Webhooks error code 32: Could not authenticate you

yfilyk · 2017-09-21T09:56:50.527Z

Hi There,

I’m trying to create a webhook using Ruby and Faraday library. Here’s my request:

# client
#  => #<Twitter::REST::Client:0x007fd7c19015f0
# @access_token="token is here",
# @access_token_secret="secret is here",
# @consumer_key="key is here",
# @consumer_secret="secret is here">

headers = Twitter::Headers.new(client, :post, 'https://api.twitter.com/1.1/account_activity/webhooks.json')

Faraday.post do |req|
  req.url('https://api.twitter.com/1.1/account_activity/webhooks.json', url: 'http://127.0.0.1/webhooks/twitter')
  req.headers['Authorization'] = headers.oauth_auth_header.to_s
end

As far as docs go - this should work. However I get {"errors":[{"code":32,"message":"Could not authenticate you."}]} response

this is my request when executed:

#<struct Faraday::Env
   method=:post,
   body="{\"errors\":[{\"code\":32,\"message\":\"Could not authenticate you.\"}]}",
   url=#<URI::HTTPS https://api.twitter.com/1.1/account_activity/webhooks.json?url=http%3A%2F%2F127.0.0.1%2Fwebhooks%2Ftwitter>,
   request=
    #<struct Faraday::RequestOptions params_encoder=nil, proxy=nil, bind=nil, timeout=nil, open_timeout=nil, boundary=nil, oauth=nil>,
   request_headers=
    {"User-Agent"=>"Faraday v0.9.2",
     "Authorization"=>
      "OAuth oauth_consumer_key=\"secret info here\", oauth_nonce=\"secret info here\", oauth_signature=\"secret info here\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"info here\", oauth_token=\"secret info here\", oauth_version=\"1.0\"",
     "Content-Length"=>"0"},

Getting desperate. Please Help!

Yaroslav

PS:
I have applied for access for two of my applications and got response from twitter saying "Great news! We’ve granted you beta access to the Account Activity API. The app ID you submitted in your application now has the ability to access the webhooks."
A bit worried that I put two application ids in the form (app_id & app_id) instead of one. Can this be a issue?

snowman · 2017-09-21T18:38:38.434Z

Hello,

It could certainly be related to using the incorrect app ID. Beyond that, it looks like you are attempting to set up the webhook consumer to be an internal address (127.0.0.1). Are you using a tunneling service, like PageKite of ngrok?

snowman · 2017-09-21T19:01:23.993Z

Hi again,

For what’s it worth, here is a github bot/Account Activity (AA) project that is Ruby/Sinatra based. It uses the OAuth gem for AA/DM calls, and also the ‘twitter’ gem for uploading media for DMs with photos.

GitHub

jimmoffitt/snowbot

snowbot - A snow bot, of course.

yfilyk · 2017-09-22T07:52:45.398Z

Hiya,

Thanks for the AA project, I already have Streaming API working and am trying to replace it with webhooks
I thought localhost might be the problem, so tried ngrok too, but the problem remains. Also tried changing url from http to https:

Faraday.post do |req|
  req.url('https://api.twitter.com/1.1/account_activity/webhooks.json', url: 'https://54bc1a39.ngrok.io/webhooks/twitter')
  req.headers['Authorization'] = headers.oauth_auth_header.to_s
  req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
end

=> #<Faraday::Response:0x007fa14eeba388
 @env=
  #<struct Faraday::Env
   method=:post,
   body="{\"errors\":[{\"code\":32,\"message\":\"Could not authenticate you.\"}]}",

Using the same credentials for posting tweets or even streaming API works just fine.
Could you check internally whether webhooks are enabled for 12895014 and 12894888 ? I’d really appreciate that.

Thanks

freyjow · 2017-09-22T09:25:03.515Z

Hi,

I’m not an user of Ruby but maybe it will work for you : Registering a webhook url with app owner access token: 32 - Could not authenticate you

Otherwise, I has the same error and for me it was a problem with my Authorization header. I solved this in C# with RestSharp thus I can’t help you much ^^ Hope that it will help you !

