Getting the error while App-only Authentication..please help


body: {“errors”:[{“label”:“authenticity_token_error”,“code”:99,“message”:“Unable to verify your credentials”}]}
Sometimes I am getting this error randomly…while using App only authentication.
Can anyone please help me out…


On which step or API method are you receiving this? How often are you calling the method?


I am using App-only authentication using consumer key and consumer secret,which in turns generate the bearer token.I using trying to get the user info using GET user/show.Is there any specific limit for calling this method.Thanks.


@episod Please could you help me with this error…I am not able to solve this issue…


Hello, May be you have forgotten Basic in your Authorisation header.


@yalamber Hello,Thanks for your response.Can you plaese elaborate with authorisation header…


i have wroten this for simplicity.


Same here but I noticed that mine works as it should every half-hour or so.
This lead me to believe it was the result of rate/limiting on the API.

I then watched the rate limits for my app using the 1.1/application/rate_limit_status.json API.
Didn’t come close to the limit before it stopped working again and received this error 99.



Have you looked at the “Common Errors” section of [node:13439]? We cover error code 99 there.


@theSeanCook - the three suggestions on that page for “error 99” didn’t seem to help for me.

I ended up caching the tweets and only pulling from the API once every minute (based on use). This ended my error 99 issues and probably was the way I needed to go in the first place (lazy developer outed).

I guess my dreamwish would have been that the error code not be so vague.
Thanks for your help.


We were periodically (every 20-40 minutes) getting this error while calling It would last a minute or two and then the error would magically go away. It was not due to rate limiting.

Upon inspection, we were calling this API method prior to every other API method. But this was unnecessary since the access token it generates is always the same (unless you invalidate it). By caching this access token in our app the errors went away.


Would the “Obtain a bearer token too frequently in a short period of time.” item hold true EVEN if you INVALIDATE the token?


why would you not link to this? I cannot find this page anywhere and having same code 99 issue.