE -

delete(resource, parameters) {
const { requestData, headers } = this._makeRequest(

const deleteHeaders = Object.assign({}, baseHeaders, headers);
deleteHeaders["Content-Type"] = "application/x-www-form-urlencoded";

const url = requestData.url + "?id=" + parameters;
const obj = {
  method: "DELETE",
  headers: deleteHeaders

return Fetch(url, {
  method: "DELETE",
  headers: deleteHeaders
    results => ("errors" in results ? Promise.reject(results) : results)




Thanks for following back here. Could you post the twurl command that works and the endpoint you are attempting to use?

I think you might want to try using POST /destroy not DELETE here.

Hope this helps!



The working twurl request is as follows -

twurl -X delete “/1.1/direct_messages/events/destroy.json?id=1078742420953722885”

You’ll see the endpoint where I’m sending the DELETE request as the first argument in Request 2 in my first post. I also tried switching the DELETE request to a POST request to /destroy, but got the same Code 32 error response back.


Replying so it doesn’t expire


Bump. Does Jessica Garson still work here?


@the_glasseyes apologies for the delay. Everyone on our team has their own schedules, and we all work across different timezones. I appreciate that it has been some time since you last saw activity on this topic, but it has also been a holiday period for many of us.

Have you tried tracing out the twurl command, to check the OAuth headers? - you can use the -t flag to do that to compare with what your code is doing. I tend to do this when trying to figure out what differs between code in another language, and what works in twurl.