HTTP/1.1 403 Forbidden


#1

I use Access Token and Access Token Secret by prompted to authorize your application (see picture) to get list accounts:
b

My source code:

OAuthConsumer consumer = new CommonsHttpOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);
consumer.setTokenWithSecret(token, tokenSecret);
HttpGet httpGet = new HttpGet(uri);
consumer.sign(httpGet);
HttpResponse response = httpClient.execute(httpGet);

But the response is HTTP/1.1 403 Forbidden. Can you tell me the reason? Did I miss any setting on my APP?

HttpResponseProxy{HTTP/1.1 403 Forbidden [content-disposition: attachment; filename=json.json, content-type: application/json;charset=utf-8, date: Tue, 09 Jan 2018 09:16:39 GMT, server: tsa_k, set-cookie: personalization_id=“v1_6UQz1D7fEn4RUzqL+oTIqQ==”; Expires=Thu, 09 Jan 2020 09:16:39 UTC; Path=/; Domain=.twitter.com, set-cookie: guest_id=v1%3A151548939931909110; Expires=Thu, 09 Jan 2020 09:16:39 UTC; Path=/; Domain=.twitter.com, strict-transport-security: max-age=631138519, x-access-level: read-write, x-api-version: 2.0, x-connection-hash: 7cb1a410756ed4d96252ba29f0fd76b6, x-content-type-options: nosniff, x-current-api-version: 2.0, x-frame-options: SAMEORIGIN, x-rate-limit-limit: 2000, x-rate-limit-remaining: 1997, x-rate-limit-reset: 1515490165, x-response-time: 189, x-runtime: 0.00117, x-transaction: 00d77ad2009c0c0e, x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report] org.apache.http.client.entity.DecompressingEntity@22b6c4c6}

But when I use another CONSUMER_KEY, CONSUMER_SECRET and same above souce code, it works well. Why?
I want to create new APP to test at local, because with the currently active account, I set the callback url.
If I want to test at my local, I have to set callback url to localhost.


#2

Is this specific to the Twitter Ads API?


#3

Yes, I want to use Ads API to get list of account by

GET https://ads-api.twitter.com/2/accounts/?with_deleted=true HTTP/1.1

Ah, I also do not send a submit form yet for my new APP at https://twitter.twimg.com/LP=2289.
So, do I need to do it for Developer phase.


#4

Yep! You’ll need to apply for access when trying to hit any Ads API endpoints.