I am trying to create my first successful API request.
I want to post on my twitter account.
I have created the developer account and generated consumer key and secret as well as access token and secret.
I have also obtained the bearer token.

I want to post on Twitter using the 1.1 version API.
I want to do it with no framework or library. Just good old cURL and PHP.

Here is what I have come up with ...

$api_endpoint = "https://api.twitter.com/1.1/statuses/update.json";
$authorization = "Authorization: OAuth oauth_consumer_key=\"{$settings['consumer_key']}\", oauth_consumer_secret=\"{$settings['consumer_secret']}\", oauth_token=\"{$settings['access_token']}\", oauth_token_secret=\"{$settings['access_token_secret']}\"";

$status = 'Hello World';

$ch = curl_init();

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization ));
curl_setopt($ch, CURLOPT_URL, $api_endpoint);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
   'status' => $status
]);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$response = curl_exec($ch);

curl_close($ch);

$result = json_decode($response, true);
print_r($result);

It's returning: Array ( [errors] => Array ( [0] => Array ( [code] => 215 [message] => Bad Authentication data. ) ) )

I am trying this but it returns an error ...

$api_endpoint = "https://api.twitter.com/2/tweets";
$authorization = "Authorization: Bearer {$settings['bearer_token']}";

$text = 'Hello World';

$ch = curl_init();

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization));
curl_setopt($ch, CURLOPT_URL, $api_endpoint);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
   'text' => $text
]);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$response = curl_exec($ch);

curl_close($ch);

$result = json_decode($response, true);
print_r($result);

Array ( [title] => Unsupported Authentication [detail] => Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint. Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context]. [type] => https://api.twitter.com/2/problems/unsupported-authentication [status] => 403 )

Do I need to use consumer key and secret? or access token and secret? How should I use them.
I am sorry but I am new to APIs

It seems as if you have to use OAuth to authenticate on behalf of your user (or whomever you want your application to post tweets on the behalf of). How did you generate the authorization bearer_token? It seems as if that's just a token to authenticate on behalf of your app, not on behalf of an end-user of your app/Twitter, which is what you need to do here.

When I go here I see that they offer four different authentication methods. It looks like OAuth 1.0a as well as OAuth 2.0 Authorization Code Flow with PKCE are the two that allow you to authenticate on behalf of a Twitter account.

Do you have experience with using OAuth to authenticate on behalf of an end-user?

OK, so I have some more time right now to explain in greater detail. When you post a tweet, you're app is basically acting on behalf of an end-user. Twitter, or X, or whatever they call themselves now, needs your end-user to go through the process of authenticating and then authorizing your app to tweet on their behalf ... kinda like Sign In with Facebook or Sign In with Google type of thing.

So an end-user of your app will click a link within your app to connect your app to twitter. They will then be redirected to twitter to authenticate (e.g. log into their twitter account, if they aren't already logged in). They'll then be asked to authorize your app to tweet on their behalf. They'll click accept, and it will redirect back to your app along with an access token. Your app can then use that access token in the cURL request to tweet.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.