6

I'm successfully able to get an access token through the OAuth process.

However, when I try to run a POST to the /statuses/update.json endpoint, I get a "Could not authenticate with OAuth."

I'm signing with the token I got back from authenticating with my consumer secret, I don't understand what else could be.

Twitter forums were no help either.

Any tips would be greatly appreciated.

john
  • 33,520
  • 12
  • 45
  • 62
  • First, try some GET request with your keys (something like statuses/home_timeline which requires authentication). Does it work? – Shcheklein Jul 29 '11 at 13:54
  • 10
    Make sure your server clock is synced with Twitter or some other well-known time server. If it is more than 15 minutes apart, Twitter will say bad signature and fail. – Eran Hammer Jul 29 '11 at 17:39
  • 1
    i was experiencing exacty the same problem (c/liboauth/maemo5) - everything flowed through fine up to getting the access token (with screen name etc) - but when i made a rest call (even just a read) i got this same error... reading Eran's comment i noticed that the clock of the vm i was working in was an hour out! and now it works :) so, Thank you Eran - your comment should be an answer, +1. – fusi Aug 04 '11 at 01:47
  • Did you solve this? I run into the same problem just today. – Jernej Strasner Jan 18 '12 at 16:14

1 Answers1

1

Making authenticated calls to Twitter can be a pain.

Make sure that the parameters in your signature base string are ordered alphabetically.

Take this:

oauth_consumer_key={consumerkey}&oauth_nonce={nonce}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={timestamp}&oauth_token={token}&oauth_version=1.0&status={tweet text}

fill out the values, encode it in Base64, and then put it together like this:

POST&{base64 encoded url}&{base64 encoded base string}

this will be the string you need to sign (without the brackets). (The url in this case will be https://api.twitter.com/1.1/statuses/update.json)

The signing key needs to be built like this:

{consumer secret}&{token secret}

The signature is a HMACSHA1 hash, which is then base64 encoded.

Then you need to put this in the Authorization header:

OAuth oauth_consumer_key="{consumer key}",oauth_nonce="{nonce}",oauth_signature="{signature}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{timestamp}",oauth_token="{token}",oauth_version="1.0"

And finally put status=your tweet text as the posted data in your request.

I hope this helps.

parachutingturtle
  • 147
  • 1
  • 5