Is it possible for an application to issue a status update on behalf of a user?


Just as the title says, given the correct authentication, it it possible for an application to issue a status update on behalf of a user?
If so, do you know what steps are required to achieve this?


Hello Iain,

Yes. Once the user has logged in with your application on Twitter and gave it permissions to post Tweets, you can send a Tweet on their behalf using the following endpoint and their access token:

Also, as a good practice for the user experience, please always make sure your users are expecting these Tweets to be posted on their account.


Hi Romain,

Thanks for your reply. So far I have:

However, I then tried to issue a status update on behalf of the user using the access token with: but this failed with status code 400 (Bad request).

Is this the expected way of issuing a status? Or am I doing something wrong?



I should also add that when looking at the documentation for it says that the authentication requires a user context, whereas it appears that the authentication that I am using is application-only. Are these two compatible, or is there something I need to do to obtain a user context first?

Thanks again,


App-only auth provides only a context for your application. Users are the only entities capable of tweeting on Twitter, so you’ll need to use a form of auth that supports a user context. In the Twitter REST API, that means having to use OAuth 1.0A for your requests.

In almost all cases, all write actions (like tweeting, favoriting, following, etc.) are performed by users and you’ll need to use user-based auth for the function.



Thanks for your reply, but sorry, I still don’t understand this. I am already using OAuth 1.0a and I have basically just followed this…

"Want to read or post Twitter data on behalf of visitors to your website…"

…which seems to be exactly what I want to do. After re-reading this it appears that 3-legged auth does not come under application-only authentication and is actually user-based authentication anyway (presumably because it involves obtaining an access token from the user).

Given that my application is authorised by the user and that I have obtained an access token from the user, how then does the application post on behalf of the user as described in 3-Legged Auth where it says “Want to read or post Twitter data on behalf of visitors to your website…”?

Would it be possible to indicate which endoints I need to use?

Many thanks


If you’re using that form of OAuth and have configured your application to be capable of read-write actions, then you can use [node:9703] to post on behalf of the user.


I think I have now found the problem.

I’m using C# .NET to send the HTTP POST request to statuses/update but .NET does a strange thing with the request - it does not include the provided authentication header with the initial request and will only send it if the server responds with an authentication challenge 401 (Not authorized). However, Twitter appears to respond with what looks like an incorrect error code 400 (Bad request). Therefore .NET will not retry the request and send the authorisation header.

Bizarrely, it seems impossible (?) to force .NET to send the auth header in the initial request.

A couple of questions then:

  • Have you come across this before?
  • Do you know if there is a workaround?
  • Should Twitter not be returning a 401 instead of a 400 (which would probably fix the problem)?




Is there anyone from Twitter that can help with this?

When sending a POST statuses/update.json using the standard C# HttpWebRequest library the post fails seemingly because Twitter appears to be sending an non-standard negotiate credentials response 400 instead of the standard 401 which is expected by the C# library.

Is there anything that can be done about this?