EDIT: I was hoping abraham was wrong, but unfortunately for the time being he is absolutely correct. Its not part of the official API.
I’m trying to use the twitter api to accept a follow request on a protected account.
I have used oAuth to authenticate myself and all api endpoints work as expected.
But when I try and use http://api.twitter.com/1/friendships/accept.json
I get the following response:
{"errors":[{"code":37,"message":"Not authorized to use this endpoint"}]}
And yes, its a POST endpoint, not a GET.
There has to be a way around this. There are other applications out there that get around this in some way.
Please help.
TIA
EXTRA INFO:
My POST as seen in Fiddler:
POST https://api.twitter.com/1/friendships/accept.json HTTP/1.1
Authorization: OAuth oauth_timestamp="1307086335",oauth_nonce="CxZOu9zk3IqlRMQ3s",oauth_version="1.0",oauth_signature_method="HMAC-SHA1",oauth_consumer_key="hK6dftsut8UgUICrb8d1Yw",oauth_token="304415306-yabqGaJiEOEx8NYGC7qXttoJyEbA7ycQILBKY",oauth_signature="zFtCNYzOU8XbVVHAymazkltW4Xs%3D"
Content-Type: application/x-www-form-urlencoded
Host: api.twitter.com
Content-Length: 16
Connection: Keep-Alive
user_id=45807474
And here is Twitter’s as captured by Fiddler:
POST http://api.twitter.com/1/friendships/accept.json HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
Content-Length: 81
Origin: http://api.twitter.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.71 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130451073302552267; __utmz=43838368.1304689370.3.3.utmcsr=mybroadband.co.za|utmccn=(referral)|utmcmd=referral|utmcct=/news/cellular/19383-Android-paid-market-arriving-South-Africa.html; __qca=P0-701205957-1307007945635; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; auth_token=d2f0d92a931cf954727bf6667cf38f48cb1e75f1; twid=u%3D304415306%7CUtwJgOgbvSsO8QsBhX7fM3JpcQ4%3D; twll=l%3D1307013065; external_referer=ZLhHHTiegr9ziOY2WC22JyCEc9mRpioNrN9gRZ8lMqQakz1ge%2BROzRwTTLv60GEo; k=196.33.166.196.1307022588816189; __utma=43838368.1872776221.1299681259.1307079974.1307086527.9; __utmc=43838368; __utmv=43838368.lang%3A%20en; __utmb=43838368.6.10.1307086527; lang=en; _twitter_sess=BAh7DToVaW5fbmV3X3VzZXJfZmxvdzA6CXVzZXJpBEoCJRI6DGNzcmZfaWQi%250AJWM3Zjc4ZTc4NmE0ZDFkZjRlYzEzOTNhM2QyYzkxNjdhOg5yZXR1cm5fdG8i%250AKGh0dHA6Ly90d2l0dGVyLmNvbS9zZXR0aW5ncy9hY2NvdW50OhNwYXNzd29y%250AZF90b2tlbiItZDJmMGQ5MmE5MzFjZjk1NDcyN2JmNjY2N2NmMzhmNDhjYjFl%250ANzVmMToPY3JlYXRlZF9hdGwrCJb7nVAwAToHaWQiJTU4ZmU0OGYzMTM4OWQy%250AMDAwMWE5Y2M5ZjRjZTUzZjM1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--fe9109485afb838e1b09c7425e205f3dea7a23aa
user_id=45807474&post_authenticity_token=96bc19d60674d226e5a5125995de8748035dea6f
It seems theirs has a lot more detail in the headers and they also pass a variable called
post_authenticity_token
Hope the extra details sheds some more light on this issue.
I’ve run into this issue before and it is a bug with Twitter’s API. A temporary solution I found to work was switching to https. You should also file a bug report with Twitter.
Update:
friendships/acceptis not an official Twitter API method. I was thinking Twitter had implemented it but they have not. You will have to have users visit twitter.com to authorize followers. You can view Twitter’s support API methods on dev.twitter.com.