[twitter-dev] Re: 401 Unauthorized in Python/Twisted app

[Taylor Singletary]

Hi Eryn,

I'm not too familiar with the Twisted framework or its implementation
of OAuth, so take what I recommend with a grain of salt.

* Access tokens generated through the OAuth flow on Twitter,
regardless of the technique used (PIN code, xAuth, vanilla OAuth) are
long-lived and do not expire until the end-user makes an explicit
effort to revoke the access. You store the access token and access
token secret.

* While OAuth in theory should "just work" when it works in one spot,
there's a great amount of variation in the amount of "wrongness" that
given services will tolerate when evaluating the credentials. Long-
term, we're working to normalize the entire validation procedure
across all of our services, but in reality the streaming API and the
REST API use different OAuth engines to evaluate the validity of the
request -- the streaming API's OAuth verification is considerably
stricter than the REST API's more forgiving implementation.

* I notice that your authorization header is missing a oauth_timestamp
parameter -- is that a copy and paste error? Do you know how to locate
the OAuth signature base string in the Python library you are using --
it can often be buried under private or protected methods but the
string is invaluable in debugging issues like this.

Thanks,
Taylor

On Jun 24, 7:54 pm, Eryn Wells  wrote:
> Hello all,
>
> I'm quite new to OAuth and the Twitter API, and this is my first post to this 
> list.
>
> I'm working on an app in Python using the Twisted framework. It uses 
> brosner's fork of python-oauth2[1] to do the initial authentication and 
> subsequent request signing. I'm using the PIN code flow for authentication. 
> Do access tokens need to be generated every time you start the app, or can 
> they be stored between runs and reused? If so, how long are the valid? Right 
> now, my code writes the access token and secret out to a file and recovers it 
> the next time it starts. The procedure seems to go just fine – I don't get 
> any errors – but I can't really verify that everything is Correct because I 
> don't really know what I'm looking for…
>
> Second thing, I'm at the point where I'm trying to do the initial connection 
> tohttps://userstream.twitter.com/2/user.json. I'm using SSLConnect and 
> web.HTTPClient, if that helps… I write out the command (GET ), and the 
> headers (a Host and an Authorization header). The OAuth library generates the 
> following Authorization header content. I get back a 401 Unauthorized error 
> with a WWW-Authenticate: Basic header. I've heard from @twitterapi that User 
> Streams require OAuth, so why am I getting a Basic auth response?
>
> OAuth realm="Firehose", oauth_nonce="25622603816219309853125867384777", 
> oauth_consumer_key="", oauth_signature_method="HMAC-SHA1", 
> oauth_version="1.0", oauth_token="", 
> oauth_signature="1AV5YG4DsfCV4jDoQcOCOmxZ2Gw%3D"
>
> Anything obvious there that I'm doing wrong?
>
> Thanks,
> Eryn

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

[twitter-dev] Re: 401 unauthorized on blackberry after appending ";interface=wifi"

[waits]

The problem could be the length of status or encoding of status is
invalid or status in not be included in the sign base string. I have a
workable integration now. Check the code here

https://github.com/Yincan/blackberry_twitter_oauth

On Apr 14, 5:58 am, Mickey  wrote:
> Still receiving401during update status.
>
> There are 2 parts of my code that uses the HttpConnection where I was
> adding connection transport string.
> 1. To get the OAuth access token. The end point is "https://
> api.twitter.com/oauth/request_token".
> I removed the code to add transport string here. So my signature
> should not contain the transport string.
>
> 2. Doing an update, the URL thus becomes "http://api.twitter.com/1/
> statuses/update.json;interface=wifi"
> The result is still401.
>
> Any idea?
>
> Thanks
>
> On Apr 13, 4:04 pm, Naveen  wrote:
>
>
>
>
>
>
>
> > There are two possible issue you are having..
>
> > Most likely you simply need to append the network transport AFTER all
> > signatures have been generated. If you append it before, then those
> > additional characters are being included in the signature but the
> >BlackBerrydoes not actually send that part of the connection string
> > to anyone, it is only used internally.
>
> > Less likely but possible, the WIFI you are using is routing you
> > redirecting to you a landing page to login to the WIFI access.
>
> > --Naveen Ayyagari
> > SocialScope
>
> > On Apr 13, 12:41 pm, Mickey  wrote:
>
> > > Hi
>
> > > Onblackberrywith httpConnection, I need to add network transport
> > > string such as ";interface=wifi" to the url.
>
> > > The problem is, once I added the network transport string, I get401
> > > unauthorized for status update and GET statuses/user_timeline.
>
> > > If I remove the transport string, then I can POST updates and GET
> > > statuses everything runs fine.
> > > So it seems the request I'm sending to twitter api is correct.
>
> > > Is there anything special with the transport string that might cause
> > > problems?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 Unauthorized Responses to requests signed with whitelisted account

[Matt Harris]

Hi Chris,

Our policy team are the beat ones to contact about this as they have access to 
the information about why the app was suspended. You can contact them through 
a...@twitter.com .

When you contact them let then know what you've put in the email below and 
include the ticket number of your previous communication with them.

They will be able to let you know the next steps.

Best
@themattharris



On Apr 19, 2011, at 8:57, Christopher Stolte  wrote:

> Hi Matt,
> 
> Thank you so much for your timely response.  Your suggestion was very
> helpful - I logged the response body and am seeing the following
> error:
> 
> "Invalid / suspended application"
> 
> I really don't know why that would be - does that mean that we are
> blacklisted? I should point out a few things that you will probably
> want to know:
> 
> 1.  We have a conservative and fairly sophisticated throttling system
> to prevent us from over-stepping the rate limit (I don't think that's
> the problem...)
> 2.  On Saturday I received a message from the API support team
> confirming that our whitelisted account was in good standing (can
> provide the message if it's helpful)
> 3.  We've seen the rate limit reported in the response change back and
> forth somewhat sporadically...
> 
> Thank you again for any help you can provide - in general we are very
> pleased with the API and we certainly appreciate your support!
> 
> Best,
> Chris
> 
> 
> 
> On Apr 18, 3:44 pm, Matt Harris  wrote:
>> Hi Christopher,
>> 
>> Could you attempt to get the response body for the request either by
>> repeating the request or enhancing your logs. The reason for the 401 is
>> communicated in the response body and knowing that will help explain what is
>> going on.
>> 
>> Best,
>> @themattharris
>> Developer Advocate, Twitterhttp://twitter.com/themattharris
>> 
>> On Mon, Apr 18, 2011 at 11:23 AM, Christopher Stolte 
>> wrote:
>> 
>>> Hello,
>> 
>>> I am a Java developer working on a web application that makes use of
>>> the Twitter API.  We use the Signpost library (version 1.2.1.1) to
>>> perform OAuth and issue API requests, and have been doing so
>>> successfully for months.  We have been signing our requests with a
>>> whitelisted key and secret that has a 20,000 request/hour rate limit.
>> 
>>> In the last few days, we started getting only 401 Not Authorized
>>> responses when using these credentials.  Upon looking back at our
>>> server logs, I notice other requests failures dating back to at least
>>> Feb 17, but they are sporadic.  Error messages look like this:
>> 
>>> WARN org.apache.http.impl.client.DefaultHttpClient Authentication
>>> error: Unable to respond to any of these challenges: {oauth=WWW-
>>> Authenticate: OAuth realm="http://api.twitter.com"}
>> 
>>> The response header shows 401 but no other enlightening information.
>> 
>>> I have paid attention to and read lots of other postings related to
>>> OAuth, and want to emphasize that our system has been working for
>>> quite a while - we make calls using the proper end points and so
>>> forth:
>> 
>>> http://api.twitter.com/1/users/show.json?user_id=[id]
>> 
>>> Something appears to have changed on Twitter's end but we don't know
>>> what.
>> 
>>> Can anyone shed some light on what might be happening?  We have
>>> already verified with Twitter API support that our credentials should
>>> still be viable - perhaps there has been an inadvertent shutdown of
>>> that account?
>> 
>>> Thank you in advance for any help or guidance!
>> 
>>> Sincerely,
>>> Chris Stolte
>> 
>>> --
>>> Twitter developer documentation and resources:http://dev.twitter.com/doc
>>> API updates via Twitter:http://twitter.com/twitterapi
>>> Issues/Enhancements Tracker:
>>> http://code.google.com/p/twitter-api/issues/list
>>> Change your membership to this group:
>>> http://groups.google.com/group/twitter-development-talk
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 Unauthorized Responses to requests signed with whitelisted account

[Christopher Stolte]

Hi Matt,

Thank you so much for your timely response.  Your suggestion was very
helpful - I logged the response body and am seeing the following
error:

"Invalid / suspended application"

I really don't know why that would be - does that mean that we are
blacklisted? I should point out a few things that you will probably
want to know:

1.  We have a conservative and fairly sophisticated throttling system
to prevent us from over-stepping the rate limit (I don't think that's
the problem...)
2.  On Saturday I received a message from the API support team
confirming that our whitelisted account was in good standing (can
provide the message if it's helpful)
3.  We've seen the rate limit reported in the response change back and
forth somewhat sporadically...

Thank you again for any help you can provide - in general we are very
pleased with the API and we certainly appreciate your support!

Best,
Chris



On Apr 18, 3:44 pm, Matt Harris  wrote:
> Hi Christopher,
>
> Could you attempt to get the response body for the request either by
> repeating the request or enhancing your logs. The reason for the 401 is
> communicated in the response body and knowing that will help explain what is
> going on.
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> On Mon, Apr 18, 2011 at 11:23 AM, Christopher Stolte 
> wrote:
>
> > Hello,
>
> > I am a Java developer working on a web application that makes use of
> > the Twitter API.  We use the Signpost library (version 1.2.1.1) to
> > perform OAuth and issue API requests, and have been doing so
> > successfully for months.  We have been signing our requests with a
> > whitelisted key and secret that has a 20,000 request/hour rate limit.
>
> > In the last few days, we started getting only 401 Not Authorized
> > responses when using these credentials.  Upon looking back at our
> > server logs, I notice other requests failures dating back to at least
> > Feb 17, but they are sporadic.  Error messages look like this:
>
> > WARN org.apache.http.impl.client.DefaultHttpClient Authentication
> > error: Unable to respond to any of these challenges: {oauth=WWW-
> > Authenticate: OAuth realm="http://api.twitter.com"}
>
> > The response header shows 401 but no other enlightening information.
>
> > I have paid attention to and read lots of other postings related to
> > OAuth, and want to emphasize that our system has been working for
> > quite a while - we make calls using the proper end points and so
> > forth:
>
> >http://api.twitter.com/1/users/show.json?user_id=[id]
>
> > Something appears to have changed on Twitter's end but we don't know
> > what.
>
> > Can anyone shed some light on what might be happening?  We have
> > already verified with Twitter API support that our credentials should
> > still be viable - perhaps there has been an inadvertent shutdown of
> > that account?
>
> > Thank you in advance for any help or guidance!
>
> > Sincerely,
> > Chris Stolte
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 Unauthorized Responses to requests signed with whitelisted account

[Christopher Stolte]

Hi Matt,

Thank you so much for your timely response.  Your suggestion was very
helpful - I logged the response body and am seeing the following
error:

"Invalid / suspended application"

I really don't know why that would be - does that mean that we are
blacklisted? I should point out a few things that you will probably
want to know:

1.  We have a conservative and fairly sophisticated throttling system
to prevent us from over-stepping the rate limit (I don't think that's
the problem...)
2.  On Saturday I received a message from the API support team
confirming that our whitelisted account was in good standing (can
provide the message if it's helpful)
3.  We've seen the rate limit reported in the response change back and
forth somewhat sporadically...

Thank you again for any help you can provide - in general we are very
pleased with the API and we certainly appreciate your support!

Best,
Chris



On Apr 18, 3:44 pm, Matt Harris  wrote:
> Hi Christopher,
>
> Could you attempt to get the response body for the request either by
> repeating the request or enhancing your logs. The reason for the 401 is
> communicated in the response body and knowing that will help explain what is
> going on.
>
> Best,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> On Mon, Apr 18, 2011 at 11:23 AM, Christopher Stolte 
> wrote:
>
> > Hello,
>
> > I am a Java developer working on a web application that makes use of
> > the Twitter API.  We use the Signpost library (version 1.2.1.1) to
> > perform OAuth and issue API requests, and have been doing so
> > successfully for months.  We have been signing our requests with a
> > whitelisted key and secret that has a 20,000 request/hour rate limit.
>
> > In the last few days, we started getting only 401 Not Authorized
> > responses when using these credentials.  Upon looking back at our
> > server logs, I notice other requests failures dating back to at least
> > Feb 17, but they are sporadic.  Error messages look like this:
>
> > WARN org.apache.http.impl.client.DefaultHttpClient Authentication
> > error: Unable to respond to any of these challenges: {oauth=WWW-
> > Authenticate: OAuth realm="http://api.twitter.com"}
>
> > The response header shows 401 but no other enlightening information.
>
> > I have paid attention to and read lots of other postings related to
> > OAuth, and want to emphasize that our system has been working for
> > quite a while - we make calls using the proper end points and so
> > forth:
>
> >http://api.twitter.com/1/users/show.json?user_id=[id]
>
> > Something appears to have changed on Twitter's end but we don't know
> > what.
>
> > Can anyone shed some light on what might be happening?  We have
> > already verified with Twitter API support that our credentials should
> > still be viable - perhaps there has been an inadvertent shutdown of
> > that account?
>
> > Thank you in advance for any help or guidance!
>
> > Sincerely,
> > Chris Stolte
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized on blackberry after appending ";interface=wifi"

[Mickey]

Still receiving 401 during update status.

There are 2 parts of my code that uses the HttpConnection where I was
adding connection transport string.
1. To get the OAuth access token. The end point is "https://
api.twitter.com/oauth/request_token".
I removed the code to add transport string here. So my signature
should not contain the transport string.

2. Doing an update, the URL thus becomes "http://api.twitter.com/1/
statuses/update.json;interface=wifi"
The result is still 401.

Any idea?

