{"errors":[{"message":"Could not authenticate you","code":32}]}


read my response below , i think it should be helpful and yes i too got it for the first time after 1.1 but am not 100% sure about the version change being the only culprit


I do appreciate your try, but that’s not the cause of error for me. I’ve changed everything according to V1.1 specifications and I don’t see positive results yet:

/1/ to /1.1/
xml to json
oauth_nonce=32-byte random string / 16-byte random string (I used 12 for API v1)

It has to be something to do with POST methods as GETs work OK (of course I have write permissions). I wonder if resetting the consumer key will help, even though it’s not necessary according to Twitter…



In my case, with /statuses/update, it appeared to be the nonce, which should be exactly 32 characters 0…9, a…f. (upper or lowercase doesn’t matter).
Testing with the oauth tool, using the nonce generated revealed this.

If you changed your app rights from read-only to write, regenerate your keys.

Tip: follow the example from the docs, using their keys, nonce, timestamp and status, and see if your signature matches theirs. Then change to API 1.1 and use a correct timestamp, keys and nonce. Check your request with the oauth tool to see if your header matches, fire your request with a tool like postman.

Another issue: some API’s don’t work if your browser is connected to twitter while testing!

For what it’s worth: I did not put my status (text) in the body of the request, but as an url parameter. This works fine.

Some users getting a 32 error

Same issue after switching to version 1.1.

It worked okay for a while then suddenly error code 32 ‘Could Not Authenticate You’ .

Need a solution ASAP.


the same issue when using API 1.1

I still get the message ‘Could not authenticate you’ with code 32 despite the advice above.


Same problem here. My App was working (using Twitter-async) for sign in this morning but it’s now showing the same error as above. I’ve also had the rate limit error (88) briefly before resetting my keys.


I have an interesting version of this problem based on just changing the search term. I’m using the /1.1/search/tweets.json access point in python with the standard oauth2 library. Using the exact same user and app credentials:

A request with an english (latin-1) search term yields a valid search result.

However, a URL with a UTF-8 encoded search term generates the “Could not authenticate you.” error.

The encoded query term is the arabic word “دمشق”, which is the city name Damascus.

I’ve been working on this a bit since the close of the v1 api. I’ve tried a number of things, but now I’m open to some additional suggestions.


I have same issue. OAuth trouble.
But, one different.
The problem does not happen by the connection from the Japan.
By the connection from the American area, it occurs using the same script.
I need any solution idea.


If you are using the API to extract a single tweet I have found a solution to the error code 32 ’ could not authenticate issue.

If you already have consumer keys and access tokens then just use codebird.php.

It is listed in the twitter API documentation.


You just need to add the directory titled ‘src’ to your root directory and then use this code

<?php require_once (src/codebird.php'); \Codebird\Codebird::setConsumerKey('Your Key', 'Your Secret'); $cb = \Codebird\Codebird::getInstance(); $cb->setToken('Your Token', 'Your Token Secret'); $cb->setReturnFormat(CODEBIRD_RETURNFORMAT_JSON); $reply = $cb->users_show('screen_name=twitter'); $entity = json_decode($reply,1); echo "
echo "
"; ?>

The output is identical to the one obtained using cURL and a GET request for a single entry from a users timeline using: https://api.twitter.com/1.1/statuses/user_timeline.json?scr&count=1


Just to add, I’ve been having similar issues, something I put down to the WinInet DLL doing something weird over https BUT I’ve now got it working and have answered my own post on this here:


Hopefully this will be of use to people having similar problems.


To me it looks like Twitter is not interested in developer issues. Tried now also the 32 character approach, but still same issue.
Really sad twitter is not willing to help.


Had same problem with search/twitter API, php curl.

SOLVED by assuring that the signature base string is exactly the same used by the remote server authentication:

  1. base string:

    • parameters in strict alphabetical order (oAuth parameters and querystring parameters together)
    • query string (key=value&key1=value1…) must have values rawencoded (rawencode php function).
    • base string URL and parameters mus be rawencoded (this causes that the values of the querystring are double rawencoded)
  2. curl GET call (CURLOPT_URL) must use the URI ( with query string appended). As usual querystring values must be rawencoded.

Hope this helps.


I had the same problem until i started copy and pasting my PHP code. For some reason the accesstokensecret started with a empty TAB. This was unnoticeable in CODA 2. So here is my tip: Copy and paste the keys in a simple notepad++ or something to see all TAB spaces are gone.

