Getting 403 responses from direct_messages and direct_messages/sent using authenticated account


I started noticing 403 responses from some accounts this afternoon (30.Oct.2012). Both the direct_messages and direct_messages/sent APIs are returning the following response body:

  "errors": [
      "message": "This application is not allowed to access or delete your direct messages",
      "code": 93

This is not happening on all accounts, just a few of my test accounts. I revoked access using Settings > App on the Twitter website on one of these accounts and tried again: the problem persists. I also tried switching the consumer key and secret to force an OAuth authentication and that didn’t help either.

The request header looks like this:

GET /1.1/direct_messages.json?count=50&include_entities=1
Accept-Encoding: gzip
Authorization: OAuth realm="Twitter", oauth_version="1.0", oauth_consumer_key="5CAYV1DR5uwhVRJDBrepw", oauth_token="36183-mgJohiU6dm1NsTOXuBSw8RHhjTka3ZLgpHOiNbHpaa8", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1351640494", oauth_nonce="vPt8XX2bnvL6IzFn", oauth_signature="T%2BDk0kupwsoOm0vcH0bUVgpAqG4%3D"

The response header looks like this:

HTTP/1.1 403 Forbidden
Content-Type: application/json; charset=utf-8
X-Transaction: 1847c0951b233e12
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-Runtime: 0.02709
Set-Cookie: k=; path=/; expires=Tue, 06-Nov-12 23:41:34 GMT;, guest_id=v1%3A135164049469952391;; path=/; expires=Fri, 31-Oct-2014 11:41:34 GMT, dnt=;; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT, lang=en; path=/, lang=en; path=/, _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCHsyDbQ6ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTVm%250AMzg2YzI1ZjlkMzY0MDUwNDA5NWQwODZhODAxYjE4Ogxjc3JmX2lkIiU5NDFl%250AMTc0NzIyZTkzZTcyNjI1MWJhZmI2ZDVkNTQyMw%253D%253D--de8df8b3798cb123dced315bc812d9c492ca2b2e;; path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-Rate-Limit-Limit: 15
X-Rate-Limit-Remaining: 9
Server: tfe
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Date: Tue, 30 Oct 2012 23:41:34 GMT
Content-Length: 113
X-MID: d6e58c75741fe67d0eca80e98e5ccf6f585ac34d
X-Rate-Limit-Reset: 1351640738
Status: 403 Forbidden
Last-Modified: Tue, 30 Oct 2012 23:41:34 GMT

Is anyone else seeing this problem? If so, where is the right place to submit a bug report these days?


Currently investigating a very similar report. Thanks for brining it up!


Here’s an issue you can follow that I’ll update as I get more information:



Thanks for the quick response, Taylor. Let me know if you need any more information/data from my end.


I am also seeing this on the Tweedle application that belongs to this account.


This situation should be improving presently but will take a bit longer to fully resolve.


At least on my test account I can confirm it is not presenting that error anymore.


I am still getting a very high number of these for my clients. Should I open another issue?