Good luck !

freyjow · 2017-09-22T09:29:03.982Z

If it can help you, for solve my problem, I used fiddler and postman for the see the difference between the postman’s request and my request. It’s how I seen the difference between the authorization header.

Cya !

yfilyk · 2017-09-25T09:29:38.772Z

Thanks a lot, freyjow

I did check the Authorization header dozens of times now and it seems correct to me.
Also you can see that application/x-www-form-urlencoded content type header is there too
Will try postman to find the difference.

freyjow · 2017-09-26T09:30:31.600Z

If the request with postman works, try to swap the postman auth header with your request. If it works, the problem is from the header, otherwise I don’t know ^^
Good luck

yfilyk · 2017-09-26T10:15:31.374Z

Many Thanks for your help freyjow!

Unfortunately webhooks don’t work even with postman. I’ve tried posting a tweet and creating a webhook with same credentials. Tweet was posted without an issue but webhook still returns error code 32.

Posting Tweet:

Screen Shot 2017-09-26 at 11.01.54 am.png1612x1000 89.3 KB

Creating webhook:

Screen Shot 2017-09-26 at 11.11.10 am.png1601x984 81.9 KB

I’ll leave this for today. Tomorrow I’ll fill the application form for webhooks access again. However this time I’ll specify only one app_id, not two (app_id & app_id) like the last time.

freyjow · 2017-09-26T10:23:48.108Z

U don’t fill the good form in postman

Capture d’écran 2017-09-26 à 12.20.45.png1808x566 50.5 KB

U need to fill the form in the Body tab for the webhook.

yfilyk · 2017-09-26T10:28:01.824Z

yfilyk:

application/x-www-form-urlencoded

Ha, you are absolutely right! After changing request to what you have on your screenshot I’m getting 214 error which is definitely a progress!

Screen Shot 2017-09-26 at 11.26.54 am.png1612x572 53.9 KB

I’ll investigate this now. Thanks!

freyjow · 2017-09-26T10:35:08.373Z

No problem !
Good luck for the rest

yfilyk · 2017-09-26T10:51:14.435Z

For future googlers:

After changing ngrok url from http to https everything seems to work.
I think I need a drink…

Thanks again freyjow, that’s all thanks to you mate

paymymeterUSA · 2018-09-27T07:17:26.962Z

Hello,

I am facing similar issue.
Following is the code I am trying:
string env_name = “xxxxxxxx”;
string resourceUrl=$“https://api.twitter.com/1.1/account_activity/all/{env_name}/webhooks.json”;

