Server-side Auth of client tokens: results in code 99 unable to verify your credentials - authenticity_token_error


I’m trying to authenticate Unity clients, created using

So far, I have tested on iOS. The client is very simple. It performs a login and outputs the values for TwitterSession.authToken.token and TwitterSession.authToken.secret.

However, when I try to do a “basic” REST request on the server, it fails to authenticate. This is how I’m testing server side authentication from the command line:

curl --request 'POST' '' --header 'Authorization: Basic '$(echo [TOKEN]:[SECRET] | base64) --header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --data "grant_type=client_credentials" --verbose

  • with [TOKEN]:[SECRET] replaced with the values from the Unity client running on iOS

I always get this response:

{"errors":[{"code":99,"message":"Unable to verify your credentials","label":"authenticity_token_error"}]}

Has anyone got any ideas?


Hey there! A couple of things- Twitter uses OAuth 1.0 for sign in, not 2.0, so the endpoint you’re trying to hit wouldn’t give you what you need.

There’s an overview doc of the different scenarios you might be interested in for your app and the type of auth you should use for each here:

Are you interested in using the /verify_credentials endpoint to make sure that the user credentials are valid? Or were you just trying to make another REST call that for some reason wasn’t working?


Thanks so much for the pointers. A colleague has already managed to steer me the right way on this one. you’re exactly right - I did want /verify_credentials but didn’t understand how to oauth sign the request