1

I've generated Access Tokens in the Settings/..../ Keys and Access Tokens page and now have a

  • Consumer Key
  • Consumer Secret Key
  • Owner ID (even though this was probably already generated)
  • Access Token
  • Access Token Secret

and am using a rest client to test being able to pull the latest 3 statuses using this api end point

https://api.twitter.com/1.1/statuses/user_timeline.json?user_id=userIdHere&count=3

as well as the following headers

  • Accept: /
  • Connection: close
  • User-Agent: OAuth gem v0.4.4
  • Content-Type: application/x-www-form-urlencoded
  • Content-Length: 76
  • Host: api.twitter.com
  • Authorization: OAuth
    • oauth_consumer_key=
    • oauth_signature=
    • oauth_signature_method=
    • oauth_timestamp=
    • oauth_token=
    • oauth_version=

obviously the 'userIdHere' in the end point address (above) is substituted with my username (i know i can also use my user_id, but that's beside the point) as well as the 'Authorization' values being substituted for real values. That's where my question lies...

What is the mapping for each of the 'oauth...' authorization parameters to their associated Twitter generated and provided Token or key(s) (which were mention near the top of the post)?

I keep getting a '400 Bad Request' response and feel that it is the authorization that is failing in that the permutations of key placements is incorrect. I do not know which value goes to which 'oauth...' value

finally, the structure of the 'Authorization' parameter header is as follows (as per instruction here from the Twitter EXAMPLE) as one line string value

OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318622958", oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", oauth_version="1.0" )

I am just trying to use a GET to get the last 3 statuses and have not been able to. Also, i plan to switch the values to Environmental Variables, but that doesn't matter yet..

UPDATE using Postman now, and it's better at mapping, but now am getting 

    {

"errors": [ { "code": 32, "message": "Could not authenticate you." } ] }

user2403316
  • 178
  • 1
  • 12

1 Answers1

2

For the Postman part make sure that you leave Timestamp and nonce empty and hit "update request" before you hit send. That will generate timestamp and nonce - otherwise you will get authorization failures every time. I just tried it with my twitter API credentials and it works.

For Oauth gem code, I find it strange that you have a Content-Type and a Content-Length header for a GET request. Looks like the 400 Bad request could be because you are attempting to do a POST to an endpoint that only supports GET. Indeed when I try to do a POST to that endpoint it tells me.

{
  "errors": [
    {
      "code": 86,
      "message": "This method requires a GET or HEAD."
    }
  ]
}

So the 400 is actually good news - it means that authorization works, you are just calling the API in the wrong way.

Jon Nylander
  • 8,743
  • 5
  • 34
  • 45