string postBody = “url=” + Uri.EscapeDataString(url);
string oauth_consumer_key = AuthContext.ConsumerKey;
string oauth_consumerSecret = AuthContext.ConsumerSecret;
string oauth_signature_method = “HMAC-SHA1”;
string oauth_version = “1.0”;
string oauth_token = AuthContext.AccessToken;
string oauth_token_secret = AuthContext.AccessSecret;
string oauth_nonce = Convert.ToBase64String(new ASCIIEncoding().GetBytes(DateTime.Now.Ticks.ToString()));
TimeSpan timeSpan = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
string oauth_timestamp = Convert.ToInt64(timeSpan.TotalSeconds).ToString();
SortedDictionary<string, string> basestringParameters = new SortedDictionary<string, string>;
basestringParameters.Add(“url”, Uri.EscapeDataString(url));
basestringParameters.Add(“oauth_version”, oauth_version);
basestringParameters.Add(“oauth_consumer_key”, oauth_consumer_key);
basestringParameters.Add(“oauth_nonce”, oauth_nonce);
basestringParameters.Add(“oauth_signature_method”, oauth_signature_method);
basestringParameters.Add(“oauth_timestamp”, oauth_timestamp);
if (!string.IsNullOrEmpty(oauth_token))
basestringParameters.Add(“oauth_token”, oauth_token);
//Build the signature string
StringBuilder baseString = new StringBuilder();
baseString.Append(“POST” + “&”);
baseString.Append(EncodeCharacters(Uri.EscapeDataString(resourceUrl) + “&”));
foreach (KeyValuePair<string, string> entry in basestringParameters)
{
baseString.Append(EncodeCharacters(Uri.EscapeDataString(entry.Key + “=” +
entry.Value + “&”)));
}
/GS - Remove the trailing ambersand char, remember
//it’s been urlEncoded so you have to remove the
//last 3 chars - %26
string finalBaseString = baseString.ToString().Substring(0, baseString.Length - 3);
/Build the signing key
string signingKey = EncodeCharacters(Uri.EscapeDataString(oauth_consumerSecret)) + “&” +
EncodeCharacters(Uri.EscapeDataString(oauth_token_secret));
//Sign the request
HMACSHA1 hasher = new HMACSHA1(new ASCIIEncoding().GetBytes(signingKey));
string signatureString = Convert.ToBase64String(hasher.ComputeHash(new ASCIIEncoding().GetBytes(finalBaseString)));
//Tell Twitter we don’t do the 100 continue thing
ServicePointManager.Expect100Continue = false;
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(@resourceUrl);
StringBuilder authorizationHeaderParams = new StringBuilder();
authorizationHeaderParams.Append(“OAuth “);
authorizationHeaderParams.Append(“oauth_nonce=” + “”” + Uri.EscapeDataString(oauth_nonce) + “”,”);
authorizationHeaderParams.Append(“oauth_signature_method=” + “”" + Uri.EscapeDataString(oauth_signature_method) + “”,");
authorizationHeaderParams.Append(“oauth_timestamp=” + “”" + Uri.EscapeDataString(oauth_timestamp) + “”,");
authorizationHeaderParams.Append(“oauth_consumer_key=” + “”" + Uri.EscapeDataString(oauth_consumer_key) + “”,");
if (!string.IsNullOrEmpty(oauth_token))
authorizationHeaderParams.Append(“oauth_token=” + “”" + Uri.EscapeDataString(oauth_token) + “”,");
authorizationHeaderParams.Append(“oauth_signature=” + “”" + Uri.EscapeDataString(signatureString) + “”,");
authorizationHeaderParams.Append(“oauth_version=” + “”" + Uri.EscapeDataString(oauth_version) + “”");
webRequest.Headers.Add(“Authorization”, authorizationHeaderParams.ToString());
webRequest.Method = “POST”;
webRequest.ContentType = “application/x-www-form-urlencoded”;
Stream stream = webRequest.GetRequestStream();
byte[] bodyBytes = new ASCIIEncoding().GetBytes(postBody);
stream.Write(bodyBytes, 0, bodyBytes.Length);
stream.Flush();
stream.Close();
/Allow us a reasonable timeout in case Twitter’s busy
webRequest.Timeout = 3 * 60 * 1000;
try
{
HttpWebResponse webResponse = webRequest.GetResponse() as HttpWebResponse;
Stream dataStream = webResponse.GetResponseStream();
// Open the stream using a StreamReader for easy access.
StreamReader reader = new StreamReader(dataStream);
// Read the content.
string responseFromServer = reader.ReadToEnd();
}
catch (Exception ex)
{
}

I am always getting following error:
“Could not authenticate you”

The URL I am trying to register for webhook is:
https://xxxxxxx.azurewebsites.net/api/webhook/twitter

The keys I am providing is correct. Also I have access to Account Activity API (Premium) because get webhooks, verify_credentials are working fine. I am facing this issue with create webhook.
Can anyone help me fixing this?

Thanks,

LeBraat · 2018-09-28T19:06:30.001Z

@paymymeterUSA

Have you read through our troubleshooting section yet?