Webhooks error code 32: Could not authenticate you



Hi There,

I’m trying to create a webhook using Ruby and Faraday library. Here’s my request:

# client
#  => #<Twitter::REST::Client:0x007fd7c19015f0
# @access_token="token is here",
# @access_token_secret="secret is here",
# @consumer_key="key is here",
# @consumer_secret="secret is here">

headers = Twitter::Headers.new(client, :post, 'https://api.twitter.com/1.1/account_activity/webhooks.json')

Faraday.post do |req|
  req.url('https://api.twitter.com/1.1/account_activity/webhooks.json', url: '')
  req.headers['Authorization'] = headers.oauth_auth_header.to_s

As far as docs go - this should work. However I get {"errors":[{"code":32,"message":"Could not authenticate you."}]} response :frowning:

this is my request when executed:

#<struct Faraday::Env
   body="{\"errors\":[{\"code\":32,\"message\":\"Could not authenticate you.\"}]}",
   url=#<URI::HTTPS https://api.twitter.com/1.1/account_activity/webhooks.json?url=http%3A%2F%2F127.0.0.1%2Fwebhooks%2Ftwitter>,
    #<struct Faraday::RequestOptions params_encoder=nil, proxy=nil, bind=nil, timeout=nil, open_timeout=nil, boundary=nil, oauth=nil>,
    {"User-Agent"=>"Faraday v0.9.2",
      "OAuth oauth_consumer_key=\"secret info here\", oauth_nonce=\"secret info here\", oauth_signature=\"secret info here\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"info here\", oauth_token=\"secret info here\", oauth_version=\"1.0\"",

Getting desperate. Please Help!

  • Yaroslav

I have applied for access for two of my applications and got response from twitter saying "Great news! We’ve granted you beta access to the Account Activity API. The app ID you submitted in your application now has the ability to access the webhooks."
A bit worried that I put two application ids in the form (app_id & app_id) instead of one. Can this be a issue?

Could not authenticate you when setting webhook


It could certainly be related to using the incorrect app ID. Beyond that, it looks like you are attempting to set up the webhook consumer to be an internal address ( Are you using a tunneling service, like PageKite of ngrok?


Hi again,

For what’s it worth, here is a github bot/Account Activity (AA) project that is Ruby/Sinatra based. It uses the OAuth gem for AA/DM calls, and also the ‘twitter’ gem for uploading media for DMs with photos.



Thanks for the AA project, I already have Streaming API working and am trying to replace it with webhooks :slightly_smiling_face:
I thought localhost might be the problem, so tried ngrok too, but the problem remains. Also tried changing url from http to https:

Faraday.post do |req|
  req.url('https://api.twitter.com/1.1/account_activity/webhooks.json', url: 'https://54bc1a39.ngrok.io/webhooks/twitter')
  req.headers['Authorization'] = headers.oauth_auth_header.to_s
  req.headers['Content-Type'] = 'application/x-www-form-urlencoded'

=> #<Faraday::Response:0x007fa14eeba388
  #<struct Faraday::Env
   body="{\"errors\":[{\"code\":32,\"message\":\"Could not authenticate you.\"}]}",

Using the same credentials for posting tweets or even streaming API works just fine.
Could you check internally whether webhooks are enabled for 12895014 and 12894888 ? I’d really appreciate that.




I’m not an user of Ruby but maybe it will work for you : Registering a webhook url with app owner access token: 32 - Could not authenticate you

Otherwise, I has the same error and for me it was a problem with my Authorization header. I solved this in C# with RestSharp thus I can’t help you much ^^ Hope that it will help you !

Good luck ! :smiley:


If it can help you, for solve my problem, I used fiddler and postman for the see the difference between the postman’s request and my request. It’s how I seen the difference between the authorization header.

Cya !


Thanks a lot, freyjow

I did check the Authorization header dozens of times now and it seems correct to me.
Also you can see that application/x-www-form-urlencoded content type header is there too :frowning:
Will try postman to find the difference.


If the request with postman works, try to swap the postman auth header with your request. If it works, the problem is from the header, otherwise I don’t know ^^
Good luck :slight_smile:


Many Thanks for your help freyjow!

Unfortunately webhooks don’t work even with postman. I’ve tried posting a tweet and creating a webhook with same credentials. Tweet was posted without an issue but webhook still returns error code 32.

Posting Tweet:

Creating webhook:

I’ll leave this for today. Tomorrow I’ll fill the application form for webhooks access again. However this time I’ll specify only one app_id, not two (app_id & app_id) like the last time.


U don’t fill the good form in postman :smiley:

U need to fill the form in the Body tab for the webhook.


Ha, you are absolutely right! After changing request to what you have on your screenshot I’m getting 214 error which is definitely a progress!

I’ll investigate this now. Thanks!


