From Postman to PHP: Can't Properly Generate an Oauth 1 Signature

Question

I’m having a rough time getting a simple Oauth 1 api call to work. I’ve figured out how to access the data I want via Postman and have made successful calls for lists, starred items, etc. If I copy an already-run call from postman and rerun it locally, as long as the timestamp is the timeout time (3 minutes) the api will accept it and I’ll be able to receive and parse the json data.

I've tested and run all of the elements of the code in isolation and everything seems to work fine... What seems to not work is generating a proper signature.

Full code is below... Any help is appreciated!

<?php

// Include Manually Entered Credentials
include 'credentials.php';

####################################

// GENERATE TIMESTAMP:
$oathtimestamp = time();

// GENERATE NONCE:
function generateNonce() {
    $length = 15;
    $chars='1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM';
    $ll = strlen($chars)-1;
    $o = '';
    while (strlen($o) < $length) {
      $o .= $chars[ rand(0, $ll) ];
      }
    return $o;
    }

$oathnonce = generateNonce();

####################################

// API Determinants
$APIurl = "https://www.example.com/api/";

####################################

// GENERATE Oath1 Signature:
$signatureMethod = "HMAC-SHA1";
$oathVersion = "1.0";

      $base =  "POST&".$APIurl."&"."folder_id=starred"."&limit=25"."&oauth_consumer_key=".$oauth_consumer_key."&oauth_nonce=".$oathnonce."&oauth_signature_method=".$signatureMethod."&oauth_timestamp=".$oathtimestamp."&oauth_token=".$oauth_token."&oauth_version=".$oathVersion."&x_auth_mode=client_auth"."&x_auth_password=".$x_auth_password."&x_auth_username=".$x_auth_username;
      //echo $base;

      $key = $oauth_consumer_key."&".$oath_tokenSecret;
      //echo $key; 

      $signature = base64_encode(hash_hmac('sha1', $oauth_consumer_key, $key));
      //echo $signature;

      $oath_getstringlength =     
        "folder_id=starred".
        "&limit=25".
        "&oauth_consumer_key=".$oauth_consumer_key.
        "&oauth_nonce=".$oathnonce.
        "&oauth_signature=".$signature.
        "&oauth_signature_method=".$signatureMethod.
        "&oauth_timestamp=".$oathtimestamp.
        "&oauth_token=".$oauth_token.
        "&oauth_version=".$oathVersion.
        "&x_auth_mode=client_auth".
        "&x_auth_password=".$x_auth_password.
        "&x_auth_username=".$x_auth_username;

      $oath_stringlength = strlen($oath_getstringlength);
      //echo $oath_stringlength;

####################################

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://www.example.com/api/",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => 
    "folder_id=starred".
    "&limit=25".
    "&oauth_consumer_key=".$oauth_consumer_key.
    "&oauth_nonce=".$oathnonce.
    "&oauth_signature=".$signature.
    "&oauth_signature_method=".$signatureMethod.
    "&oauth_timestamp=".$oathtimestamp.
    "&oauth_token=".$oauth_token.
    "&oauth_version=".$oathVersion.
    "&x_auth_mode=client_auth".
    "&x_auth_password=".$x_auth_password.
    "&x_auth_username=".$x_auth_username,
  CURLOPT_HTTPHEADER => array(
    "Accept: */*",
    "Accept-Encoding: gzip, deflate",
    "Cache-Control: no-cache",
    "Connection: keep-alive",
    "Content-Length: $oath_stringlength",
    "Content-Type: application/x-www-form-urlencoded",
    "Host: www.example.com",
    "User-Agent: curlAPICall",
    "cache-control: no-cache"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "... cURL Error #:" . $err;
} else {
  echo $response;
  $jsonresponse = json_decode($response, true);
  print_r($jsonresponse);
}

?>