I started noticing 403 responses from some accounts this afternoon (30.Oct.2012). Both the direct_messages and direct_messages/sent APIs are returning the following response body:
{
"errors": [
{
"message": "This application is not allowed to access or delete your direct messages",
"code": 93
}
]
}
This is not happening on all accounts, just a few of my test accounts. I revoked access using Settings > App on the Twitter website on one of these accounts and tried again: the problem persists. I also tried switching the consumer key and secret to force an OAuth authentication and that didn’t help either.
The request header looks like this:
GET /1.1/direct_messages.json?count=50&include_entities=1
Accept-Encoding: gzip
Authorization: OAuth realm="Twitter", oauth_version="1.0", oauth_consumer_key="5CAYV1DR5uwhVRJDBrepw", oauth_token="36183-mgJohiU6dm1NsTOXuBSw8RHhjTka3ZLgpHOiNbHpaa8", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1351640494", oauth_nonce="vPt8XX2bnvL6IzFn", oauth_signature="T%2BDk0kupwsoOm0vcH0bUVgpAqG4%3D"
The response header looks like this:
HTTP/1.1 403 Forbidden
Content-Type: application/json; charset=utf-8
X-Transaction: 1847c0951b233e12
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-Runtime: 0.02709
Set-Cookie: k=10.35.101.123.1351640494695691; path=/; expires=Tue, 06-Nov-12 23:41:34 GMT; domain=.twitter.com, guest_id=v1%3A135164049469952391; domain=.twitter.com; path=/; expires=Fri, 31-Oct-2014 11:41:34 GMT, dnt=; domain=.twitter.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT, lang=en; path=/, lang=en; path=/, _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCHsyDbQ6ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTVm%250AMzg2YzI1ZjlkMzY0MDUwNDA5NWQwODZhODAxYjE4Ogxjc3JmX2lkIiU5NDFl%250AMTc0NzIyZTkzZTcyNjI1MWJhZmI2ZDVkNTQyMw%253D%253D--de8df8b3798cb123dced315bc812d9c492ca2b2e; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Tue, 31 Mar 1981 05:00:00 GMT
X-Rate-Limit-Limit: 15
X-Rate-Limit-Remaining: 9
Server: tfe
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Date: Tue, 30 Oct 2012 23:41:34 GMT
Content-Length: 113
X-MID: d6e58c75741fe67d0eca80e98e5ccf6f585ac34d
X-Rate-Limit-Reset: 1351640738
Status: 403 Forbidden
Last-Modified: Tue, 30 Oct 2012 23:41:34 GMT
Is anyone else seeing this problem? If so, where is the right place to submit a bug report these days?
