Code 32: Could not authenticate you - DELETE method



Can POST direct message, cannot DELETE direct message.

RWD Permissions are set to read, write, & direct message, oauth consumer key / tokens newly generated and implemented.

Using oauth-1.0a

Request 1:

{ method: ‘POST’,
{ ‘Content-Type’: ‘application/json’,
Accept: ‘application/json’,
‘OAuth oauth_consumer_key=“My_Oauth_Consumer_Key”, oauth_nonce=“Generated_Code”, oauth_signature=“Generated_Sig_1”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1545191139”, oauth_token=“My_OAuth_Token”, oauth_version=“1.0”’ },
‘{“event”:{“type”:“message_create”,“message_create”:{“target”:{“recipient_id”:“ID”},“message_data”:{“text”:“bboew3va7br”}}}}’ })

Response 1:

{ event:
{ type: ‘message_create’,
id: ‘Message_ID’,
created_timestamp: ‘1545191139491’,

Request 2:

{ method: ‘DELETE’,
{ ‘Content-Type’: ‘application/json’,
Accept: ‘application/json’,
‘OAuth oauth_consumer_key=“My_Oauth_Consumer_Key”, oauth_nonce=“Generated_Code”, oauth_signature=“Generated_Sig_2”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1545191139”, oauth_token=“My_OAuth_Token”, oauth_version=“1.0”’ } } )

Response 2:

{ errors: [ { code: 32, message: ‘Could not authenticate you.’ } ],



Thanks for reaching out here. You might want to take a look at our troubleshooting guide on error 32. You may want to double check the auth keys that you pulled from the Twitter app and that you are using the proper authentication.

One follow up question, do you have the code you are using to make the request here? Are you using a service like using Insomnia, or try using Twurl.

Hope this helps!



I’m using a Jest test suite to send requests (using cross-fetch Twurl works. As far as I’ve been able to deduce, the problem must be in the OAuth signature, as everything else is uniform. Read the resources you provided but haven’t found a solution.

Full code is here -

I’m trying to add a delete method (to the twitter.js file in that repo), which follows. Still have no idea why my generated OAuth signature would consistently work for GET and POST methods but not DELETE -

delete(resource, parameters) {
const { requestData, headers } = this._makeRequest(

const deleteHeaders = Object.assign({}, baseHeaders, headers);
deleteHeaders["Content-Type"] = "application/x-www-form-urlencoded";

const url = requestData.url + "?id=" + parameters;
const obj = {
  method: "DELETE",
  headers: deleteHeaders

return Fetch(url, {
  method: "DELETE",
  headers: deleteHeaders
    results => ("errors" in results ? Promise.reject(results) : results)




Thanks for following back here. Could you post the twurl command that works and the endpoint you are attempting to use?

I think you might want to try using POST /destroy not DELETE here.

Hope this helps!



The working twurl request is as follows -

twurl -X delete “/1.1/direct_messages/events/destroy.json?id=1078742420953722885”

You’ll see the endpoint where I’m sending the DELETE request as the first argument in Request 2 in my first post. I also tried switching the DELETE request to a POST request to /destroy, but got the same Code 32 error response back.


Replying so it doesn’t expire


Bump. Does Jessica Garson still work here?


@the_glasseyes apologies for the delay. Everyone on our team has their own schedules, and we all work across different timezones. I appreciate that it has been some time since you last saw activity on this topic, but it has also been a holiday period for many of us.

Have you tried tracing out the twurl command, to check the OAuth headers? - you can use the -t flag to do that to compare with what your code is doing. I tend to do this when trying to figure out what differs between code in another language, and what works in twurl.


Yes, all the OAuth header fields in the twurl request and are identical, apart from the OAuth signature and nonce.


I was so thrilled to see a welcome badge and that Twitter staff are liking my post. Really makes me feel part of a community where people are being kind.


Glad to hear Jessica Garson still works here, she was by far the most helpful Twitter staff member I’ve come across. Weird she hasn’t posted since December, though.


These are community supported forums for the APIs; and individuals may not always be able to respond to every question in as timely a manner as you’d prefer; nor are Twitter employees guaranteed to have a fixed answer on a fixed timescale.

It’s also not at all appropriate to call out individual forum members on that basis, and I’d ask you to respect that.

Let’s be completely clear (for my benefit), and rewind here. So far as I can understand your original question: you’re stating that - using node.js - when you issue a DELETE to the /1.1/direct_messages/events/destroy.json endpoint, you are consistently seeing an error. Have you reproduced this using eg curl, httpie, insomnia or postman? Is this just happening in Javascript code? What libraries are you using?

closed #13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.