twitter api returning: Not authorized to use this endpoint

EDIT: I was hoping abraham was wrong, but unfortunately for the time being he is absolutely correct. Its not part of the official API.

I'm trying to use the twitter api to accept a follow request on a protected account.

I have used oAuth to authenticate myself and all api endpoints work as expected.

But when I try and use http://api.twitter.com/1/friendships/accept.json

I get the following response:

{"errors":[{"code":37,"message":"Not authorized to use this endpoint"}]}

And yes, its a POST endpoint, not a GET.

There has to be a way around this. There are other applications out there that get around this in some way. Please help.

TIA

EXTRA INFO:

My POST as seen in Fiddler:

POST https://api.twitter.com/1/friendships/accept.json HTTP/1.1
Authorization: OAuth oauth_timestamp="1307086335",oauth_nonce="CxZOu9zk3IqlRMQ3s",oauth_version="1.0",oauth_signature_method="HMAC-SHA1",oauth_consumer_key="hK6dftsut8UgUICrb8d1Yw",oauth_token="304415306-yabqGaJiEOEx8NYGC7qXttoJyEbA7ycQILBKY",oauth_signature="zFtCNYzOU8XbVVHAymazkltW4Xs%3D"
Content-Type: application/x-www-form-urlencoded
Host: api.twitter.com
Content-Length: 16
Connection: Keep-Alive

user_id=45807474

And here is Twitter's as captured by Fiddler:

POST http://api.twitter.com/1/friendships/accept.json HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
Content-Length: 81
Origin: http://api.twitter.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.71 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=130451073302552267; __utmz=43838368.1304689370.3.3.utmcsr=mybroadband.co.za|utmccn=(referral)|utmcmd=referral|utmcct=/news/cellular/19383-Android-paid-market-arriving-South-Africa.html; __qca=P0-701205957-1307007945635; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; auth_token=d2f0d92a931cf954727bf6667cf38f48cb1e75f1; twid=u%3D304415306%7CUtwJgOgbvSsO8QsBhX7fM3JpcQ4%3D; twll=l%3D1307013065; external_referer=ZLhHHTiegr9ziOY2WC22JyCEc9mRpioNrN9gRZ8lMqQakz1ge%2BROzRwTTLv60GEo; k=196.33.开发者_开发百科166.196.1307022588816189; __utma=43838368.1872776221.1299681259.1307079974.1307086527.9; __utmc=43838368; __utmv=43838368.lang%3A%20en; __utmb=43838368.6.10.1307086527; lang=en; _twitter_sess=BAh7DToVaW5fbmV3X3VzZXJfZmxvdzA6CXVzZXJpBEoCJRI6DGNzcmZfaWQi%250AJWM3Zjc4ZTc4NmE0ZDFkZjRlYzEzOTNhM2QyYzkxNjdhOg5yZXR1cm5fdG8i%250AKGh0dHA6Ly90d2l0dGVyLmNvbS9zZXR0aW5ncy9hY2NvdW50OhNwYXNzd29y%250AZF90b2tlbiItZDJmMGQ5MmE5MzFjZjk1NDcyN2JmNjY2N2NmMzhmNDhjYjFl%250ANzVmMToPY3JlYXRlZF9hdGwrCJb7nVAwAToHaWQiJTU4ZmU0OGYzMTM4OWQy%250AMDAwMWE5Y2M5ZjRjZTUzZjM1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--fe9109485afb838e1b09c7425e205f3dea7a23aa

user_id=45807474&post_authenticity_token=96bc19d60674d226e5a5125995de8748035dea6f

It seems theirs has a lot more detail in the headers and they also pass a variable called post_authenticity_token Hope the extra details sheds some more light on this issue.

I've run into this issue before and it is a bug with Twitter's API. A temporary solution I found to work was switching to https. You should also file a bug report with Twitter.

Update: friendships/accept is not an official Twitter API method. I was thinking Twitter had implemented it but they have not. You will have to have users visit twitter.com to authorize followers. You can view Twitter's support API methods on dev.twitter.com.