We are having a issue with the Ads API for Twitter, we are using the python SDK provided on the website (

We implemented the 3-legged authorization method, if we check on the accounts settings for 2 of ours clients we can see we have the permissions, I attached an example image of one of our clients.
58 PM

The issue that we are having is when we try to access the information of the account of our clients through the api.

The request URL: /2/accounts/18ce54lif6b
And the response error that we are getting is:
“twitter_ads.error.Forbidden: <Forbidden object at 0x1061aa870 code=403 details=[{u’message’: u’Account 18ce54lif6b was not found’, u’code’: u’NOT_FOUND’}]>”

We try to do the same for others clients accounts and all the response was the same.


@M8agency: Thanks for the question.

What user are you authenticated as when making the request?

When instantiating the Client() class, pass in trace=True. Then, try making the request again and share the full response you see (including the response headers).


Good Morning Juan! Thanks for your response.

Here you have all the response that I got. I intentionally change the ACCESS_TOKEN and the CONSUMER_KEY for security reasons, please let me know if you need it.

I’m making the request with the credentials that I got from the app that I created. Here you have more info in case that you need it:

company user: @M8agency
the App ID: 14239837
the email that I applied for the Twitter Ads API access:

DEBUG:requests_oauthlib.oauth1_auth:Signing request <PreparedRequest [GET]> using client
DEBUG:requests_oauthlib.oauth1_auth:Including body in call to sign: False
DEBUG:oauthlib.oauth1.rfc5849:Collected params: [(u’oauth_nonce’, u’137542455788427119381510234241’), (u’oauth_timestamp’, u’1510234241’), (u’oauth_consumer_key’, u’*********************cgjD’), (u’oauth_signature_method’, u’HMAC-SHA1’), (u’oauth_version’, u’1.0’), (u’oauth_token’, u’36129515-*************************************6z0d’)]
DEBUG:oauthlib.oauth1.rfc5849:Normalized params: oauth_consumer_key=*********************cgjD&oauth_nonce=137542455788427119381510234241&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1510234241&oauth_token=36129515-****************6z0d&oauth_version=1.0
DEBUG:oauthlib.oauth1.rfc5849:Normalized URI:
DEBUG:oauthlib.oauth1.rfc5849:Signing: signature base string: GET&
DEBUG:oauthlib.oauth1.rfc5849:Signature: vo7I6V72Hfvm/AlT2cfJvurFwJw=
DEBUG:oauthlib.oauth1.rfc5849:Encoding URI, headers and body to utf-8.
DEBUG:requests_oauthlib.oauth1_auth:Updated url:
DEBUG:requests_oauthlib.oauth1_auth:Updated headers: {‘Accept’: '
’, ‘Connection’: ‘keep-alive’, ‘Accept-Encoding’: ‘gzip, deflate’, ‘Authorization’: ‘OAuth oauth_nonce=“137542455788427119381510234241”, oauth_timestamp=“1510234241”, oauth_version=“1.0”, oauth_signature_method=“HMAC-SHA1”, oauth_consumer_key="*********************cgjD", oauth_token=“36129515-*************************************6z0d”, oauth_signature=“vo7I6V72Hfvm%2FAlT2cfJvurFwJw%3D”’, ‘user-agent’: ‘twitter-ads version: 1.2.3 platform: Python 2.7 (CPython/darwin)’}
DEBUG:requests_oauthlib.oauth1_auth:Updated body: None
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1):
send: ‘GET /2/accounts/18ce54lif6b HTTP/1.1\r\nHost:\r\nAccept: /\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAuthorization: OAuth oauth_nonce=“137542455788427119381510234241”, oauth_timestamp=“1510234241”, oauth_version=“1.0”, oauth_signature_method=“HMAC-SHA1”, oauth_consumer_key="*********************cgjD", oauth_token=“36129515-*************************************6z0d”, oauth_signature=“vo7I6V72Hfvm%2FAlT2cfJvurFwJw%3D”\r\nuser-agent: twitter-ads version: 1.2.3 platform: Python 2.7 (CPython/darwin)\r\n\r\n’
reply: ‘HTTP/1.1 403 Forbidden\r\n’
header: content-disposition: attachment; filename=json.json
header: content-encoding: gzip
header: content-length: 125
header: content-type: application/json;charset=utf-8
header: date: Thu, 09 Nov 2017 13:30:41 GMT
header: server: tsa_d
header: set-cookie: personalization_id=“v1_2yui6pPtJfSzuidCA3qyXg==”; Expires=Sat, 09 Nov 2019 13:30:41 UTC; Path=/;
header: set-cookie: guest_id=v1%3A151023424181940634; Expires=Sat, 09 Nov 2019 13:30:41 UTC; Path=/;
header: strict-transport-security: max-age=631138519
header: x-access-level: read
header: x-api-version: 2.0
header: x-connection-hash: aba5da99ab88c0028b8315ae3f939f76
header: x-content-type-options: nosniff
header: x-current-api-version: 2.0
header: x-frame-options: SAMEORIGIN
header: x-rate-limit-limit: 2000
header: x-rate-limit-remaining: 1999
header: x-rate-limit-reset: 1510235141
header: x-response-time: 160
header: x-runtime: 0.014608
header: x-transaction: 005fba3700dd736c
header: x-xss-protection: 1; mode=block
DEBUG:urllib3.connectionpool: “GET /2/accounts/18ce54lif6b HTTP/1.1” 403 125
Traceback (most recent call last):
File “”, line 16, in
account = client.accounts(id=ACCOUNT_ID)
File “/Users/m8/Desktop/working/tw_ads_sdk/v_env/lib/python2.7/site-packages/twitter_ads/”, line 89, in accounts
return Account.load(self, id) if id else Account.all(self)
File “/Users/m8/Desktop/working/tw_ads_sdk/v_env/lib/python2.7/site-packages/twitter_ads/”, line 47, in load
response = Request(client, ‘get’, resource, params=kwargs).perform()
File “/Users/m8/Desktop/working/tw_ads_sdk/v_env/lib/python2.7/site-packages/twitter_ads/”, line 72, in perform
raise Error.from_response(response)
twitter_ads.error.Forbidden: <Forbidden object at 0x10c7b6870 code=403 details=[{u’message’: u’Account 18ce54lif6b was not found’, u’code’: u’NOT_FOUND’}]>

