Perhaps it was a real Tweet which was subsequently deleted? This is exactly why Twitter can’t (or at least probably shouldn’t) implement signed API responses. A nice property of Twitter as it stands is that, if you delete a post, it is no longer possible to prove that you ever posted it. Your best option would be to use something like the Wayback Machine, but even then you can’t prove it. If they signed their API responses, then suddenly deleting a post would become less effective. If you’d captured the signature, you could prove that the post did exist with that content. This isn’t necessarily desirable­ (see non-repudiation1). In fact, this is something that many secure communication systems are designed to make impossible (TCP, Axolotl (Signal Protocol), etc.). Whether Twitter should offer Delete functionality across the board is another discussion, but while they do, implementing signed API responses would hobble it.