HTTP/1.1 403 Forbidden


I use Access Token and Access Token Secret by prompted to authorize your application (see picture) to get list accounts:

My source code:

OAuthConsumer consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
consumer.setTokenWithSecret(token, tokenSecret);
HttpGet httpGet = new HttpGet(uri);
HttpResponse response = httpClient.execute(httpGet);

But the response is HTTP/1.1 403 Forbidden. Can you tell me the reason? Did I miss any setting on my APP?

HttpResponseProxy{HTTP/1.1 403 Forbidden [content-disposition: attachment; filename=json.json, content-type: application/json;charset=utf-8, date: Tue, 09 Jan 2018 09:16:39 GMT, server: tsa_k, set-cookie: personalization_id=“v1_6UQz1D7fEn4RUzqL+oTIqQ==”; Expires=Thu, 09 Jan 2020 09:16:39 UTC; Path=/;, set-cookie: guest_id=v1%3A151548939931909110; Expires=Thu, 09 Jan 2020 09:16:39 UTC; Path=/;, strict-transport-security: max-age=631138519, x-access-level: read-write, x-api-version: 2.0, x-connection-hash: 7cb1a410756ed4d96252ba29f0fd76b6, x-content-type-options: nosniff, x-current-api-version: 2.0, x-frame-options: SAMEORIGIN, x-rate-limit-limit: 2000, x-rate-limit-remaining: 1997, x-rate-limit-reset: 1515490165, x-response-time: 189, x-runtime: 0.00117, x-transaction: 00d77ad2009c0c0e, x-xss-protection: 1; mode=block; report=] org.apache.http.client.entity.DecompressingEntity@22b6c4c6}

But when I use another CONSUMER_KEY, CONSUMER_SECRET and same above souce code, it works well. Why?
I want to create new APP to test at local, because with the currently active account, I set the callback url.
If I want to test at my local, I have to set callback url to localhost.


Is this specific to the Twitter Ads API?


Yes, I want to use Ads API to get list of account by


Ah, I also do not send a submit form yet for my new APP at
So, do I need to do it for Developer phase.


Yep! You’ll need to apply for access when trying to hit any Ads API endpoints.