Why does my Twitter OAuth API call to update status fail, but other calls work?

Question

This is the raw HTTP call that I make to verify authentication. It returns the expected response:

GET /1/account/verify_credentials.xml HTTP/1.1
Authorization: OAuth oauth_token="12556442-pndSo1mf2i1ToPSbAyLH4qBBDHmtyutjbvMLckGER",oauth_consumer_key="ih75ityikrTdIwB9kQ",oauth_nonce="6wIbdfxL",oauth_signature_method="HMAC-SHA1",oauth_signature="7DUW5TLtntryndfhU5dSXARg%3D",oauth_version="1.0",oauth_timestamp="1267805254"
Host: api.twitter.com

This is a call that I (try) to make, which is intended to update the users status:

POST /1/statuses/update.xml HTTP/1.1
Authorization: OAuth oauth_token="1252356242-pndSo1mf2i1ToPSfghfghfQoMLckGER",oauth_consumer_key="ih75i83BXdfhnfghnfgQ",oauth_nonce="CJ9dfgXs",oauth_signature_method="HMAC-SHA1",oauth_signature="bSD7aXUdfghdfghfghfghoU%3D",oauth_version="1.0",oauth_timestamp="1267235407"
Content-Type: application/x-www-form-urlencoded
Host: api.twitter.com
Content-Length: 11
Connection: Keep-Alive

status=blah

The response that I get back from twitter for this second request is as follows:

HTTP/1.1 401 Unauthorized
Date: Fri, 05 Mar 2010 16:17:18 GMT
Server: hi
Status: 401 Unauthorized
WWW-Authenticate: Basic realm="Twitter API"
Content-Type: application/xml; charset=utf-8
Content-Length: 135
Cache-Control: no-cache, max-age=1800
Set-Cookie: guest_id=12672352252251; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGsdgsdhdrhvdrthvdthd0%250ANDdkZTEyZjczZTY3ZGE4YmQ5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--0eb657ba0esdrvthdtdtgcdrtgc0ece8f1460; domain=.twitter.com; path=/
Expires: Fri, 05 Mar 2010 16:47:17 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<hash>
  <request>/1/statuses/update.xml</request>
  <error>Incorrect signature</error>
</hash>

Any idea what could be going wrong?

• Note, the OAuth tokens and stuff have been scrambled of course.

Answer 1

i got similar problem ...401 unauthorized ...using php i was following the examples in http://www.snipe.net/2009/07/writing-your-first-twitter-application-with-oauth/

until i discovered the parameters 'POST' and $data was swapped in the line $content = $to->OAuthRequest('https://twitter.com/statuses/update.xml','POST',$data);

maybe it is your case too?

maybe not anyway i found that tutorial very useful

cheer

Answer 2

Solved:

Even though I had to make this call a POST request, the actual parameters couldn't be in the POST body. I put the status variable in the query string on the request and it worked fine.

Answer 3

POST parameters are fed into the hash that produces the signature, so you have to make sure they are included when you calculate it.