Thanks in advance for your help.


Thanks for this, @M8agency. It’s quite helpful.

It looks like you’re authenticated as user ID 36129515 (M8agency). The ads account you’re trying to access—18ce54lif6b—belongs to a different user. You need to be authenticated as that user to gain access to their ads account.

Please let me know if this helps clarify.



Thanks for your response Juan!

Let me give you more information, maybe will help us to understand the situation.

M8 Agency is a Digital Marketing and Advertising Company, we have clients using Twitter Ads, we have a automatics data collections process for alls the platforms that we used.
We are pretty new to Twitter Ads API, we create an application M8agency (ID 36129515). I’m trying to access to our client’s Ads Accounts for that we first implement the 3-legged OAuth method, ( If we check the accounts settings for our clients we can see we application have the permissions if you check the first comment you can find the image example.

Hope this info can clarify the situation.


@M8agency: Thanks for the additional information. If you’ve obtained the user’s tokens—the owner of ads account 18ce54lif6b (not M8agency)—using the 3-legged OAuth flow, then you’re close. Make sure to use that user’s tokens when making requests. This post may also be helpful.


Thanks so much Juan, I just needed to add the ads manager role to M8Agency and it’s works.
Best Regards,


Thanks for following up. Just make sure to note the rate limit limitations when using an ads account permission. The information is listed in the doc you previously posted.


Thank you!
Best Reagards