This project has moved and is read-only. For the latest updates, please go here.

Which of the Twitter Keys do you use for App-Only access

Sep 26, 2014 at 1:49 PM
I generated an app on the Twitter site and gave it default read-only access (as I only want to read tweets not POST them)

Twitter generate a number of keys for me:

Under "Application settings" there are
API key
API secret
Owner Id

and under "Your access token" there are different
Access token:
Access token secret:

I have written an authorizer like this
    private static IAuthorizer DoApplicationOnlyAuth()
        var auth = new ApplicationOnlyAuthorizer()
            CredentialStore = new InMemoryCredentialStore
                ConsumerKey    = ApiKey,
                ConsumerSecret = ApiSecret
        return auth;
and its called like this.
    public async Task Search(string input)
        var auth = DoApplicationOnlyAuth();
        await auth.AuthorizeAsync();

             store tokens for later use
             and do some searching
but I always get a 403:
{"errors":[{"code":99,"label":"authenticity_token_error","message":"Unable to verify your credentials"}]}
Which twitter says is likely to be Invalid "Bearer Tokens" or "Expired Bearer Tokens"

So my question is which of the twitter provide information should I be using in ConsumerKey and ConsumerSecret to allow app-only access.

Sep 26, 2014 at 4:24 PM

ApiKey and ApiSecret are correct. I can't see anything wrong with your code, so it must be the keys or App settings. I can see you're receiving a 403 and maybe Twitter API is starting to provide more granular error messages instead of making all authentication errors a 401. You might want to review the 401 section of the LINQ to Twitter FAQ: