Which API calls are allowed with Application-Only Authentication?


I have successfully gotten the Bearer Token from https://api.twitter.com/oauth2/token for my application. I am trying to use it to submit a second request to block a user using https://api.twitter.com/1.1/blocks/create.json.

I receive a 403 http error code:
“The remote server returned an error: (403) Forbidden.”

Im worried that this call does not support application only authentication but am not sure, can someone tell me where I can tell which call supports this authentication method?



Generally only read-based methods are allowed with this form of auth – you can’t use a function like blocks/create as only users can block users – app-only auth has no user context, so any method that needs a user as a participant won’t work.

Each resource documentation page will indicate a secondary rate limit for app-only if it’s supported. You can also browse the list of methods and their rate limits here: https://dev.twitter.com/docs/rate-limiting/1.1/limits


I have proceeded to build this https://dev.twitter.com/docs/auth/authorizing-request using the keys provided by my twitter application but still receive all 401’s unauthorized errors. I have tested with the test values you provide and put those into my functions and they return all the values you show on the turorial. I have also issued requests using the signature and header generated by the oAuth tool for my application and still receive the same. Is there anyone that can help me determine why I cant post the blocks/create? PLEASE and THANKS!


Here’s my test code in vb.NET. Can you see anything wront with it? Notice all the “###” strings are the keys provided by twitter in my registered application.

Protected Sub btnBlock_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnBlock.Click Try Dim oauth_signature_method = "HMAC-SHA1" 'goes in header Dim oauth_consumer_key As String = "###" 'goes in header Dim oauth_token As String = "###" 'goes in header Dim oauth_version As String = "1.0" 'goes in header Dim oauth_timestamp As String = GenerateTimeStamp() 'goes in header Dim oRandom As New Random() Dim oauth_nonce As String = GenerateNonce(oRandom) 'goes in header Dim screen_name As String = txtUserName.Text.Trim Dim sURL As String = "https://api.twitter.com/1.1/blocks/create.json" Dim sHTTPMethod As String = "POST"
	Dim dSignatureParameters As New SortedDictionary(Of String, String)
	dSignatureParameters.Add("oauth_signature_method", oauth_signature_method)
	dSignatureParameters.Add("oauth_consumer_key", oauth_consumer_key)
	dSignatureParameters.Add("oauth_token", oauth_token)
	dSignatureParameters.Add("oauth_version", oauth_version)
	dSignatureParameters.Add("oauth_timestamp", oauth_timestamp)
	dSignatureParameters.Add("oauth_nonce", oauth_nonce)
	dSignatureParameters.Add("screen_name", screen_name)

	Dim sParameterString As String = GenerateSignature(dSignatureParameters)

	Dim sSignatureBaseString = sHTTPMethod.ToUpper & "&" & HttpUtility.UrlEncode(sURL) & "&" & HttpUtility.UrlEncode(sParameterString)
	Dim oauth_consumer_secret As String = "###"
	Dim oauth_token_secret As String = "###"
	Dim sSigningKey As String = HttpUtility.UrlEncode(oauth_consumer_secret) & "&" & HttpUtility.UrlEncode(oauth_token_secret)
	Dim oauth_signature As String = ""
	Using oHasher As HMACSHA1 = New HMACSHA1(ASCIIEncoding.ASCII.GetBytes(sSigningKey)) 
		'goes in header
		oauth_signature = Convert.ToBase64String(oHasher.ComputeHash(ASCIIEncoding.ASCII.GetBytes(sSignatureBaseString)))
	End Using
	Dim dHeaderParameters As New SortedDictionary(Of String, String)
	dHeaderParameters.Add("oauth_signature_method", oauth_signature_method)
	dHeaderParameters.Add("oauth_consumer_key", oauth_consumer_key)
	dHeaderParameters.Add("oauth_token", oauth_token)
	dHeaderParameters.Add("oauth_version", oauth_version)
	dHeaderParameters.Add("oauth_timestamp", oauth_timestamp)
	dHeaderParameters.Add("oauth_nonce", oauth_nonce)
	dHeaderParameters.Add("oauth_signature", oauth_signature)
	Dim sAuthHeader As String = GenerateHeader(dHeaderParameters)

	Dim oRequest As HttpWebRequest = (HttpWebRequest).Create(sURL)
	oRequest.Method = sHTTPMethod
	oRequest.ContentType = "application/x-www-form-urlencoded;charset=UTF-8" 'or 16?
	Dim oProxy As New WebProxy("proxy.site.com", 8080)
	oProxy.Credentials = CredentialCache.DefaultCredentials
	oRequest.Proxy = oProxy

	oRequest.Headers.Add("Authorization", sAuthHeader)

	Dim sRequestBody As String = "screen_name=" & screen_name
	Dim bytes() As Byte = System.Text.Encoding.ASCII.GetBytes(sRequestBody)
	oRequest.ContentLength = bytes.Length
	Dim oRS As System.IO.Stream = oRequest.GetRequestStream()
	oRS.Write(bytes, 0, bytes.Length)

	Dim oResponse As WebResponse = oRequest.GetResponse()
	Dim oStream As Stream = oResponse.GetResponseStream()
	Dim oReadStream As New StreamReader(oStream, True)
	litResponse.Text = oReadStream.ReadToEnd()
Catch ex As Exception
	litError.Text = ex.Message
End Try

End Sub
Private Function GenerateHeader(ByVal dParameters As SortedDictionary(Of String, String)) As String
Dim sHeader As String = “OAuth “
For Each sKey As String In dParameters.Keys
sHeader &= HttpUtility.UrlEncode(sKey) & “=””” & HttpUtility.UrlEncode(dParameters(sKey)) & “”""
If sKey <> dParameters.Keys.Last Then
sHeader &= ", "
End If
Return sHeader
End Function

Private Function GenerateSignature(ByVal dParameters As SortedDictionary(Of String, String)) As String
Dim sSignature As String = ""
For Each sKey As String In dParameters.Keys
sSignature &= HttpUtility.UrlEncode(sKey) & “=” & HttpUtility.UrlEncode(dParameters(sKey))
If sKey <> dParameters.Keys.Last Then
sSignature &= "&"
End If
Return sSignature
End Function

Private Function GenerateTimeStamp() As String
Dim ts As TimeSpan = DateTime.UtcNow - New DateTime(1970, 1, 1, 0, 0, 0, 0)
Return Convert.ToInt64(ts.TotalSeconds).ToString()
End Function

Private Function GenerateNonce(ByVal oRandom As Random) As String
Dim sb As New StringBuilder
For i As Integer = 0 To 31
Dim g As Integer = oRandom.Next
Select Case g
Case 0
’ lowercase alpha
sb.Append(ChrW(oRandom.Next + 97), 1)
Exit Select
Case Else
’ numeric digits
sb.Append(ChrW(oRandom.Next + 48), 1)
Exit Select
End Select
Dim sRandom As String = sb.ToString()
Dim bytes() As Byte = Text.Encoding.ASCII.GetBytes(sRandom)
Dim sResult As String = Convert.ToBase64String(bytes)
Dim sPattern As String = "[^A-Za-z0-9]"
sResult = Regex.Replace(sResult, sPattern, “”)
Return sResult
End Function