Hope this helps.


I walked through the pain of implementing an OAuth 1.1 lib in Dart language.

Here’s a summary of things that made me hit my head against the wall:

  • Base string parameters need to be sorted by alphabetical order.
  • Don’t forget to encode, and always use proper encoding. A proper encoder should be based on RFC 3986! This means, replace all chars that match this RegEx: [^0-9a-zA-Z-_~.] with a percent encoded version. There are lots of encoders that aren’t entirely RFC 3986 compliant so be aware of that.
  • Signature base string starts always with the type of request (POST or GET). After that, it has a query-LESS URL. e.g. “GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Ffriends%2Fids.json” – without query parameters, because they come later as alphabetically-sorted along with other params like “oauth_consumer_key” etc.


I’ve got some problem with searching for username, The thing is if i don’t add @ before username everything works fine. Below I pasted oAuth signature (was veryfied to be ok) and my code. I tried using @, %40, urlencode whole part after ?.

GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fsearch%2Ftweets.json&count%3D10%26oauth_consumer_key%3DbqBVvhqLSap8BSePS6geA%26oauth_nonce%3D1372926412%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1372926412%26oauth_token%3D166090304-reVVvAbbpg40kNsH125ZppRIcExyfaJupG1Qeljq%26oauth_version%3D1.0%26q%3D%252540diamondring $twitter_rss_base = "https://api.twitter.com/1.1/search/tweets.json"; $twitter_rss = $twitter_rss_base . "?count=10&q=%40diamondrings"; $oauth = array( 'count' => 10, 'oauth_consumer_key' => $consumer_key, 'oauth_nonce' => time(), 'oauth_signature_method' => 'HMAC-SHA1', 'oauth_token' => $oauth_access_token, 'oauth_timestamp' => time(), 'oauth_version' => '1.0', 'q' => "%40diamondrings" );

$base_info = buildBaseString($twitter_rss_base1, ‘GET’, $oauth);
$composite_key = rawurlencode($consumer_secret) . ‘&’ . rawurlencode($oauth_access_token_secret);
$oauth_signature = base64_encode(hash_hmac(‘sha1’, $base_info, $composite_key, true));
$oauth[‘oauth_signature’] = $oauth_signature;

$header = array(buildAuthorizationHeader($oauth), ‘Expect:’);
$options = array( CURLOPT_HTTPHEADER => $header,
CURLOPT_URL => $twitter_rss1,

$ch = curl_init();
curl_setopt_array($ch, $options);
$twitterJson = curl_exec($ch);
$responseInfo = curl_getinfo($ch);

function buildBaseString($baseURI, $method, $params) {
$r = array();
foreach($params as $key=>$value){
$r[] = “$key=” . rawurlencode($value);
return $method."&" . rawurlencode($baseURI) . ‘&’ . rawurlencode(implode(’&’, $r));

function buildAuthorizationHeader($oauth) {
$r = 'Authorization: OAuth ‘;
$values = array();
foreach($oauth as $key=>$value)
$values[] = “$key=”" . rawurlencode($value) . “”";
$r .= implode(’, ', $values);
return $r;


If it’s any help, I was getting then error when users were searching for Tweets with text copied from Microsoft Word, it was changing quote characters to non-standard (“ and ” instead of " and " ). Odd I know! So make sure you correctly sanitize and URL Encode any user input you get.


I eventually got this to work by resetting my keys as per some previous suggestions.


Now I can get user_timeline, I can search, can retweet, but at status update I get the {“errors”:[{“message”:“Could not authenticate you”,“code”:32} message. My base string looks exactly the same as generated in OAuth tool.

Why at each and every request it must be something different to the other requests? This is really annoying…


And by the way: Why are the examples so different? At the site with the example to create a signature the Base sting looks like this:


And if I click at the use the OAuth tool it looks looks like this:

And another example, if I click the button on the page POST statuses/update to Generate OAuth signature the result is:

So sometimes I should use include_entities=true, sometimes not, and sometimes use trim_user=true. So please tell me witch of this examples are correct?



My program search tweets against a search phrase and display using c#. Code was like that:

string URL = http://search.twitter.com/search.json?lang=en&q=SOME_SEARCH_CRITERIA
WebClient c = new WebClient();
var data = c.DownloadString(URL);
string strJSON = data.ToString();

As api 1.0 is expired so can anyone explain what should I do to perform the same functionality using OAuth etc with detail using c#.

I am unable to go through OAuth.

Thanks in advance