No problem !
Good luck for the rest :smile:


For future googlers:

After changing ngrok url from http to https everything seems to work.
I think I need a drink…

Thanks again freyjow, that’s all thanks to you mate :slightly_smiling_face:



I am facing similar issue.
Following is the code I am trying:
string env_name = “xxxxxxxx”;
string resourceUrl=$“https://api.twitter.com/1.1/account_activity/all/{env_name}/webhooks.json”;

string postBody = “url=” + Uri.EscapeDataString(url);
string oauth_consumer_key = AuthContext.ConsumerKey;
string oauth_consumerSecret = AuthContext.ConsumerSecret;
string oauth_signature_method = “HMAC-SHA1”;
string oauth_version = “1.0”;
string oauth_token = AuthContext.AccessToken;
string oauth_token_secret = AuthContext.AccessSecret;
string oauth_nonce = Convert.ToBase64String(new ASCIIEncoding().GetBytes(DateTime.Now.Ticks.ToString()));
TimeSpan timeSpan = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
string oauth_timestamp = Convert.ToInt64(timeSpan.TotalSeconds).ToString();
SortedDictionary<string, string> basestringParameters = new SortedDictionary<string, string>;
basestringParameters.Add(“url”, Uri.EscapeDataString(url));
basestringParameters.Add(“oauth_version”, oauth_version);
basestringParameters.Add(“oauth_consumer_key”, oauth_consumer_key);
basestringParameters.Add(“oauth_nonce”, oauth_nonce);
basestringParameters.Add(“oauth_signature_method”, oauth_signature_method);
basestringParameters.Add(“oauth_timestamp”, oauth_timestamp);
if (!string.IsNullOrEmpty(oauth_token))
basestringParameters.Add(“oauth_token”, oauth_token);
//Build the signature string
StringBuilder baseString = new StringBuilder();
baseString.Append(“POST” + “&”);
baseString.Append(EncodeCharacters(Uri.EscapeDataString(resourceUrl) + “&”));
foreach (KeyValuePair<string, string> entry in basestringParameters)
baseString.Append(EncodeCharacters(Uri.EscapeDataString(entry.Key + “=” +
entry.Value + “&”)));
/GS - Remove the trailing ambersand char, remember
//it’s been urlEncoded so you have to remove the
//last 3 chars - %26
string finalBaseString = baseString.ToString().Substring(0, baseString.Length - 3);
/Build the signing key
string signingKey = EncodeCharacters(Uri.EscapeDataString(oauth_consumerSecret)) + “&” +
//Sign the request
HMACSHA1 hasher = new HMACSHA1(new ASCIIEncoding().GetBytes(signingKey));
string signatureString = Convert.ToBase64String(hasher.ComputeHash(new ASCIIEncoding().GetBytes(finalBaseString)));
//Tell Twitter we don’t do the 100 continue thing
ServicePointManager.Expect100Continue = false;
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(@resourceUrl);
StringBuilder authorizationHeaderParams = new StringBuilder();
authorizationHeaderParams.Append(“OAuth “);
authorizationHeaderParams.Append(“oauth_nonce=” + “”” + Uri.EscapeDataString(oauth_nonce) + “”,”);
authorizationHeaderParams.Append(“oauth_signature_method=” + “”" + Uri.EscapeDataString(oauth_signature_method) + “”,");
authorizationHeaderParams.Append(“oauth_timestamp=” + “”" + Uri.EscapeDataString(oauth_timestamp) + “”,");
authorizationHeaderParams.Append(“oauth_consumer_key=” + “”" + Uri.EscapeDataString(oauth_consumer_key) + “”,");
if (!string.IsNullOrEmpty(oauth_token))
authorizationHeaderParams.Append(“oauth_token=” + “”" + Uri.EscapeDataString(oauth_token) + “”,");
authorizationHeaderParams.Append(“oauth_signature=” + “”" + Uri.EscapeDataString(signatureString) + “”,");
authorizationHeaderParams.Append(“oauth_version=” + “”" + Uri.EscapeDataString(oauth_version) + “”");
webRequest.Headers.Add(“Authorization”, authorizationHeaderParams.ToString());
webRequest.Method = “POST”;
webRequest.ContentType = “application/x-www-form-urlencoded”;
Stream stream = webRequest.GetRequestStream();
byte[] bodyBytes = new ASCIIEncoding().GetBytes(postBody);
stream.Write(bodyBytes, 0, bodyBytes.Length);
/Allow us a reasonable timeout in case Twitter’s busy
webRequest.Timeout = 3 * 60 * 1000;
HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse;
Stream dataStream = webResponse.GetResponseStream();
// Open the stream using a StreamReader for easy access.
StreamReader reader = new StreamReader(dataStream);
// Read the content.
string responseFromServer = reader.ReadToEnd();
catch (Exception ex)

I am always getting following error:
“Could not authenticate you”

The URL I am trying to register for webhook is:

The keys I am providing is correct. Also I have access to Account Activity API (Premium) because get webhooks, verify_credentials are working fine. I am facing this issue with create webhook.
Can anyone help me fixing this?




Have you read through our troubleshooting section yet?