Ouath2/token always 403


I’m trying to get an app-only bearer token but I’m always getting a 403. I have double checked that I properly encoded the consumer key and secret. Here is the curl request I’m making:

curl --request 'POST' 'https://api.twitter.com/oauth2/token' --header 'Authorization: "Basic UH..........................lF", Content-Type: "application/x-www-form-urlencoded;charset=UTF-8", Accept-Encoding: "gzip"' --data "grant_type=client_credentials" --verbose

And I’m getting this response with a 403 status:

{"errors":[{"code":99,"label":"authenticity_token_error","message":"Unable to verify your credentials"}]}

Thanks for any help!


Same problem here. I created my Twitter account and app only a few hours ago though. Could it be that it takes a little time before the API is available?

curl --request 'POST' 'https://api.twitter.com/oauth2/token' --header 'Authorization: "Basic N0_BASE64_BEARER_TOKEN_CREDENTIALS_UQ==", Content-Type: "application/x-www-form-urlencoded;charset=UTF-8"' --data "grant_type=client_credentials" --verbose


Actually found the answer for this, your curl command is incorrect. It should be

curl --request ‘POST’ ‘https://api.twitter.com/oauth2/token’ --header ‘Authorization: Basic TOKEN’ --header ‘Content-Type: application/x-www-form-urlencoded;charset=UTF-8’ --data “grant_type=client_credentials” --verbose


I just tried with:

$ curl --request ‘POST’ ‘https://api.twitter.com/oauth2/token’ --header ‘Authorization: Basic TOKEN’ --header ‘Content-Type: application/x-www-form-urlencoded;charset=UTF-8’ --data “grant_type=client_credentials” --verbose

And still got a code 99 error - any other ideas?


I’ve just had some success! Twitter settings for my application i clicked reset all keys. That gave me a new consumer key and consumer secret and using those worked fine.


Thanks @StarcutM1 that worked!


@StarcutM1 You just saved my life! Thanks a lot :slight_smile:


Just incase anyone else finds this useful conversation:

I was also not able to get a app-bearer only token. It turned out that my problem was with creating the BASE64 encoded string.

I used this command:

echo 'STRING' | base64

Which implicitly adds a new line at the end of the string before it is piped to base64,
Instead of this

echo -n 'STRING' | base64

Which does not append a newline before piping to the base64 command.


@eraticus, I just wasted 2 hours of googling/experimenting before seeing your comment. It was a life-saver. Thank you!