Thanks

On Apr 13, 4:04 pm, Naveen  wrote:
> There are two possible issue you are having..
>
> Most likely you simply need to append the network transport AFTER all
> signatures have been generated. If you append it before, then those
> additional characters are being included in the signature but the
> BlackBerry does not actually send that part of the connection string
> to anyone, it is only used internally.
>
> Less likely but possible, the WIFI you are using is routing you
> redirecting to you a landing page to login to the WIFI access.
>
> --Naveen Ayyagari
> SocialScope
>
> On Apr 13, 12:41 pm, Mickey  wrote:
>
> > Hi
>
> > On blackberry with httpConnection, I need to add network transport
> > string such as ";interface=wifi" to the url.
>
> > The problem is, once I added the network transport string, I get 401
> > unauthorized for status update and GET statuses/user_timeline.
>
> > If I remove the transport string, then I can POST updates and GET
> > statuses everything runs fine.
> > So it seems the request I'm sending to twitter api is correct.
>
> > Is there anything special with the transport string that might cause
> > problems?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized on blackberry after appending ";interface=wifi"

[Naveen]

There are two possible issue you are having..

Most likely you simply need to append the network transport AFTER all
signatures have been generated. If you append it before, then those
additional characters are being included in the signature but the
BlackBerry does not actually send that part of the connection string
to anyone, it is only used internally.

Less likely but possible, the WIFI you are using is routing you
redirecting to you a landing page to login to the WIFI access.

--Naveen Ayyagari
SocialScope

On Apr 13, 12:41 pm, Mickey  wrote:
> Hi
>
> On blackberry with httpConnection, I need to add network transport
> string such as ";interface=wifi" to the url.
>
> The problem is, once I added the network transport string, I get 401
> unauthorized for status update and GET statuses/user_timeline.
>
> If I remove the transport string, then I can POST updates and GET
> statuses everything runs fine.
> So it seems the request I'm sending to twitter api is correct.
>
> Is there anything special with the transport string that might cause
> problems?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Milos Golubovic]

The https to http hack worked for me consistently for a while but now
even this no longer works for my app.  Can anyone else confirm this?

On Mar 30, 8:10 am, Nick Spacek  wrote:
> > Sorry, what hack is that?  I've heard a bunch of advice on working
> > around this, but nothing conclusive.
>
> I believe he means changing 
> fromhttps://api.twitter.comtohttp://api.twitter.com. I can confirm that this 
> works for me as well.
> Obviously not ideal, but an interim solution?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Nick Spacek]

> Sorry, what hack is that?  I've heard a bunch of advice on working
> around this, but nothing conclusive.

I believe he means changing from https://api.twitter.com to
http://api.twitter.com. I can confirm that this works for me as well.
Obviously not ideal, but an interim solution?

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 unauthorized

[Jeremy Dunck]

On Mon, Mar 28, 2011 at 10:40 AM, Trevor Dean  wrote:
> I know Twitter is still working on finding a fix but it's been a couple of
> weeks now and it might be a good idea to implement the https to http hack
> for now until they resolve the issue.  I was hoping there would be a fix by
> now but I can't wait any longer so I will be making that change.

Sorry, what hack is that?  I've heard a bunch of advice on working
around this, but nothing conclusive.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 unauthorized

[Trevor Dean]

I know Twitter is still working on finding a fix but it's been a couple of
weeks now and it might be a good idea to implement the https to http hack
for now until they resolve the issue.  I was hoping there would be a fix by
now but I can't wait any longer so I will be making that change.

On Mon, Mar 28, 2011 at 11:30 AM, r9handa  wrote:

> Are you guys still experimenting the issue? My application is still
> very unstable, got the Unauthorized all the time.
> Anyone knows if we have to change our application, or Twitter will fix
> the problem?
> Thanks.
>
> On 24 mar, 10:44, Ninjamonk  wrote:
> > Thanks for the link to the issue, now I can watch it. I have reverted
> > to the http work around which I hate due to the lack of security.
> >
> > On Mar 24, 1:11 pm, Trevor Dean  wrote:
> >
> >
> >
> >
> >
> >
> >
> > > Yes I was also hoping or a more recent update, the last one was over 18
> > > hours ago and didn't provide much detail (
> http://code.google.com/p/twitter-api/issues/detail?id=2118).
> >
> > > On Thu, Mar 24, 2011 at 7:56 AM, Ninjamonk 
> wrote:
> > > > any news on this? bit of a joke that it's been going on for a week
> now
> > > > and we have no eta on a fix. I have 2 apps waiting to release but as
> > > > they feature sign in with twitter I cannot do it. One is for the new
> > > > F1 season which kicks off this weekend...
> >
> > > > On Mar 24, 2:46 am, Craig Walls  wrote:
> > > > > No, I'm using the Java-based Spring Social for this. And I've seen
> other
> > > > > threads describing the same problem with PHP. Definitely not just a
> .NET
> > > > > problem.
> >
> > > > > On 3/23/11 6:35 PM, Milos Golubovic wrote:
> >
> > > > > > I can also confirm this behavior.  Is it me or is everyone in
> here
> > > > > > using .NET? Did I possibly miss somewhere that this is a .NET
> forum?
> > > > > > I am also using a .NET library (Twitterizer).  Wondering if
> anyone not
> > > > > > using .NET is experiencing this issue?
> >
> > > > > > On Mar 23, 8:21 am, Craig Walls  wrote:
> > > > > >> I've just confirmed what Gary M says...switching to HTTP does
> seem to
> > > > > >> make it work. But HTTPS requires a>15 second delay between
> obtaining
> > > > > >> a request token and exchanging it for an access token.
> >
> > > > > >> On Mar 23, 1:48 am, Gary M  wrote:
> >
> > > > > >>> Correction. Switching to HTTP does remove the issue, so I'm
> making
> > > > that a
> > > > > >>> configurable setting in our app as a temporary workaround.
> >
> > > > --
> > > > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > Issues/Enhancements Tracker:
> > > >http://code.google.com/p/twitter-api/issues/list
> > > > Change your membership to this group:
> > > >http://groups.google.com/group/twitter-development-talk
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[r9handa]

Are you guys still experimenting the issue? My application is still
very unstable, got the Unauthorized all the time.
Anyone knows if we have to change our application, or Twitter will fix
the problem?
Thanks.

On 24 mar, 10:44, Ninjamonk  wrote:
> Thanks for the link to the issue, now I can watch it. I have reverted
> to the http work around which I hate due to the lack of security.
>
> On Mar 24, 1:11 pm, Trevor Dean  wrote:
>
>
>
>
>
>
>
> > Yes I was also hoping or a more recent update, the last one was over 18
> > hours ago and didn't provide much detail 
> > (http://code.google.com/p/twitter-api/issues/detail?id=2118).
>
> > On Thu, Mar 24, 2011 at 7:56 AM, Ninjamonk  wrote:
> > > any news on this? bit of a joke that it's been going on for a week now
> > > and we have no eta on a fix. I have 2 apps waiting to release but as
> > > they feature sign in with twitter I cannot do it. One is for the new
> > > F1 season which kicks off this weekend...
>
> > > On Mar 24, 2:46 am, Craig Walls  wrote:
> > > > No, I'm using the Java-based Spring Social for this. And I've seen other
> > > > threads describing the same problem with PHP. Definitely not just a .NET
> > > > problem.
>
> > > > On 3/23/11 6:35 PM, Milos Golubovic wrote:
>
> > > > > I can also confirm this behavior.  Is it me or is everyone in here
> > > > > using .NET? Did I possibly miss somewhere that this is a .NET forum?
> > > > > I am also using a .NET library (Twitterizer).  Wondering if anyone not
> > > > > using .NET is experiencing this issue?
>
> > > > > On Mar 23, 8:21 am, Craig Walls  wrote:
> > > > >> I've just confirmed what Gary M says...switching to HTTP does seem to
> > > > >> make it work. But HTTPS requires a>15 second delay between obtaining
> > > > >> a request token and exchanging it for an access token.
>
> > > > >> On Mar 23, 1:48 am, Gary M  wrote:
>
> > > > >>> Correction. Switching to HTTP does remove the issue, so I'm making
> > > that a
> > > > >>> configurable setting in our app as a temporary workaround.
>
> > > --
> > > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > > API updates via Twitter:http://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >http://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[AG]

I am using Twitterizer (.NET) and I am also experiencing this issue.

This is very annoying...

On Mar 23, 7:35 pm, Milos Golubovic  wrote:
> I can also confirm this behavior.  Is it me or is everyone in here
> using .NET? Did I possibly miss somewhere that this is a .NET forum?
> I am also using a .NET library (Twitterizer).  Wondering if anyone not
> using .NET is experiencing this issue?
>
> On Mar 23, 8:21 am, Craig Walls  wrote:
>
>
>
>
>
>
>
> > I've just confirmed what Gary M says...switching to HTTP does seem to
> > make it work. But HTTPS requires a >15 second delay between obtaining
> > a request token and exchanging it for an access token.
>
> > On Mar 23, 1:48 am, Gary M  wrote:
>
> > > Correction. Switching to HTTP does remove the issue, so I'm making that a
> > > configurable setting in our app as a temporary workaround.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Ninjamonk]

Thanks for the link to the issue, now I can watch it. I have reverted
to the http work around which I hate due to the lack of security.

On Mar 24, 1:11 pm, Trevor Dean  wrote:
> Yes I was also hoping or a more recent update, the last one was over 18
> hours ago and didn't provide much detail 
> (http://code.google.com/p/twitter-api/issues/detail?id=2118).
>
>
>
>
>
>
>
> On Thu, Mar 24, 2011 at 7:56 AM, Ninjamonk  wrote:
> > any news on this? bit of a joke that it's been going on for a week now
> > and we have no eta on a fix. I have 2 apps waiting to release but as
> > they feature sign in with twitter I cannot do it. One is for the new
> > F1 season which kicks off this weekend...
>
> > On Mar 24, 2:46 am, Craig Walls  wrote:
> > > No, I'm using the Java-based Spring Social for this. And I've seen other
> > > threads describing the same problem with PHP. Definitely not just a .NET
> > > problem.
>
> > > On 3/23/11 6:35 PM, Milos Golubovic wrote:
>
> > > > I can also confirm this behavior.  Is it me or is everyone in here
> > > > using .NET? Did I possibly miss somewhere that this is a .NET forum?
> > > > I am also using a .NET library (Twitterizer).  Wondering if anyone not
> > > > using .NET is experiencing this issue?
>
> > > > On Mar 23, 8:21 am, Craig Walls  wrote:
> > > >> I've just confirmed what Gary M says...switching to HTTP does seem to
> > > >> make it work. But HTTPS requires a>15 second delay between obtaining
> > > >> a request token and exchanging it for an access token.
>
> > > >> On Mar 23, 1:48 am, Gary M  wrote:
>
> > > >>> Correction. Switching to HTTP does remove the issue, so I'm making
> > that a
> > > >>> configurable setting in our app as a temporary workaround.
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 unauthorized

[Trevor Dean]

Yes I was also hoping or a more recent update, the last one was over 18
hours ago and didn't provide much detail (
http://code.google.com/p/twitter-api/issues/detail?id=2118).

On Thu, Mar 24, 2011 at 7:56 AM, Ninjamonk  wrote:

> any news on this? bit of a joke that it's been going on for a week now
> and we have no eta on a fix. I have 2 apps waiting to release but as
> they feature sign in with twitter I cannot do it. One is for the new
> F1 season which kicks off this weekend...
>
> On Mar 24, 2:46 am, Craig Walls  wrote:
> > No, I'm using the Java-based Spring Social for this. And I've seen other
> > threads describing the same problem with PHP. Definitely not just a .NET
> > problem.
> >
> > On 3/23/11 6:35 PM, Milos Golubovic wrote:
> >
> >
> >
> >
> >
> >
> >
> > > I can also confirm this behavior.  Is it me or is everyone in here
> > > using .NET? Did I possibly miss somewhere that this is a .NET forum?
> > > I am also using a .NET library (Twitterizer).  Wondering if anyone not
> > > using .NET is experiencing this issue?
> >
> > > On Mar 23, 8:21 am, Craig Walls  wrote:
> > >> I've just confirmed what Gary M says...switching to HTTP does seem to
> > >> make it work. But HTTPS requires a>15 second delay between obtaining
> > >> a request token and exchanging it for an access token.
> >
> > >> On Mar 23, 1:48 am, Gary M  wrote:
> >
> > >>> Correction. Switching to HTTP does remove the issue, so I'm making
> that a
> > >>> configurable setting in our app as a temporary workaround.
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Ninjamonk]

any news on this? bit of a joke that it's been going on for a week now
and we have no eta on a fix. I have 2 apps waiting to release but as
they feature sign in with twitter I cannot do it. One is for the new
F1 season which kicks off this weekend...

On Mar 24, 2:46 am, Craig Walls  wrote:
> No, I'm using the Java-based Spring Social for this. And I've seen other
> threads describing the same problem with PHP. Definitely not just a .NET
> problem.
>
> On 3/23/11 6:35 PM, Milos Golubovic wrote:
>
>
>
>
>
>
>
> > I can also confirm this behavior.  Is it me or is everyone in here
> > using .NET? Did I possibly miss somewhere that this is a .NET forum?
> > I am also using a .NET library (Twitterizer).  Wondering if anyone not
> > using .NET is experiencing this issue?
>
> > On Mar 23, 8:21 am, Craig Walls  wrote:
> >> I've just confirmed what Gary M says...switching to HTTP does seem to
> >> make it work. But HTTPS requires a>15 second delay between obtaining
> >> a request token and exchanging it for an access token.
>
> >> On Mar 23, 1:48 am, Gary M  wrote:
>
> >>> Correction. Switching to HTTP does remove the issue, so I'm making that a
> >>> configurable setting in our app as a temporary workaround.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 unauthorized

[Craig Walls]

No, I'm using the Java-based Spring Social for this. And I've seen other 
threads describing the same problem with PHP. Definitely not just a .NET 
problem.



On 3/23/11 6:35 PM, Milos Golubovic wrote:

I can also confirm this behavior.  Is it me or is everyone in here
using .NET? Did I possibly miss somewhere that this is a .NET forum?
I am also using a .NET library (Twitterizer).  Wondering if anyone not
using .NET is experiencing this issue?

On Mar 23, 8:21 am, Craig Walls  wrote:

I've just confirmed what Gary M says...switching to HTTP does seem to
make it work. But HTTPS requires a>15 second delay between obtaining
a request token and exchanging it for an access token.

On Mar 23, 1:48 am, Gary M  wrote:


Correction. Switching to HTTP does remove the issue, so I'm making that a
configurable setting in our app as a temporary workaround.


--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Milos Golubovic]

I can also confirm this behavior.  Is it me or is everyone in here
using .NET? Did I possibly miss somewhere that this is a .NET forum?
I am also using a .NET library (Twitterizer).  Wondering if anyone not
using .NET is experiencing this issue?

On Mar 23, 8:21 am, Craig Walls  wrote:
> I've just confirmed what Gary M says...switching to HTTP does seem to
> make it work. But HTTPS requires a >15 second delay between obtaining
> a request token and exchanging it for an access token.
>
> On Mar 23, 1:48 am, Gary M  wrote:
>
> > Correction. Switching to HTTP does remove the issue, so I'm making that a
> > configurable setting in our app as a temporary workaround.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Gary M]

Correction. Switching to HTTP does remove the issue, so I'm making that a 
configurable setting in our app as a temporary workaround.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Gary M]

I'd like to add another confirmation of this issue. I am the lead developer 
for a commercial application that has started receiving reports of Twitter 
sign-in failures over the last couple days and I was able to reliably 
reproduce the 15-second workaround before I came across this thread. I'm 
using the Hammock (.NET) library, against the api.twitter.com URLs over SSL, 
but I found the problem persists when I tried over HTTP and/or directed to 
the regular twitter.com URLs.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Craig Walls]

I've just confirmed what Gary M says...switching to HTTP does seem to
make it work. But HTTPS requires a >15 second delay between obtaining
a request token and exchanging it for an access token.

On Mar 23, 1:48 am, Gary M  wrote:
> Correction. Switching to HTTP does remove the issue, so I'm making that a
> configurable setting in our app as a temporary workaround.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[kraigh]

I am seeing exact same behavior (only works with delay) and am using
Twitterizer Library.  I am new to Twitter and Twitterizer libarary and
though I was doing something wrong.  Clearly not.  Thanks for posting
this.

On Mar 22, 1:42 pm, Craig Walls  wrote:
> Okay, more information for you to consider...
>  - I am using HTTPS in the requests
>  - I am using the api subdomain in the OAuth requests
>
> First, the failed attempt:
>
> I fetched the request token:
>    oauth_timestamp: 1300825895
>    Date header in response: [Tue, 22 Mar 2011 20:31:36 GMT]
> I then authorized and exchanged for the access token and it failed
> with a 401:
>    oauth_timestamp: 1300825900
>    Date header in response: [Tue, 22 Mar 2011 20:31:40 GMT]
> My code immediately tried again after the failure and it worked the
> 2nd time:
>    oauth_timestamp: 1300825900
>    Date header in response: [Tue, 22 Mar 2011 20:31:40 GMT]
>
> Notice that there was only a 4 second time lapse between obtaining the
> request token and exchanging for the access token. I then tried again
> with a ~15 second delay:
>
> I fetched the request token:
>    oauth_timestamp: 1300825933
>    Date header in response: [Tue, 22 Mar 2011 20:32:13 GMT]
> I then waited at the authorization screen for over 15 seconds before
> clicking accept...then tried to exchange for the access token...and it
> worked:
>    oauth_timestamp: 1300825976
>    Date header in response: [Tue, 22 Mar 2011 20:32:56 GMT]
>
> So, again in summary: If there is less than 15 seconds of delay
> between obtaining the request token and the access token, it always
> fails. If there is a >15 second delay, it always works. And, when it
> fails, trying to exchange the request token and verifier a 2nd time
> will always work.
>
> On Mar 21, 9:04 am, Taylor Singletary 
> wrote:
>
> > If you're experiencing this issue, can you please provide these additional
> > details:
> >   * are the OAuth URLs you are using http or https?
> >   * do your OAuth URLs contain the api subdomain? (you really should be if
> > you aren't)
> >   * what OAuth library (if any) are you using to sign your requests?
> >   * If you're observing the response HTTP headers on failed requests, what
> > server time is presented in the "Date" HTTP header? What is your OAuth
> > timestamp?
>
> > Thanks!
>
> > @episod  - Taylor Singletary - Twitter Developer
> > Advocate
>
> > On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary <
>
> > taylorsinglet...@twitter.com> wrote:
> > > Thanks everyone for the detailed information in these reports; they'll 
> > > help
> > > a lot while we track down the issue. Will update this thread when we know
> > > more.
>
> > > @episod  - Taylor Singletary - Twitter
> > > Developer Advocate
>
> > > On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie  wrote:
>
> > >> Please go and star this issue:
> > >>http://code.google.com/p/twitter-api/issues/detail?id=2118
>
> > >> On Mar 19, 11:47 pm, Trevor Dean  wrote:
> > >> > Is anyone else experiencing any 401 errors all of a sudden?  I was 
> > >> > doing
> > >> > some testing this morning and was logging in fine using twitter and 
> > >> > then
> > >> 10
> > >> > min later I started getting 401 unauthorized errors.
>
> > >> > Thanks,
>
> > >> > Trevor
>
> > >> --
> > >> Twitter developer documentation and resources:http://dev.twitter.com/doc
> > >> API updates via Twitter:http://twitter.com/twitterapi
> > >> Issues/Enhancements Tracker:
> > >>http://code.google.com/p/twitter-api/issues/list
> > >> Change your membership to this group:
> > >>http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Craig Walls]

Okay, more information for you to consider...
 - I am using HTTPS in the requests
 - I am using the api subdomain in the OAuth requests

First, the failed attempt:

I fetched the request token:
   oauth_timestamp: 1300825895
   Date header in response: [Tue, 22 Mar 2011 20:31:36 GMT]
I then authorized and exchanged for the access token and it failed
with a 401:
   oauth_timestamp: 1300825900
   Date header in response: [Tue, 22 Mar 2011 20:31:40 GMT]
My code immediately tried again after the failure and it worked the
2nd time:
   oauth_timestamp: 1300825900
   Date header in response: [Tue, 22 Mar 2011 20:31:40 GMT]

Notice that there was only a 4 second time lapse between obtaining the
request token and exchanging for the access token. I then tried again
with a ~15 second delay:

I fetched the request token:
   oauth_timestamp: 1300825933
   Date header in response: [Tue, 22 Mar 2011 20:32:13 GMT]
I then waited at the authorization screen for over 15 seconds before
clicking accept...then tried to exchange for the access token...and it
worked:
   oauth_timestamp: 1300825976
   Date header in response: [Tue, 22 Mar 2011 20:32:56 GMT]

So, again in summary: If there is less than 15 seconds of delay
between obtaining the request token and the access token, it always
fails. If there is a >15 second delay, it always works. And, when it
fails, trying to exchange the request token and verifier a 2nd time
will always work.

On Mar 21, 9:04 am, Taylor Singletary 
wrote:
> If you're experiencing this issue, can you please provide these additional
> details:
>   * are the OAuth URLs you are using http or https?
>   * do your OAuth URLs contain the api subdomain? (you really should be if
> you aren't)
>   * what OAuth library (if any) are you using to sign your requests?
>   * If you're observing the response HTTP headers on failed requests, what
> server time is presented in the "Date" HTTP header? What is your OAuth
> timestamp?
>
> Thanks!
>
> @episod  - Taylor Singletary - Twitter Developer
> Advocate
>
> On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary <
>
> taylorsinglet...@twitter.com> wrote:
> > Thanks everyone for the detailed information in these reports; they'll help
> > a lot while we track down the issue. Will update this thread when we know
> > more.
>
> > @episod  - Taylor Singletary - Twitter
> > Developer Advocate
>
> > On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie  wrote:
>
> >> Please go and star this issue:
> >>http://code.google.com/p/twitter-api/issues/detail?id=2118
>
> >> On Mar 19, 11:47 pm, Trevor Dean  wrote:
> >> > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> >> > some testing this morning and was logging in fine using twitter and then
> >> 10
> >> > min later I started getting 401 unauthorized errors.
>
> >> > Thanks,
>
> >> > Trevor
>
> >> --
> >> Twitter developer documentation and resources:http://dev.twitter.com/doc
> >> API updates via Twitter:http://twitter.com/twitterapi
> >> Issues/Enhancements Tracker:
> >>http://code.google.com/p/twitter-api/issues/list
> >> Change your membership to this group:
> >>http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Craig Walls]

I'm seeing the same thing that Ninjamonk reported on Mar 20 at
10:10am. That is, if I pause before asking for the access token, it
will work. The only difference is that Ninjamonk said he paused for 10
seconds...I found that I have to pause for at least 15 seconds. I also
discovered that just waiting 15 seconds before pressing the accept
button has the same effect.

I also discovered that if I *don't* pause and it fails that I can re-
issue the same request for the access token again (recalculating the
signature with a new timestamp and nonce) and it will work the 2nd
time.

And, much like everyone else has reported, this is in code that has
been working well for quite awhile, hasn't changed, and is only very
recently started to exhibit this behavior.

FWIW, I also debugged down to the base string (just before it is
encrypted) to see if there's any difference between the base string of
a working request and one that doesn't work. Aside from the nonce and
timestamp, there's no difference at all.

To repeat: It *always* works if there's a 15 second or more delay
between obtaining the request token and trying to get the access
token. And it *always* fails the first time if there is no delay, but
works the 2nd time.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[akiyoshi]

token straight away fails with 401:
>
> UTC now: 21/03/2011 2:15:46 PM
>
> https://api.twitter.com/oauth/access_token
>
> POST /oauth/access_token HTTP/1.1
> Authorization: OAuth 
> oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign 
> ature_method="HMAC-SHA1",oauth_timestamp="1300716946",oauth_token="...",oau 
> th_verifier="...",oauth_version="1.0"
> Content-Type: application/x-www-form-urlencoded
> User-Agent: TweetSharp
> Host: api.twitter.com
> Content-Length: 0
>
> 401 Unauthorized
> X-Transaction: 1300716950-90707-10498
> X-Runtime: 0.00684
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 1
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:15:50 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> Last-Modified: Mon, 21 Mar 2011 14:15:50 GMT
> Set-Cookie: k=124.169.147.184; path=/; expires=Mon, 28-Mar-11 14:15:50 
> GMT; domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 
> 14:15:50 GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 
> 2038 03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly
> Server: hi
> Vary: Accept-Encoding
>
> Trying the same request again 10 minutes later works (only oauth_timestamp 
> changed):
>
> UTC now: 21/03/2011 2:25:42 PM
>
> https://api.twitter.com/oauth/access_token
>
> POST /oauth/access_token HTTP/1.1
> Authorization: OAuth 
> oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_sign 
> ature_method="HMAC-SHA1",oauth_timestamp="1300717542",oauth_token="...",oau 
> th_verifier="...",oauth_version="1.0"
> Content-Type: application/x-www-form-urlencoded
> User-Agent: TweetSharp
> Host: api.twitter.com
> Content-Length: 0
> Connection: Keep-Alive
>
> 200 OK
> X-Transaction: 1300717546-72934-39621
> X-Runtime: 0.03056
> Pragma: no-cache
> X-Revision: DEV
> Content-Length: 163
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
> Content-Type: text/html; charset=utf-8
> Date: Mon, 21 Mar 2011 14:25:46 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> ETag: "9ac6161371b0ee90ef8f6db5322287df"
> Last-Modified: Mon, 21 Mar 2011 14:25:46 GMT
> Set-Cookie: k=124.169.147.184.1300717546945450; path=/; expires=Mon, 
> 28-Mar-11 14:25:46 GMT; domain=.twitter.com,guest_id=130071754695116305; 
> path=/; expires=Wed, 20 Apr 2011 14:25:46 
> GMT,admobuu=989196f7fa5728c90e815cc8f97cd56a; domain=.m.twitter.com; path=/; 
> expires=Tue, 19 Jan 2038 03:14:07 
> GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMitztguAToHaWQiJTk4NDllMmVhZTM1O 
> TJk%250ANzQ0MGFlMWM2YzQ1ZTU2MDg4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOj 
> pGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dad7912a647454357cfa6f0d07804b5c4b5 
> d6ae4; domain=.twitter.com; path=/; HttpOnly
> Server: hi
> Vary: Accept-Encoding
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
>
> oauth_token=...&oauth_token_secret=...&user_id=14051560&screen_name=tathamo 
> ddie
>
> I’m noting that the time offset here is only about 4 seconds, however it 
> certainly takes longer than that to work.
>
> You can see this for yourself trying to sign in tohttp://ivebeen.to
>
> --
> Tatham Oddie
> au mob: +61 414 275 989, us cell: +1 213 280 3556, skype: tathamoddie
> If you’re printing this email, you’re doing it wrong. This is a computer, not 
> a typewriter.
>
> From: Taylor Singletary [mailto:taylorsinglet...@twitter.com]
> Sent: Tuesday, 22 March 2011 1:05 AM
> To: twitter-development-talk@googlegroups.com
> Cc: Tatham Oddie
> Subject: Re: [twitter-dev] Re: 401 unauthorized
>
> If you're experiencing this issue, can you please provide these additional 
> details:
>   * are the OAuth URLs you are using http or https?
>   * do your OAuth URLs contain the api subdomain? (you really should be if 
> you aren't)
>   * what OAuth library (if any) are you using to sign your requests?
>   * If you're observing the response HTTP headers on failed requests, what 
> server time is presented in the "Date" HTTP header? What is your OAuth 
> timestamp?
>
> Thanks!
>
> @episod<http://twitter.com/episod> - Taylor Singletary - Twitter Developer 
> Advocate
>
> On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary 
> mailto:taylorsinglet...@twitter.com>> wrote:
> Thanks everyone for the detailed information in these reports; they'll help a 
> lot while we track down the issue. Will update this thread wh

RE: [twitter-dev] Re: 401 unauthorized

[Tatham Oddie]

Hi Taylor,

I’m using the TweetSharp<http://tweetsharp.codeplex.com/> library.

Here are my requests…

Getting the request token works:

UTC now: 21/03/2011 2:15:44 PM

https://api.twitter.com/oauth/request_token

GET /oauth/request_token HTTP/1.1
Authorization: OAuth 
oauth_callback="...",oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716944",oauth_version="1.0"
User-Agent: TweetSharp
Host: api.twitter.com
Connection: Keep-Alive

200 OK
X-Transaction: 1300716948-77667-49892
X-Runtime: 0.00938
Pragma: no-cache
X-Revision: DEV
Content-Length: 144
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:15:48 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
ETag: "00fdd191cfa579128843a85a7a58be9f"
Last-Modified: Mon, 21 Mar 2011 14:15:48 GMT
Set-Cookie: k=124.169.147.184; path=/; expires=Mon, 28-Mar-11 14:15:48 GMT; 
domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 14:15:48 
GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 
03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

oauth_token=...&oauth_token_secret=...&oauth_callback_confirmed=true

Getting the access token straight away fails with 401:

UTC now: 21/03/2011 2:15:46 PM

https://api.twitter.com/oauth/access_token

POST /oauth/access_token HTTP/1.1
Authorization: OAuth 
oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300716946",oauth_token="...",oauth_verifier="...",oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded
User-Agent: TweetSharp
Host: api.twitter.com
Content-Length: 0

401 Unauthorized
X-Transaction: 1300716950-90707-10498
X-Runtime: 0.00684
Pragma: no-cache
X-Revision: DEV
Content-Length: 1
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:15:50 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Last-Modified: Mon, 21 Mar 2011 14:15:50 GMT
Set-Cookie: k=124.169.147.184; path=/; expires=Mon, 28-Mar-11 14:15:50 GMT; 
domain=.twitter.com,guest_id=...; path=/; expires=Wed, 20 Apr 2011 14:15:50 
GMT,admobuu=...; domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 
03:14:07 GMT,_twitter_sess=...; domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding

Trying the same request again 10 minutes later works (only oauth_timestamp 
changed):

UTC now: 21/03/2011 2:25:42 PM

https://api.twitter.com/oauth/access_token

POST /oauth/access_token HTTP/1.1
Authorization: OAuth 
oauth_consumer_key="...",oauth_nonce="...",oauth_signature="...",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1300717542",oauth_token="...",oauth_verifier="...",oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded
User-Agent: TweetSharp
Host: api.twitter.com
Content-Length: 0
Connection: Keep-Alive

200 OK
X-Transaction: 1300717546-72934-39621
X-Runtime: 0.03056
Pragma: no-cache
X-Revision: DEV
Content-Length: 163
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Mar 2011 14:25:46 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
ETag: "9ac6161371b0ee90ef8f6db5322287df"
Last-Modified: Mon, 21 Mar 2011 14:25:46 GMT
Set-Cookie: k=124.169.147.184.1300717546945450; path=/; expires=Mon, 28-Mar-11 
14:25:46 GMT; domain=.twitter.com,guest_id=130071754695116305; path=/; 
expires=Wed, 20 Apr 2011 14:25:46 GMT,admobuu=989196f7fa5728c90e815cc8f97cd56a; 
domain=.m.twitter.com; path=/; expires=Tue, 19 Jan 2038 03:14:07 
GMT,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMitztguAToHaWQiJTk4NDllMmVhZTM1OTJk%250ANzQ0MGFlMWM2YzQ1ZTU2MDg4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--dad7912a647454357cfa6f0d07804b5c4b5d6ae4;
 domain=.twitter.com; path=/; HttpOnly
Server: hi
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

oauth_token=...&oauth_token_secret=...&user_id=14051560&screen_name=tathamoddie

I’m noting that the time offset here is only about 4 seconds, however it 
certainly takes longer than that to work.

You can see this for yourself trying to sign in to http://ivebeen.to


--
Tatham Oddie
au mob: +61 414 275 989, us cell: +1 213 280 3556, skype: tathamoddie
If you’re printing this email, you’re doing it wrong. This is a computer, not a 
typewriter.

From: Taylor Singletary [mailto:taylorsinglet...@twitter.com]
Sent: Tuesday, 22 March 2011 1:05 AM
To: twitter-development-tal

Re: [twitter-dev] Re: 401 unauthorized

[Taylor Singletary]

If you're experiencing this issue, can you please provide these additional
details:
  * are the OAuth URLs you are using http or https?
  * do your OAuth URLs contain the api subdomain? (you really should be if
you aren't)
  * what OAuth library (if any) are you using to sign your requests?
  * If you're observing the response HTTP headers on failed requests, what
server time is presented in the "Date" HTTP header? What is your OAuth
timestamp?

Thanks!

@episod  - Taylor Singletary - Twitter Developer
Advocate


On Mon, Mar 21, 2011 at 6:24 AM, Taylor Singletary <
taylorsinglet...@twitter.com> wrote:

> Thanks everyone for the detailed information in these reports; they'll help
> a lot while we track down the issue. Will update this thread when we know
> more.
>
> @episod  - Taylor Singletary - Twitter
> Developer Advocate
>
>
>
> On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie  wrote:
>
>> Please go and star this issue:
>> http://code.google.com/p/twitter-api/issues/detail?id=2118
>>
>> On Mar 19, 11:47 pm, Trevor Dean  wrote:
>> > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
>> > some testing this morning and was logging in fine using twitter and then
>> 10
>> > min later I started getting 401 unauthorized errors.
>> >
>> > Thanks,
>> >
>> > Trevor
>>
>> --
>> Twitter developer documentation and resources: http://dev.twitter.com/doc
>> API updates via Twitter: http://twitter.com/twitterapi
>> Issues/Enhancements Tracker:
>> http://code.google.com/p/twitter-api/issues/list
>> Change your membership to this group:
>> http://groups.google.com/group/twitter-development-talk
>>
>
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 unauthorized

[Taylor Singletary]

Thanks everyone for the detailed information in these reports; they'll help
a lot while we track down the issue. Will update this thread when we know
more.

@episod  - Taylor Singletary - Twitter Developer
Advocate


On Mon, Mar 21, 2011 at 6:03 AM, Tatham Oddie  wrote:

> Please go and star this issue:
> http://code.google.com/p/twitter-api/issues/detail?id=2118
>
> On Mar 19, 11:47 pm, Trevor Dean  wrote:
> > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> > some testing this morning and was logging in fine using twitter and then
> 10
> > min later I started getting 401 unauthorized errors.
> >
> > Thanks,
> >
> > Trevor
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Tatham Oddie]

Please go and star this issue: 
http://code.google.com/p/twitter-api/issues/detail?id=2118

On Mar 19, 11:47 pm, Trevor Dean  wrote:
> Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> some testing this morning and was logging in fine using twitter and then 10
> min later I started getting 401 unauthorized errors.
>
> Thanks,
>
> Trevor

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Tatham Oddie]

I'm getting this same behaviour on http://ivebeen.to

If I wait about 30 seconds before trying to convert the request token
to an access token, it all works fine.

This happens on both my local machine and on the deployed website -
two distinct machines in different locations, timezones, etc.

Both machines use network updated time from time.windows.com and I've
manually triggered each of them to make sure their time is up to date.


On Mar 21, 10:56 pm, Trevor Dean  wrote:
> Yup, totally stopped working for me as well and my scenario is the same as
> Joe's too.  Any status updates on this issue?
>
>
>
> On Sun, Mar 20, 2011 at 2:09 PM, akiyoshi  wrote:
> > Well it stopped working for me as well. My scenario was the same as
> > Joe Mayo's till yesterday.
>
> > On 20 mar, 13:21, Ninjamonk  wrote:
> > > well it's stopped working completely now even if I pause.
>
> > > Can someone from twitter let us know the progress of this bug?
>
> > > On Mar 20, 3:28 pm, Joe Mayo  wrote:
>
> > > > I'm seeing the same problem with 401's during authentication.  I have
> > > > an app that has worked flawlessly (with no code changes) for months
> > > > that is now receiving 401's.  I'm also have multiple support issues on
> > > > users experiencing intermittent 401 errors.  For some apps, every
> > > > authentication request results in a 401, but it seems to happen every
> > > > other authentication for others.
>
> > > > Joe
>
> > > > On Mar 20, 9:10 am, Ninjamonk  wrote:
>
> > > > > I am still getting this issue and I think it's time related at
> > > > > twitters end.
>
> > > > > steps:
>
> > > > > 1. go to twitter and let user auth app
> > > > > 2. on return use verifier and token to ask twitter for the tokens and
> > > > > get a 401
>
> > > > > Now if I pause step 2 before asking twitter for the tokens for 10
> > > > > seconds it works fine.
>
> > > > > This code has worked for over 6 months and now I am getting this
> > issue
> > > > > all of a sudden.
>
> > > > > I would look at my code but there are a lot of people getting the
> > same
> > > > > issue.
>
> > > > > Cheers
>
> > > > > Darren
>
> > > > > On Mar 19, 6:05 pm, Matt Harris  wrote:
>
> > > > > > Hi Trevor,
>
> > > > > > Could you share the request and response you are sending so we can
> > > > > > investigate. Remember to obscure user and consumer secrets.
>
> > > > > > Thanks,
> > > > > > @themattharris
> > > > > > Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> > > > > > On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean 
> > wrote:
>
> > > > > > > Is anyone else experiencing any 401 errors all of a sudden?  I
> > was doing
> > > > > > > some testing this morning and was logging in fine using twitter
> > and then 10
> > > > > > > min later I started getting 401 unauthorized errors.
>
> > > > > > > Thanks,
>
> > > > > > > Trevor
>
> > > > > > > --
> > > > > > > Twitter developer documentation and resources:
> >http://dev.twitter.com/doc
> > > > > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > > > > Issues/Enhancements Tracker:
> > > > > > >http://code.google.com/p/twitter-api/issues/list
> > > > > > > Change your membership to this group:
>
> >http://groups.google.com/group/twitter-development-talk-Hidequotedtext -
>
> > > > > - Show quoted text -- Ocultar texto das mensagens anteriores -
>
> > > - Mostrar texto das mensagens anteriores -
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk- Hide quoted text -
>
> - Show quoted text -

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Re: [twitter-dev] Re: 401 unauthorized

[Trevor Dean]

Yup, totally stopped working for me as well and my scenario is the same as
Joe's too.  Any status updates on this issue?

On Sun, Mar 20, 2011 at 2:09 PM, akiyoshi  wrote:

> Well it stopped working for me as well. My scenario was the same as
> Joe Mayo's till yesterday.
>
> On 20 mar, 13:21, Ninjamonk  wrote:
> > well it's stopped working completely now even if I pause.
> >
> > Can someone from twitter let us know the progress of this bug?
> >
> > On Mar 20, 3:28 pm, Joe Mayo  wrote:
> >
> >
> >
> > > I'm seeing the same problem with 401's during authentication.  I have
> > > an app that has worked flawlessly (with no code changes) for months
> > > that is now receiving 401's.  I'm also have multiple support issues on
> > > users experiencing intermittent 401 errors.  For some apps, every
> > > authentication request results in a 401, but it seems to happen every
> > > other authentication for others.
> >
> > > Joe
> >
> > > On Mar 20, 9:10 am, Ninjamonk  wrote:
> >
> > > > I am still getting this issue and I think it's time related at
> > > > twitters end.
> >
> > > > steps:
> >
> > > > 1. go to twitter and let user auth app
> > > > 2. on return use verifier and token to ask twitter for the tokens and
> > > > get a 401
> >
> > > > Now if I pause step 2 before asking twitter for the tokens for 10
> > > > seconds it works fine.
> >
> > > > This code has worked for over 6 months and now I am getting this
> issue
> > > > all of a sudden.
> >
> > > > I would look at my code but there are a lot of people getting the
> same
> > > > issue.
> >
> > > > Cheers
> >
> > > > Darren
> >
> > > > On Mar 19, 6:05 pm, Matt Harris  wrote:
> >
> > > > > Hi Trevor,
> >
> > > > > Could you share the request and response you are sending so we can
> > > > > investigate. Remember to obscure user and consumer secrets.
> >
> > > > > Thanks,
> > > > > @themattharris
> > > > > Developer Advocate, Twitterhttp://twitter.com/themattharris
> >
> > > > > On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean 
> wrote:
> >
> > > > > > Is anyone else experiencing any 401 errors all of a sudden?  I
> was doing
> > > > > > some testing this morning and was logging in fine using twitter
> and then 10
> > > > > > min later I started getting 401 unauthorized errors.
> >
> > > > > > Thanks,
> >
> > > > > > Trevor
> >
> > > > > > --
> > > > > > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > > > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > > > Issues/Enhancements Tracker:
> > > > > >http://code.google.com/p/twitter-api/issues/list
> > > > > > Change your membership to this group:
> > > > > >
> http://groups.google.com/group/twitter-development-talk-Hidequoted text -
> >
> > > > - Show quoted text -- Ocultar texto das mensagens anteriores -
> >
> > - Mostrar texto das mensagens anteriores -
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[akiyoshi]

Well it stopped working for me as well. My scenario was the same as
Joe Mayo's till yesterday.

On 20 mar, 13:21, Ninjamonk  wrote:
> well it's stopped working completely now even if I pause.
>
> Can someone from twitter let us know the progress of this bug?
>
> On Mar 20, 3:28 pm, Joe Mayo  wrote:
>
>
>
> > I'm seeing the same problem with 401's during authentication.  I have
> > an app that has worked flawlessly (with no code changes) for months
> > that is now receiving 401's.  I'm also have multiple support issues on
> > users experiencing intermittent 401 errors.  For some apps, every
> > authentication request results in a 401, but it seems to happen every
> > other authentication for others.
>
> > Joe
>
> > On Mar 20, 9:10 am, Ninjamonk  wrote:
>
> > > I am still getting this issue and I think it's time related at
> > > twitters end.
>
> > > steps:
>
> > > 1. go to twitter and let user auth app
> > > 2. on return use verifier and token to ask twitter for the tokens and
> > > get a 401
>
> > > Now if I pause step 2 before asking twitter for the tokens for 10
> > > seconds it works fine.
>
> > > This code has worked for over 6 months and now I am getting this issue
> > > all of a sudden.
>
> > > I would look at my code but there are a lot of people getting the same
> > > issue.
>
> > > Cheers
>
> > > Darren
>
> > > On Mar 19, 6:05 pm, Matt Harris  wrote:
>
> > > > Hi Trevor,
>
> > > > Could you share the request and response you are sending so we can
> > > > investigate. Remember to obscure user and consumer secrets.
>
> > > > Thanks,
> > > > @themattharris
> > > > Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> > > > On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean  
> > > > wrote:
>
> > > > > Is anyone else experiencing any 401 errors all of a sudden?  I was 
> > > > > doing
> > > > > some testing this morning and was logging in fine using twitter and 
> > > > > then 10
> > > > > min later I started getting 401 unauthorized errors.
>
> > > > > Thanks,
>
> > > > > Trevor
>
> > > > > --
> > > > > Twitter developer documentation and 
> > > > > resources:http://dev.twitter.com/doc
> > > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > > Issues/Enhancements Tracker:
> > > > >http://code.google.com/p/twitter-api/issues/list
> > > > > Change your membership to this group:
> > > > >http://groups.google.com/group/twitter-development-talk-Hidequoted 
> > > > >text -
>
> > > - Show quoted text -- Ocultar texto das mensagens anteriores -
>
> - Mostrar texto das mensagens anteriores -

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Joe Mayo]

Hi Matt,

Here's mine:

GET https://twitter.com/oauth/request_token HTTP/1.1
Authorization: OAuth
oauth_callback="oob",oauth_consumer_key="sanitized",oauth_nonce="sanitized",oauth_signature_method="HMAC-
SHA1",oauth_signature="sanitized",oauth_version="1.0",oauth_timestamp="sanitized"
User-Agent: DotNetOpenAuth/3.2.0.9177
Host: twitter.com
Connection: Keep-Alive


HTTP/1.1 401 Unauthorized
Date: Sun, 20 Mar 2011 18:37:35 GMT
Server: hi
Status: 401 Unauthorized
X-Transaction: 1300646255-30320-35800
Last-Modified: Sun, 20 Mar 2011 18:37:35 GMT
X-Runtime: 0.00708
Content-Type: text/html; charset=utf-8
Content-Length: 44
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Set-Cookie: sanitized
Set-Cookie: sanitized
Set-Cookie: sanitized
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

Failed to validate oauth signature and token

Thanks,

Joe

On Mar 19, 12:05 pm, Matt Harris  wrote:
> Hi Trevor,
>
> Could you share the request and response you are sending so we can
> investigate. Remember to obscure user and consumer secrets.
>
> Thanks,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
>
>
> On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean  wrote:
>
> > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> > some testing this morning and was logging in fine using twitter and then 10
> > min later I started getting 401 unauthorized errors.
>
> > Thanks,
>
> > Trevor
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk- Hide quoted text -
>
> - Show quoted text -

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Ninjamonk]

well it's stopped working completely now even if I pause.

Can someone from twitter let us know the progress of this bug?



On Mar 20, 3:28 pm, Joe Mayo  wrote:
> I'm seeing the same problem with 401's during authentication.  I have
> an app that has worked flawlessly (with no code changes) for months
> that is now receiving 401's.  I'm also have multiple support issues on
> users experiencing intermittent 401 errors.  For some apps, every
> authentication request results in a 401, but it seems to happen every
> other authentication for others.
>
> Joe
>
> On Mar 20, 9:10 am, Ninjamonk  wrote:
>
>
>
>
>
>
>
> > I am still getting this issue and I think it's time related at
> > twitters end.
>
> > steps:
>
> > 1. go to twitter and let user auth app
> > 2. on return use verifier and token to ask twitter for the tokens and
> > get a 401
>
> > Now if I pause step 2 before asking twitter for the tokens for 10
> > seconds it works fine.
>
> > This code has worked for over 6 months and now I am getting this issue
> > all of a sudden.
>
> > I would look at my code but there are a lot of people getting the same
> > issue.
>
> > Cheers
>
> > Darren
>
> > On Mar 19, 6:05 pm, Matt Harris  wrote:
>
> > > Hi Trevor,
>
> > > Could you share the request and response you are sending so we can
> > > investigate. Remember to obscure user and consumer secrets.
>
> > > Thanks,
> > > @themattharris
> > > Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> > > On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean  wrote:
>
> > > > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> > > > some testing this morning and was logging in fine using twitter and 
> > > > then 10
> > > > min later I started getting 401 unauthorized errors.
>
> > > > Thanks,
>
> > > > Trevor
>
> > > > --
> > > > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > > > API updates via Twitter:http://twitter.com/twitterapi
> > > > Issues/Enhancements Tracker:
> > > >http://code.google.com/p/twitter-api/issues/list
> > > > Change your membership to this group:
> > > >http://groups.google.com/group/twitter-development-talk-Hide quoted text 
> > > >-
>
> > - Show quoted text -

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Joe Mayo]

I'm seeing the same problem with 401's during authentication.  I have
an app that has worked flawlessly (with no code changes) for months
that is now receiving 401's.  I'm also have multiple support issues on
users experiencing intermittent 401 errors.  For some apps, every
authentication request results in a 401, but it seems to happen every
other authentication for others.

Joe

On Mar 20, 9:10 am, Ninjamonk  wrote:
> I am still getting this issue and I think it's time related at
> twitters end.
>
> steps:
>
> 1. go to twitter and let user auth app
> 2. on return use verifier and token to ask twitter for the tokens and
> get a 401
>
> Now if I pause step 2 before asking twitter for the tokens for 10
> seconds it works fine.
>
> This code has worked for over 6 months and now I am getting this issue
> all of a sudden.
>
> I would look at my code but there are a lot of people getting the same
> issue.
>
> Cheers
>
> Darren
>
> On Mar 19, 6:05 pm, Matt Harris  wrote:
>
>
>
> > Hi Trevor,
>
> > Could you share the request and response you are sending so we can
> > investigate. Remember to obscure user and consumer secrets.
>
> > Thanks,
> > @themattharris
> > Developer Advocate, Twitterhttp://twitter.com/themattharris
>
> > On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean  wrote:
>
> > > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> > > some testing this morning and was logging in fine using twitter and then 
> > > 10
> > > min later I started getting 401 unauthorized errors.
>
> > > Thanks,
>
> > > Trevor
>
> > > --
> > > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > > API updates via Twitter:http://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >http://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >http://groups.google.com/group/twitter-development-talk- Hide quoted text -
>
> - Show quoted text -

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 unauthorized

[Ninjamonk]

I am still getting this issue and I think it's time related at
twitters end.

steps:

1. go to twitter and let user auth app
2. on return use verifier and token to ask twitter for the tokens and
get a 401

Now if I pause step 2 before asking twitter for the tokens for 10
seconds it works fine.

This code has worked for over 6 months and now I am getting this issue
all of a sudden.

I would look at my code but there are a lot of people getting the same
issue.

Cheers

Darren

On Mar 19, 6:05 pm, Matt Harris  wrote:
> Hi Trevor,
>
> Could you share the request and response you are sending so we can
> investigate. Remember to obscure user and consumer secrets.
>
> Thanks,
> @themattharris
> Developer Advocate, Twitterhttp://twitter.com/themattharris
>
>
>
>
>
>
>
> On Sat, Mar 19, 2011 at 5:47 AM, Trevor Dean  wrote:
>
> > Is anyone else experiencing any 401 errors all of a sudden?  I was doing
> > some testing this morning and was logging in fine using twitter and then 10
> > min later I started getting 401 unauthorized errors.
>
> > Thanks,
>
> > Trevor
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> >http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> >http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 Unauthorized responses on OAUTH

[@matheuseduardo]

I'm having the same problem, using a variety of php "libraries". But is ALL 
401, no one 200. 

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 Unauthorized responses on OAUTH

[Ninjamonk]

I am also getting these problems. They have been on and off all day.

The same code works fine and 5 mins later it throws 401's and its been
working for 6 months no problem.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401: Unauthorized (Python)

[themattharris]

Hey John,

So a couple of things i've noticed.

1. You are using https://twitter.com instead of https://api.twitter.com
2. Maybe i'm following your flow incorrectly but it looks like you are
passing the OAuth parameters twice. Once in the URL parameters and
once in the body?
3. You are passing an oauth_token to the request_token endpoint.
Making a request to request_token means you don't have a token already
and want one. So that parameter shouldn't be in that request.

Best,
@themattharris

On Feb 5, 9:10 am, john  wrote:
> Matt,
>
> The response is empty, that's what I'm curious about. I've included
> the uri, headers, body and request variables below. This request was
> performed at 2/5/2011 12:06.
>
> Uri =
> 'https://twitter.com/oauth/request_token?
> oauth_nonce=47248509&oauth_timestamp=1296925690&oauth_consumer_key=h3bOaVfT 
> r8I7r2KQCzYCA&oauth_signature_method=HMAC-
> SHA1&oauth_version=1.0&oauth_signature=9fpRZWGZls2kpfUQOZFnvPPTC9s%3D'
>
> Request = {'oauth_nonce': '45640133', 'oauth_timestamp': '1296925356',
> 'oauth_consumer_key': 'h3bOaVfTr8I7r2KQCzYCA',
> 'oauth_signature_method': 'HMAC-SHA1', 'oauth_version': '1.0',
> 'oauth_token': 'Y0kKb5PhvjynbpKhfwF9na6ptznlkreKDheHo4YBmY',
> 'oauth_signature': 'zWwMR/v81XlzoeCpeYWHiMMIrPc='}
>
> Body =
> 'oauth_nonce=45640133&oauth_timestamp=1296925356&oauth_consumer_key=h3bOaVf 
> Tr8I7r2KQCzYCA&oauth_signature_method=HMAC-
> SHA1&oauth_version=1.0&oauth_token=Y0kKb5PhvjynbpKhfwF9na6ptznlkreKDheHo4YB 
> mY&oauth_signature=zWwMR
> %2Fv81XlzoeCpeYWHiMMIrPc%3D'
>
> Headers = {'Content-Type': 'application/x-www-form-urlencoded'}
>
> Thanks,
> John
>
> On Feb 4, 9:40 pm, Matt Harris  wrote:
>
>
>
>
>
>
>
> > Hi John,
>
> > That dict object doesn't contain the response body. In the response body we 
> > give an error reason such as 'Invalid signature', or 'timestamp out of 
> > bounds'.
>
> > Best,
> > Matt
>
> > On Feb 4, 2011, at 17:37, john  wrote:
>
> > > Hi Matt,
>
> > > Thanks for responding. I've posted the response below (as a python
> > > dict).
>
> > > {'status': '401', 'content-length': '1', 'x-xss-protection': '1;
> > > mode=block', 'x-transaction': 'Sat Feb 05 01:33:54 +
> > > 2011-76395-3097', 'set-cookie': 'k=74.128.37.77.1296869634703204;
> > > path=/; expires=Sat, 12-Feb-11 01:33:54 GMT; domain=.twitter.com,
> > > guest_id=129686963484327539; path=/; expires=Mon, 07 Mar 2011 01:33:54
> > > GMT,
> > > _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBwzdPMtAToHaWQiJWY1OTdhNDQ2Yjg1YzIw
> > > %250AYTVjMmEyNWUyMjM2ZTY1ZGY3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> > > %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--01f06bea7e9f7559080f47e3b046
> > >  117c40c39212;
> > > domain=.twitter.com; path=/', 'expires': 'Tue, 31 Mar 1981 05:00:00
> > > GMT', 'vary': 'Accept-Encoding', 'x-runtime': '0.00533', 'server':
> > > 'hi', 'x-revision': 'DEV', 'last-modified': 'Sat, 05 Feb 2011 01:33:54
> > > GMT', 'connection': 'close', 'pragma': 'no-cache', 'cache-control':
> > > 'no-cache, no-store, must-revalidate, pre-check=0, post-check=0',
> > > 'date': 'Sat, 05 Feb 2011 01:33:54 GMT', 'x-frame-options':
> > > 'SAMEORIGIN', 'content-type': 'text/html; charset=utf-8'}
>
> > > From what I've read, Twitter's oauth responses lack the error handling
> > > that one would like. Any idea where I should go from here? I found the
> > > section of the library I'm using that creates the UTC timestamp, by
> > > calling time.time(). I would think that Django's timezone property
> > > would set the runtime timezone, however I have not checked that
> > > specifically. Any ideas?
>
> > > Thanks,
> > > John
>
> > > On Feb 4, 4:58 pm, Matt Harris  wrote:
> > >> Hi John,
>
> > >> What is the does the body of the error response say? The message will 
> > >> tell you which part of the oauth request failed.
>
> > >> Also be aware that oauth timestamps are in UTC seconds.  
>
> > >> Best,
> > >> @themattharris
>
> > >> On Feb 4, 2011, at 12:45, john  wrote:
>
> > >>> I have an application that contains a simple setup using the
> > >>> oauthtwitter library found here.
>
> > >>>http://code.google.com/p/oauth-python-twitter/
>
> > >>> #Example code
> > >>> twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
> > >>> CONSUMER_SECRET)
> > >>> request_token = twitter.getRequestToken()
> > >>> oauth_verifier = request.GET.get('oauth_verifier')
> > >>> access_token = twitter.getAccessToken(request_token, oauth_verifier)
>
> > >>> I'm failing at getting the access token. I have a verifier and am
> > >>> passing that along, like the example in the oauth lib, however am
> > >>> continuing to get (all day now) 401s. My system time is set correctly,
> > >>> as this is in a Django project, and I'm setting it via TIME_ZONE =
> > >>> 'America/Kentucky/Louisville' in my settings.py. Can anyone help?
>
> > >>> Thanks,
> > >>> John
>
> > >>> --
> > >>> Twitter developer documentation and resources:http://dev.twitter.com/doc
> > >>> API updates via Twitter:http://twitter.com/twitterapi
> > >>> Issues/Enhan

[twitter-dev] Re: 401: Unauthorized (Python)

[john]

Matt,

The response is empty, that's what I'm curious about. I've included
the uri, headers, body and request variables below. This request was
performed at 2/5/2011 12:06.

Uri =
'https://twitter.com/oauth/request_token?
oauth_nonce=47248509&oauth_timestamp=1296925690&oauth_consumer_key=h3bOaVfTr8I7r2KQCzYCA&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_signature=9fpRZWGZls2kpfUQOZFnvPPTC9s%3D'

Request = {'oauth_nonce': '45640133', 'oauth_timestamp': '1296925356',
'oauth_consumer_key': 'h3bOaVfTr8I7r2KQCzYCA',
'oauth_signature_method': 'HMAC-SHA1', 'oauth_version': '1.0',
'oauth_token': 'Y0kKb5PhvjynbpKhfwF9na6ptznlkreKDheHo4YBmY',
'oauth_signature': 'zWwMR/v81XlzoeCpeYWHiMMIrPc='}

Body =
'oauth_nonce=45640133&oauth_timestamp=1296925356&oauth_consumer_key=h3bOaVfTr8I7r2KQCzYCA&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=Y0kKb5PhvjynbpKhfwF9na6ptznlkreKDheHo4YBmY&oauth_signature=zWwMR
%2Fv81XlzoeCpeYWHiMMIrPc%3D'

Headers = {'Content-Type': 'application/x-www-form-urlencoded'}


Thanks,
John

On Feb 4, 9:40 pm, Matt Harris  wrote:
> Hi John,
>
> That dict object doesn't contain the response body. In the response body we 
> give an error reason such as 'Invalid signature', or 'timestamp out of 
> bounds'.
>
> Best,
> Matt
>
> On Feb 4, 2011, at 17:37, john  wrote:
>
> > Hi Matt,
>
> > Thanks for responding. I've posted the response below (as a python
> > dict).
>
> > {'status': '401', 'content-length': '1', 'x-xss-protection': '1;
> > mode=block', 'x-transaction': 'Sat Feb 05 01:33:54 +
> > 2011-76395-3097', 'set-cookie': 'k=74.128.37.77.1296869634703204;
> > path=/; expires=Sat, 12-Feb-11 01:33:54 GMT; domain=.twitter.com,
> > guest_id=129686963484327539; path=/; expires=Mon, 07 Mar 2011 01:33:54
> > GMT,
> > _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBwzdPMtAToHaWQiJWY1OTdhNDQ2Yjg1YzIw
> > %250AYTVjMmEyNWUyMjM2ZTY1ZGY3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> > %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--01f06bea7e9f7559080f47e3b046117c40c39212;
> > domain=.twitter.com; path=/', 'expires': 'Tue, 31 Mar 1981 05:00:00
> > GMT', 'vary': 'Accept-Encoding', 'x-runtime': '0.00533', 'server':
> > 'hi', 'x-revision': 'DEV', 'last-modified': 'Sat, 05 Feb 2011 01:33:54
> > GMT', 'connection': 'close', 'pragma': 'no-cache', 'cache-control':
> > 'no-cache, no-store, must-revalidate, pre-check=0, post-check=0',
> > 'date': 'Sat, 05 Feb 2011 01:33:54 GMT', 'x-frame-options':
> > 'SAMEORIGIN', 'content-type': 'text/html; charset=utf-8'}
>
> > From what I've read, Twitter's oauth responses lack the error handling
> > that one would like. Any idea where I should go from here? I found the
> > section of the library I'm using that creates the UTC timestamp, by
> > calling time.time(). I would think that Django's timezone property
> > would set the runtime timezone, however I have not checked that
> > specifically. Any ideas?
>
> > Thanks,
> > John
>
> > On Feb 4, 4:58 pm, Matt Harris  wrote:
> >> Hi John,
>
> >> What is the does the body of the error response say? The message will tell 
> >> you which part of the oauth request failed.
>
> >> Also be aware that oauth timestamps are in UTC seconds.  
>
> >> Best,
> >> @themattharris
>
> >> On Feb 4, 2011, at 12:45, john  wrote:
>
> >>> I have an application that contains a simple setup using the
> >>> oauthtwitter library found here.
>
> >>>http://code.google.com/p/oauth-python-twitter/
>
> >>> #Example code
> >>> twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
> >>> CONSUMER_SECRET)
> >>> request_token = twitter.getRequestToken()
> >>> oauth_verifier = request.GET.get('oauth_verifier')
> >>> access_token = twitter.getAccessToken(request_token, oauth_verifier)
>
> >>> I'm failing at getting the access token. I have a verifier and am
> >>> passing that along, like the example in the oauth lib, however am
> >>> continuing to get (all day now) 401s. My system time is set correctly,
> >>> as this is in a Django project, and I'm setting it via TIME_ZONE =
> >>> 'America/Kentucky/Louisville' in my settings.py. Can anyone help?
>
> >>> Thanks,
> >>> John
>
> >>> --
> >>> Twitter developer documentation and resources:http://dev.twitter.com/doc
> >>> API updates via Twitter:http://twitter.com/twitterapi
> >>> Issues/Enhancements 
> >>> Tracker:http://code.google.com/p/twitter-api/issues/list
> >>> Change your membership to this 
> >>> group:http://groups.google.com/group/twitter-development-talk
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this 
> > group:http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your member

Re: [twitter-dev] Re: 401: Unauthorized (Python)

[Matt Harris]

Hi John,

That dict object doesn't contain the response body. In the response body we 
give an error reason such as 'Invalid signature', or 'timestamp out of bounds'.

Best,
Matt

On Feb 4, 2011, at 17:37, john  wrote:

> Hi Matt,
> 
> Thanks for responding. I've posted the response below (as a python
> dict).
> 
> {'status': '401', 'content-length': '1', 'x-xss-protection': '1;
> mode=block', 'x-transaction': 'Sat Feb 05 01:33:54 +
> 2011-76395-3097', 'set-cookie': 'k=74.128.37.77.1296869634703204;
> path=/; expires=Sat, 12-Feb-11 01:33:54 GMT; domain=.twitter.com,
> guest_id=129686963484327539; path=/; expires=Mon, 07 Mar 2011 01:33:54
> GMT,
> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBwzdPMtAToHaWQiJWY1OTdhNDQ2Yjg1YzIw
> %250AYTVjMmEyNWUyMjM2ZTY1ZGY3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--01f06bea7e9f7559080f47e3b046117c40c39212;
> domain=.twitter.com; path=/', 'expires': 'Tue, 31 Mar 1981 05:00:00
> GMT', 'vary': 'Accept-Encoding', 'x-runtime': '0.00533', 'server':
> 'hi', 'x-revision': 'DEV', 'last-modified': 'Sat, 05 Feb 2011 01:33:54
> GMT', 'connection': 'close', 'pragma': 'no-cache', 'cache-control':
> 'no-cache, no-store, must-revalidate, pre-check=0, post-check=0',
> 'date': 'Sat, 05 Feb 2011 01:33:54 GMT', 'x-frame-options':
> 'SAMEORIGIN', 'content-type': 'text/html; charset=utf-8'}
> 
> From what I've read, Twitter's oauth responses lack the error handling
> that one would like. Any idea where I should go from here? I found the
> section of the library I'm using that creates the UTC timestamp, by
> calling time.time(). I would think that Django's timezone property
> would set the runtime timezone, however I have not checked that
> specifically. Any ideas?
> 
> Thanks,
> John
> 
> On Feb 4, 4:58 pm, Matt Harris  wrote:
>> Hi John,
>> 
>> What is the does the body of the error response say? The message will tell 
>> you which part of the oauth request failed.
>> 
>> Also be aware that oauth timestamps are in UTC seconds.  
>> 
>> Best,
>> @themattharris
>> 
>> On Feb 4, 2011, at 12:45, john  wrote:
>> 
>>> I have an application that contains a simple setup using the
>>> oauthtwitter library found here.
>> 
>>> http://code.google.com/p/oauth-python-twitter/
>> 
>>> #Example code
>>> twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
>>> CONSUMER_SECRET)
>>> request_token = twitter.getRequestToken()
>>> oauth_verifier = request.GET.get('oauth_verifier')
>>> access_token = twitter.getAccessToken(request_token, oauth_verifier)
>> 
>>> I'm failing at getting the access token. I have a verifier and am
>>> passing that along, like the example in the oauth lib, however am
>>> continuing to get (all day now) 401s. My system time is set correctly,
>>> as this is in a Django project, and I'm setting it via TIME_ZONE =
>>> 'America/Kentucky/Louisville' in my settings.py. Can anyone help?
>> 
>>> Thanks,
>>> John
>> 
>>> --
>>> Twitter developer documentation and resources:http://dev.twitter.com/doc
>>> API updates via Twitter:http://twitter.com/twitterapi
>>> Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
>>> Change your membership to this 
>>> group:http://groups.google.com/group/twitter-development-talk
> 
> -- 
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401: Unauthorized (Python)

[john]

Hi Matt,

Thanks for responding. I've posted the response below (as a python
dict).

{'status': '401', 'content-length': '1', 'x-xss-protection': '1;
mode=block', 'x-transaction': 'Sat Feb 05 01:33:54 +
2011-76395-3097', 'set-cookie': 'k=74.128.37.77.1296869634703204;
path=/; expires=Sat, 12-Feb-11 01:33:54 GMT; domain=.twitter.com,
guest_id=129686963484327539; path=/; expires=Mon, 07 Mar 2011 01:33:54
GMT,
_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBwzdPMtAToHaWQiJWY1OTdhNDQ2Yjg1YzIw
%250AYTVjMmEyNWUyMjM2ZTY1ZGY3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--01f06bea7e9f7559080f47e3b046117c40c39212;
domain=.twitter.com; path=/', 'expires': 'Tue, 31 Mar 1981 05:00:00
GMT', 'vary': 'Accept-Encoding', 'x-runtime': '0.00533', 'server':
'hi', 'x-revision': 'DEV', 'last-modified': 'Sat, 05 Feb 2011 01:33:54
GMT', 'connection': 'close', 'pragma': 'no-cache', 'cache-control':
'no-cache, no-store, must-revalidate, pre-check=0, post-check=0',
'date': 'Sat, 05 Feb 2011 01:33:54 GMT', 'x-frame-options':
'SAMEORIGIN', 'content-type': 'text/html; charset=utf-8'}

>From what I've read, Twitter's oauth responses lack the error handling
that one would like. Any idea where I should go from here? I found the
section of the library I'm using that creates the UTC timestamp, by
calling time.time(). I would think that Django's timezone property
would set the runtime timezone, however I have not checked that
specifically. Any ideas?

Thanks,
John

On Feb 4, 4:58 pm, Matt Harris  wrote:
> Hi John,
>
> What is the does the body of the error response say? The message will tell 
> you which part of the oauth request failed.
>
> Also be aware that oauth timestamps are in UTC seconds.  
>
> Best,
> @themattharris
>
> On Feb 4, 2011, at 12:45, john  wrote:
>
> > I have an application that contains a simple setup using the
> > oauthtwitter library found here.
>
> >http://code.google.com/p/oauth-python-twitter/
>
> > #Example code
> > twitter = app.extras.oauthtwitter.OAuthApi(CONSUMER_KEY,
> > CONSUMER_SECRET)
> > request_token = twitter.getRequestToken()
> > oauth_verifier = request.GET.get('oauth_verifier')
> > access_token = twitter.getAccessToken(request_token, oauth_verifier)
>
> > I'm failing at getting the access token. I have a verifier and am
> > passing that along, like the example in the oauth lib, however am
> > continuing to get (all day now) 401s. My system time is set correctly,
> > as this is in a Django project, and I'm setting it via TIME_ZONE =
> > 'America/Kentucky/Louisville' in my settings.py. Can anyone help?
>
> > Thanks,
> > John
>
> > --
> > Twitter developer documentation and resources:http://dev.twitter.com/doc
> > API updates via Twitter:http://twitter.com/twitterapi
> > Issues/Enhancements Tracker:http://code.google.com/p/twitter-api/issues/list
> > Change your membership to this 
> > group:http://groups.google.com/group/twitter-development-talk

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

[twitter-dev] Re: 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

Hi Taylor: For your interest (In case someone else asks):
We now have oAuth/xAuth working for Progress open edge and have the
basic Twitter status and command functions operational as they were
before. There is sample source and Progress open edge twitter
libraries we are working on now at 
http://www.coresoft.com.au/coreforum/index.php?topic=38.0


On Nov 2, 9:40 am, Taylor Singletary 
wrote:
> Hi Martin,
>
> Thanks for your patience in working through xAuth with the issues you're
> facing. Given the information you've provided, it's difficult to determine
> exactly what might be amiss here.
>
> I'm unfamiliar with the programming environment you are using -- do you know
> if your HTTP transport method munges any HTTP headers or adds its own HTTP
> headers in any way? If you utilize an access token obtained through other
> means (such as by the procedure outlined inhttp://bit.ly/1token) are you
> able to get any other kind of OAuth-based requests functional with your
> OAuth library?
>
> You mentioned that you successfully recreated the examples 
> athttp://dev.twitter.com/pages/xauth-- acknowledging that those values would
> also return a 401 from our API but provide a "safe" login & password you can
> share on a public forum, is there any way you can perform an HTTP capture of
> the entire request cycle using those static values? This would allow us to
> see the entire HTTP request, including headers sent/received, the raw POST
> body, etc -- which may yield an obvious answer as to why your implementation
> is not working.
>
> Hang in there!
> Taylor
>
> On Tue, Oct 26, 2010 at 3:20 PM, Martin 
> Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlightingwrote:>
>  We had an application successfully talking to twitter for a few years
> > prior to oAuth, and now converting this application to xAuth and cant
> > get past the first step.
>
> > The application gets a 401 "Unauthorized" response when attempting to
> > get the access token.
>
> > Have confirmed our program when provided with the same consumer_key
> > and Secret key as on twitter documentation page
> >http://dev.twitter.com/pages/xauth
> > produces exactly the same Singature, parameters, base string as on
> >http://dev.twitter.com/pages/xauthdoco page. (i.e. have done detailed
> > string comparisons of output at each step to the twitter documentation
> >http://dev.twitter.com/pages/xauthby placing the twitter values in a
> > string variable and comparing to the values produced by our program,
> > so confident these are the same) .
>
> > Using our consumer and secret keys in the test site
>
> >http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> > and compared the base string and signature results to our program and
> > again they are exactly the same.
>
> > Have checked the time stamp is producing correct time (based on enoch
> > time) by comparing against againsthttp://unixtimestamp.com/index.php
>
> > Passing my consumer_secret with & at end into signature generator
> > (which as I said above seems to be producing correct results because
> > we used values inhttp://dev.twitter.com/pages/xauthand it generated
> > the same oauth_signature value)
>
> > Base string:
> > POST&https%3A%2F%2Fapi.twitter.com%2Foauth
> > %2Faccess_token&oauth_consumer_key%3D1q0ZoaBf3fKFP1hSmhVNQ
> > %26oauth_nonce
> > %3Duv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8%26oauth_signature_method
> > %3DHMAC-SHA1%26oauth_timestamp%3D1288131701%26oauth_version
> > %3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D
> > %26x_auth_username%3D
>
> > Authorization header parameters:
> > OAuth oauth_nonce="uv3AtzLBjawzvasO3EPAU3bbR53NyHGlvLp33IRCzG8",
> > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288131701",
> > oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
> > oauth_signature="VQYSXdvrEtlvugqUpTXbCjYTNa0%3D", oauth_version="1.0"
>
> > Twitter response:
> > Status= 401
> > StatusTxt= Unauthorized
> > Headers= Date: Tue, 26 Oct 2010 21:22:01 GMT
> > Server: hi
> > Status: 401 Unauthorized
> > X-Transaction: 1288128121-92836-33309
> > Last-Modified: Tue, 26 Oct 2010 21:22:01 GMT
> > X-Runtime: 0.00473
> > Content-Type: text/html; charset=utf-8
> > Pragma: no-cache
> > X-Revision: DEV
> > Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> > check=0
> > Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMdIa
> > %252BorASIKZmxhc2hJQzonQWN0aW9uQ29u
> > %250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWJl
> > %250AYzdlZGEzMDAwYmMwOWJhMTEwMzIyYjE1MTc5YzAw--
> > f24fc1f95d728598870821f98152985632dbcc66; domain=.twitter.com; path=/
> > Connection: close
>
> > The actual Send procedure is: (tried procedure using both both blank
> > and valid p-username and p-password)
> > define var objHTTP  as com-handle.
> > Create "Microsoft.XMLHTTP" objHTTP .
> > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > objHTTP:setRequestHeader('Authoriz

[twitter-dev] Re: 401 Unauthorized errors with Progress Open Edge using xAuth to get Access token

[Martin Hannah]

We now have oAuth/xAuth working for Progress open edge and have the
basic Twitter status and command functions operational as they were
before. You can find sample source and Progress open edge twitter
libraries we are working on now at
http://www.coresoft.com.au/coreforum/index.php?PHPSESSID=87aaa10a26a77fb99837fe711ecbaaa5;topic=38.msg43


On Nov 2, 11:22 pm, Martin Hannah  wrote:
> Hi Taylor,
> Now I have the Access Token and I use the explanations 
> inhttp://dev.twitter.com/pages/authto make a request on users behalf, I
> get a response from twitter:
>
> Twitter Response= {"errors":[{"code":53,"message":"Basic
> authentication is not supported"}]}
> Status= 401
> StatusTxt= Unauthorized
>
> I am using the same procedure just changing the paramaters to follow
> the example inhttp://dev.twitter.com/pages/authand signing the
> request with oauth_consumer_secret + "&" +  oauth_token_secret tied to
> my access token...
>
> Posting to:http://api.twitter.com/1/statuses/update.json
>
> Authorization header parameters:
> OAuth oauth_consumer_key="1q0ZoaBf3fKFP1hSmhVNQ",
> oauth_nonce="M2XTcq44gwlMHw9VbP98FQkB7TRSc1iIX0IOiAA500B",
> oauth_signature="f6Xz1tSwO8FCvkIJu4mgXYfNvUM%3D",
> oauth_signature_method="HMAC-SHA1",
> oauth_timestamp="1288703533",
> oauth_token="46989789-6NoccKZ1NVN3wdtlRGyhQrUG3b9RcU9Tkn372uIg3",
> oauth_version="1.0", status="PostingthroughMicrosoftXMLHTTP"
>
> Any suggestions ?
>
>
>
> Martin 
> Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlightingwrote:
> > Hi Taylor,
>
> > Success, the missing peice of the puzzle was that we needed to send
> > the post Body, which although it was explained in documentation, we
> > thought it was there for explanation of how the values are accumulated
> > for the base string.. seems obvious now, but when your trying to do
> > this for 1st time, it wasnt obvious then.
>
> > So the find part of the send is:
> > objHTTP:send("x_auth_username=oauth_test_exec&x_auth_password=twitter-
> > xauth&x_auth_mode=client_auth").
>
> > So my last question is, should this be url encoded, because when we
> > URL encoded (as the doco suggests) it did NOT work.
>
> > Martin 
> > Hannahbegin_of_the_skype_highlighting end_of_the_skype_highlightingwrote:
> > > Hi Taylor,
> > > In order to test your 1st suggestion "do you know if your HTTP
> > > transport method munges any HTTP headers or adds its own HTTP headers
> > > in any way?" we created a simple test procedure on our public web
> > > server, to simulate the google end 
> > > pointhttps://api.twitter.com/oauth/access_token.
> > > So with our test program pointing to another end point we could
> > > capture the values that googles end point might receive.
> > > The values received by our web service end point (simulator) (along
> > > with other CGI values) are:
>
> > > HTTP_AUTHORIZATION= OAuth oauth_consumer_key="TY0Js5vMc04HNqmqIkNEnQ",
> > > oauth_nonce="jGmEee2Jc0DaEK516jl6g2FSHgOgmNPqlpK43UJYXZF",
> > > oauth_signature="%2Bd2K%2FxydAtBaSETDWwXCo4LN1Js%3D",
> > > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1288666484",
> > > oauth_version="1.0"
> > > REQUEST_METHOD=POST
>
> > > So I presume this is indicating the post request is not munged/altered
> > > in any way by the Microsoft XMLHTTP OCX when it sends the request
> > > using:
> > > > > Create "Microsoft.XMLHTTP" objHTTP .
> > > > > objHTTP:open("POST",api-atokin, false, p-username, p-password).
> > > > > objHTTP:setRequestHeader('Authorization', v-params).
> > > > > objHTTP:SetRequestHeader("Content-Type","application/x-www-form-
> > > > > urlencoded").
> > > > > objHTTP:send().
>
> > > Note: The syntax of the Progress code (above) that uses objHTTP is
> > > very similiar to Visual basic. In fact we used the syntax for
> > > objHTTP:open and setRequestHeader("Authorization" that you see above,
> > > in the same way as it is used in the googe examples in
> > >http://oauth.googlecode.com/svn/code/javascript/example/AJAX.html
> > > (open this Google example page and view HTML source from lines 32 to
> > > 53..)
>
> > > We are checking the 2nd and 3rd suggestions now... and hope to have
> > > further test results posted in next few hours..
>
> > > Taylor Singletary wrote:
> > > > Hi Martin,
>
> > > > Thanks for your patience in working through xAuth with the issues you're
> > > > facing. Given the information you've provided, it's difficult to 
> > > > determine
> > > > exactly what might be amiss here.
>
> > > > I'm unfamiliar with the programming environment you are using -- do you 
> > > > know
> > > > if your HTTP transport method munges any HTTP headers or adds its own 
> > > > HTTP
> > > > headers in any way? If you utilize an access token obtained through 
> > > > other
> > > > means (such as by the procedure outlined inhttp://bit.ly/1token) are you
> > > > able to get any other kind of OAuth-based requests functional with your
> > > > OAuth library?
>
> > > > You mentioned that you successfully recreated the examples at
> > > >h

[twitter-dev] Re: 401 Unauthorized. Frustrating!!!

[ben.biddington]

What does the body of the response read?



On Aug 21, 2:54 pm, Mukha Mudra  wrote:
> Hi,
>     I am doing a GET request with query parameters as 
> followshttp://api.twitter.com/oauth/request_token?oauth_callback="oob"&oauth_consumer_key="N3jplhm1n1ypCzg2eWEg2w"&oauth_signature_method="H
>  MAC-SHA1"&oauth_signature="Tcwwe1C5Rp5kt4TthmjzHB53R7Y%3D"&oauth_timestamp= 
> "1282398388"&oauth_nonce="9dgADgZQgJwK"&oauth_token=""&oauth_version="1.0"
>
> I checked the signature formation 
> onhttp://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> and it is accurate.
>
> But i get '401 Unauthorized' in response. I also tried Authorization
> header and POST. But same response.
> I am trying this from Symbian Application.
> In my application settings i have chose 'Desktop client' and 'Read and
> Write' access.
> I have been trying this since past couple of days. What could be the
> issue? How can i get this right and running.
>
> Regards
> Biju

[twitter-dev] Re: 401 Unauthorized. Frustrating!!!

[Mukha Mudra]

Ok i tried again with Authorization header.
It is as follows
OAuth
oauth_nonce="RF8P1N7n60mE",oauth_callback="oob",oauth_signature_method="HMAC-
SHA1",oauth_timestamp="1282404507",oauth_consumer_key="N3jplhm1n1ypCzg2eWEg2w",oauth_signature="S0tx5EeTGk1m
%2BcH5HMmjg6UTW9U%3D",oauth_version="1.0"

Can anyone point out as to what is the issue.
This is really getting very frustrating. All i get is 401
unauthorized.

On Aug 21, 6:54 pm, Mukha Mudra  wrote:
> Hi,
>     I am doing a GET request with query parameters as 
> followshttp://api.twitter.com/oauth/request_token?oauth_callback="oob"&oauth_consumer_key="N3jplhm1n1ypCzg2eWEg2w"&oauth_signature_method="H
>  MAC-SHA1"&oauth_signature="Tcwwe1C5Rp5kt4TthmjzHB53R7Y%3D"&oauth_timestamp= 
> "1282398388"&oauth_nonce="9dgADgZQgJwK"&oauth_token=""&oauth_version="1.0"
>
> I checked the signature formation 
> onhttp://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin...
> and it is accurate.
>
> But i get '401 Unauthorized' in response. I also tried Authorization
> header and POST. But same response.
> I am trying this from Symbian Application.
> In my application settings i have chose 'Desktop client' and 'Read and
> Write' access.
> I have been trying this since past couple of days. What could be the
> issue? How can i get this right and running.
>
> Regards
> Biju

[twitter-dev] Re: 401 Unauthorized with oauth gem

[Spiceee]

I found out that my app switched from read-write to read only. I didn't get
any email about that. Bummer.

-Fabio.

On Fri, Apr 23, 2010 at 12:17 AM, Spiceee  wrote:

>
> Did anything change in the API (couldn't find anything in the API
> changelog) that would make all new users who are associating their Twitter
> acounts to my app get a 401 on status update? All accounts up to a few days
> ago are still working, newer ones get 401 using absolutely the same codebase
> and the oauth gem (Ruby) version 0.3.6. Kinda hard to debug.
>
> Cheers,
>
> -Fabio.
>
>


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

Re: [twitter-dev] Re: 401 Unauthorized

[Mark McBride]

Everything looks fine with your POST conversation.  Can you email directly
with more details?
1) What library/tool are you using to make your POSTs?
2) What are the OS/architectures you're running on in your different
environments?
3) Are there odd characters in the password? (could this be a character
encoding issue?)

These are shots in the dark.  We're not seeing this with other
users/environments that I know of.

  ---Mark

http://twitter.com/mccv


On Mon, Mar 22, 2010 at 7:29 AM, Uladzimir Pashkevich <
v.pashkev...@gmail.com> wrote:

> Hi Mark,
>
> Thanks for your reply! Screen name of the account is dmlreach. Please
> see the request and 2 responses.
>
> Request:
>
> GET /1/account/verify_credentials.xml HTTP/1.1
> Authorization: Basic 
> Host: api.twitter.com
>
> OK response headers:
>
> Status: 200 OK
> X-Transaction: 1269267625-43203-17004
> X-RateLimit-Limit: 2
> X-RateLimit-Remaining: 19998
> X-Runtime: 0.06217
> Pragma: no-cache
> X-RateLimit-Class: api_whitelisted
> X-Revision: DEV
> X-RateLimit-Reset: 1269271222
> Content-Length: 2730
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> check=0
> Content-Type: application/xml; charset=utf-8
> Date: Mon, 22 Mar 2010 14:20:25 GMT
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
> ETag: "1f0dfa0c9c82fe48bec465b9bad3793a"
> Last-Modified: Mon, 22 Mar 2010 14:20:25 GMT
> Set-Cookie: guest_id=1269267625681; path=/,lang=en;
>
> path=/,_twitter_sess=BAh7CToRdHJhbnNfcHJvbXB0MDoPY3JlYXRlZF9hdGwrCOn2PoYnAToHaWQi
> %250AJWIyNDJhNjNkZjI1MzVkZDBmMWE5ODExZWMxOGE1ZjRkIgpmbGFzaElDOidB
> %250AY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
> bbde5312124b201f3cead86cb3d7e2947579ab88; domain=.twitter.com; path=/
> Server: hi
> Vary: Accept-Encoding
> Connection: close
>
> 401 response headers:
>
> Status: 401 Unauthorized
> X-Runtime: 0.00763
> Content-Length: 155
> Cache-Control: no-cache, max-age=1800
> Content-Type: application/xml; charset=utf-8
> Date: Mon, 22 Mar 2010 14:04:48 GMT
> Set-Cookie: guest_id=1269266688016;
>
> path=/,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBeoMIYnAToHaWQiJWE1ZjZhMDdjZDA5OWUy
> %250AZjM1ZDFmMmY5Mzc1YWFjMTQ4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
> fcdae0e1bde0a38c30903e86171f6b7a26afa0d0; domain=.twitter.com; path=/
> Server: hi
> WWW-Authenticate: Basic realm="Twitter API"
> Expires: Mon, 22 Mar 2010 14:34:47 GMT
> Vary: Accept-Encoding
> Connection: close
>
>
> So, in response to the same request I got two different responses.
> Both requests were made from the same server.
>
> I would be very grateful if someone could help me with this issue.
>
> On Mar 17, 7:29 pm, Mark McBride  wrote:
> > Without more details it's tough to say.  Do you at least have the screen
> > name of the account in question, and details on both the success and
> failure
> > environments?
> >
> >   ---Mark
> >
> > http://twitter.com/mccv
> >
> > On Wed, Mar 17, 2010 at 1:39 AM, Uladzimir Pashkevich <
> >
> > v.pashkev...@gmail.com> wrote:
> > > Does anyone has any ideas? Any help is really appreciated, because I
> > > can't understand this kind of the API's behavior.
> >
> > > On Mar 12, 6:40 pm, Uladzimir Pashkevich 
> > > wrote:
> > > > Hi everyone,
> >
> > > > I am developing an application using Twitter API and I have
> > > > encountered into a strange behavior connected with 401 error. I am
> > > > using basic auth. When I run my application locally, it works just
> > > > fine and I never get any 401 errors. However, when I run my
> > > > application on another environment, I get 401 error in approximately
> > > > 80% cases. I am completely sure that the credentials are correct.
> >
> > > > What makes this situation even more weird is that I am working with
> > > > several accounts, and most of them work fine in both environments. I
> > > > am experiencing problems only with one account. All accounts I work
> > > > with are whitelisted, so rate limit should not be an issue here.
> >
> > > > I have no idea what may cause this behavior. Could you please explain
> > > > me the possible reasons I am getting 401?
> >
> > > > Thanks,
> > > > Uladzimir
>
> To unsubscribe from this group, send email to twitter-development-talk+
> unsubscribegooglegroups.com or reply to this email with the words "REMOVE
> ME" as the subject.
>

To unsubscribe from this group, send email to 
twitter-development-talk+unsubscribegooglegroups.com or reply to this email 
with the words "REMOVE ME" as the subject.

[twitter-dev] Re: 401 Unauthorized

[Uladzimir Pashkevich]

Hi Mark,

Thanks for your reply! Screen name of the account is dmlreach. Please
see the request and 2 responses.

Request:

GET /1/account/verify_credentials.xml HTTP/1.1
Authorization: Basic 
Host: api.twitter.com

OK response headers:

Status: 200 OK
X-Transaction: 1269267625-43203-17004
X-RateLimit-Limit: 2
X-RateLimit-Remaining: 19998
X-Runtime: 0.06217
Pragma: no-cache
X-RateLimit-Class: api_whitelisted
X-Revision: DEV
X-RateLimit-Reset: 1269271222
Content-Length: 2730
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
Content-Type: application/xml; charset=utf-8
Date: Mon, 22 Mar 2010 14:20:25 GMT
Expires: Tue, 31 Mar 1981 05:00:00 GMT
ETag: "1f0dfa0c9c82fe48bec465b9bad3793a"
Last-Modified: Mon, 22 Mar 2010 14:20:25 GMT
Set-Cookie: guest_id=1269267625681; path=/,lang=en;
path=/,_twitter_sess=BAh7CToRdHJhbnNfcHJvbXB0MDoPY3JlYXRlZF9hdGwrCOn2PoYnAToHaWQi
%250AJWIyNDJhNjNkZjI1MzVkZDBmMWE5ODExZWMxOGE1ZjRkIgpmbGFzaElDOidB
%250AY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
bbde5312124b201f3cead86cb3d7e2947579ab88; domain=.twitter.com; path=/
Server: hi
Vary: Accept-Encoding
Connection: close

401 response headers:

Status: 401 Unauthorized
X-Runtime: 0.00763
Content-Length: 155
Cache-Control: no-cache, max-age=1800
Content-Type: application/xml; charset=utf-8
Date: Mon, 22 Mar 2010 14:04:48 GMT
Set-Cookie: guest_id=1269266688016;
path=/,_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCBeoMIYnAToHaWQiJWE1ZjZhMDdjZDA5OWUy
%250AZjM1ZDFmMmY5Mzc1YWFjMTQ4IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
fcdae0e1bde0a38c30903e86171f6b7a26afa0d0; domain=.twitter.com; path=/
Server: hi
WWW-Authenticate: Basic realm="Twitter API"
Expires: Mon, 22 Mar 2010 14:34:47 GMT
Vary: Accept-Encoding
Connection: close


So, in response to the same request I got two different responses.
Both requests were made from the same server.

I would be very grateful if someone could help me with this issue.

On Mar 17, 7:29 pm, Mark McBride  wrote:
> Without more details it's tough to say.  Do you at least have the screen
> name of the account in question, and details on both the success and failure
> environments?
>
>   ---Mark
>
> http://twitter.com/mccv
>
> On Wed, Mar 17, 2010 at 1:39 AM, Uladzimir Pashkevich <
>
> v.pashkev...@gmail.com> wrote:
> > Does anyone has any ideas? Any help is really appreciated, because I
> > can't understand this kind of the API's behavior.
>
> > On Mar 12, 6:40 pm, Uladzimir Pashkevich 
> > wrote:
> > > Hi everyone,
>
> > > I am developing an application using Twitter API and I have
> > > encountered into a strange behavior connected with 401 error. I am
> > > using basic auth. When I run my application locally, it works just
> > > fine and I never get any 401 errors. However, when I run my
> > > application on another environment, I get 401 error in approximately
> > > 80% cases. I am completely sure that the credentials are correct.
>
> > > What makes this situation even more weird is that I am working with
> > > several accounts, and most of them work fine in both environments. I
> > > am experiencing problems only with one account. All accounts I work
> > > with are whitelisted, so rate limit should not be an issue here.
>
> > > I have no idea what may cause this behavior. Could you please explain
> > > me the possible reasons I am getting 401?
>
> > > Thanks,
> > > Uladzimir

To unsubscribe from this group, send email to 
twitter-development-talk+unsubscribegooglegroups.com or reply to this email 
with the words "REMOVE ME" as the subject.

Re: [twitter-dev] Re: 401 Unauthorized

[Mark McBride]

Without more details it's tough to say.  Do you at least have the screen
name of the account in question, and details on both the success and failure
environments?

  ---Mark

http://twitter.com/mccv


On Wed, Mar 17, 2010 at 1:39 AM, Uladzimir Pashkevich <
v.pashkev...@gmail.com> wrote:

> Does anyone has any ideas? Any help is really appreciated, because I
> can't understand this kind of the API's behavior.
>
> On Mar 12, 6:40 pm, Uladzimir Pashkevich 
> wrote:
> > Hi everyone,
> >
> > I am developing an application using Twitter API and I have
> > encountered into a strange behavior connected with 401 error. I am
> > using basic auth. When I run my application locally, it works just
> > fine and I never get any 401 errors. However, when I run my
> > application on another environment, I get 401 error in approximately
> > 80% cases. I am completely sure that the credentials are correct.
> >
> > What makes this situation even more weird is that I am working with
> > several accounts, and most of them work fine in both environments. I
> > am experiencing problems only with one account. All accounts I work
> > with are whitelisted, so rate limit should not be an issue here.
> >
> > I have no idea what may cause this behavior. Could you please explain
> > me the possible reasons I am getting 401?
> >
> > Thanks,
> > Uladzimir
>

[twitter-dev] Re: 401 Unauthorized

[Uladzimir Pashkevich]

Does anyone has any ideas? Any help is really appreciated, because I
can't understand this kind of the API's behavior.

On Mar 12, 6:40 pm, Uladzimir Pashkevich 
wrote:
> Hi everyone,
>
> I am developing an application using Twitter API and I have
> encountered into a strange behavior connected with 401 error. I am
> using basic auth. When I run my application locally, it works just
> fine and I never get any 401 errors. However, when I run my
> application on another environment, I get 401 error in approximately
> 80% cases. I am completely sure that the credentials are correct.
>
> What makes this situation even more weird is that I am working with
> several accounts, and most of them work fine in both environments. I
> am experiencing problems only with one account. All accounts I work
> with are whitelisted, so rate limit should not be an issue here.
>
> I have no idea what may cause this behavior. Could you please explain
> me the possible reasons I am getting 401?
>
> Thanks,
> Uladzimir

Re: [twitter-dev] Re: 401 - Unauthorized error when diacritics in status

[Ryan Alford]

Thanks Mageuzi.  I had done some searching be never came across that thread.
 Guess I wasn't searching for the right words.

Thanks.

On Tue, Feb 23, 2010 at 2:45 PM, Mageuzi  wrote:

> I'm not sure if this is the same issue you are encountering, but I had
> a similar issue in my C# twitter app.  The post I made is here:
>
>
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/ef11efdd0a9cf194/6950ce9721a48609#6950ce9721a48609
>
>
> On Feb 23, 2:13 pm, Ryan Alford  wrote:
> > I think it is the way that .Net handles encoding of the diacritics.  I
> don't
> > think it's a Twitter api issue.  I was hoping that another .Net developer
> > had run into this issue and had fixed it.
> >
> > Ryan
> >
> > On Tue, Feb 23, 2010 at 2:07 PM, Raffi Krikorian 
> wrote:
> > > this would be news to me - if you have a way to replicate this, and you
> are
> > > confident its not your oauth libraries, then please let me know.
> >
> > > On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford  >wrote:
> >
> > >> I believe it has been fixed in some libraries in other programming
> > >> languages, but I can't figure out how to do it in .Net.
> >
> > >> Ryan
> >
> > >> On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan  >wrote:
> >
> > >>> Ooh, if this is the case then it will definitely stop me from using
> oAuth
> > >>> for Feathers (http://feathersapp.com) since diacritics are an
> essential
> > >>> part of Unicode art.
> >
> > >>> Very interested in hearing what you find out.
> >
> > >>> All the best,
> > >>> Aral
> >
> > >>> On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo <
> ryanalford...@gmail.com>wrote:
> >
> >  I am getting an error message when posting accent marks and other
> >  diacritics in a status update.
> >
> >  I saw that there was an issue [1] posted in April of last year about
> >  this problem.  It seems to be with the signature generation for
> OAuth
> >  with the encoding of accent marks.
> >
> >  I am using .Net(C#), and I can't figure out how to fix this.  Do I
> use
> >  a different encoding?  Anybody have any ideas on how to fix this
> >  in .Net?
> >
> >  [1] -http://code.google.com/p/twitter-api/issues/detail?id=433
> >
> >  Ryan
> >
> > > --
> > > Raffi Krikorian
> > > Twitter Platform Team
> > >http://twitter.com/raffi
>

[twitter-dev] Re: 401 - Unauthorized error when diacritics in status

[Mageuzi]

I'm not sure if this is the same issue you are encountering, but I had
a similar issue in my C# twitter app.  The post I made is here:

http://groups.google.com/group/twitter-development-talk/browse_thread/thread/ef11efdd0a9cf194/6950ce9721a48609#6950ce9721a48609


On Feb 23, 2:13 pm, Ryan Alford  wrote:
> I think it is the way that .Net handles encoding of the diacritics.  I don't
> think it's a Twitter api issue.  I was hoping that another .Net developer
> had run into this issue and had fixed it.
>
> Ryan
>
> On Tue, Feb 23, 2010 at 2:07 PM, Raffi Krikorian  wrote:
> > this would be news to me - if you have a way to replicate this, and you are
> > confident its not your oauth libraries, then please let me know.
>
> > On Tue, Feb 23, 2010 at 11:04 AM, Ryan Alford 
> > wrote:
>
> >> I believe it has been fixed in some libraries in other programming
> >> languages, but I can't figure out how to do it in .Net.
>
> >> Ryan
>
> >> On Tue, Feb 23, 2010 at 12:38 PM, Aral Balkan wrote:
>
> >>> Ooh, if this is the case then it will definitely stop me from using oAuth
> >>> for Feathers (http://feathersapp.com) since diacritics are an essential
> >>> part of Unicode art.
>
> >>> Very interested in hearing what you find out.
>
> >>> All the best,
> >>> Aral
>
> >>> On Tue, Feb 23, 2010 at 1:44 PM, eclipsed4utoo 
> >>> wrote:
>
>  I am getting an error message when posting accent marks and other
>  diacritics in a status update.
>
>  I saw that there was an issue [1] posted in April of last year about
>  this problem.  It seems to be with the signature generation for OAuth
>  with the encoding of accent marks.
>
>  I am using .Net(C#), and I can't figure out how to fix this.  Do I use
>  a different encoding?  Anybody have any ideas on how to fix this
>  in .Net?
>
>  [1] -http://code.google.com/p/twitter-api/issues/detail?id=433
>
>  Ryan
>
> > --
> > Raffi Krikorian
> > Twitter Platform Team
> >http://twitter.com/raffi

Re: [twitter-dev] Re: 401 unauthorized

[Mark McBride]

Our external monitoring is accessing API calls with OAuth just fine.
Are you still running into this issue?  If so, can you provide more
details?

   ---Mark

http://twitter.com/mccv



On Sat, Jan 2, 2010 at 7:53 AM, Greg  wrote:
> I'm having the same issue. I've tried to across other sites and it
> still doesn't work.
>
> On Dec 31 2009, 4:05 am, Vignesh  wrote:
>> My website uses twitter for authentication,
>> For the past 24 hours the OAuth sign in is continuously returning
>> 401 , i am not able to figure out what to do?
>> Has some one faced similar problems?
>> My site has been down for 24 hours now because of this.
>> please help me out here.
>

[twitter-dev] Re: 401 unauthorized

[Greg]

I'm having the same issue. I've tried to across other sites and it
still doesn't work.

On Dec 31 2009, 4:05 am, Vignesh  wrote:
> My website uses twitter for authentication,
> For the past 24 hours the OAuth sign in is continuously returning
> 401 , i am not able to figure out what to do?
> Has some one faced similar problems?
> My site has been down for 24 hours now because of this.
> please help me out here.

[twitter-dev] Re: 401 Unauthorized problem

[Reivax]

I submitted a bug, vote for it:

http://code.google.com/p/twitter-api/issues/detail?id=1294&colspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component

On Dec 3, 11:13 am, Wilfred yau  wrote:
> I have try that put the _method=DELETEin Header, but still not
> work...
> do anyone know if it is Twitter API bug or it is my problem...
> this problem stop the development of my new Twitter Client in
> Firefox...
> Thanks
>
> Wilfred
>
> On Nov 27, 1:24 pm, Mark McBride  wrote:
>
> > It looks like you're trying to actually include the OAuth
> > Authorization header in your POST body, which isn't the way you want
> > to do it.  Instead, you should be using the Authorization HTTP header
> > to transmit this info (seehttp://oauth.net/core/1.0a#anchor46).  To
> > make things extra weird, in one case you do have an Authorization
> > header set, but it's basic auth.
>
> >    ---Mark
>
> > On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau  wrote:
> > > I have already solve the special char problem because encoding in
> > > Flex.
> > > but I still find that when I call _method=DELETEinListAPI, I still
> > > get401Unauthorized from api.twitter.com.
>
> > > On Nov 25, 11:09 am, Wilfred yau  wrote:
> > >> I am using OAuth to accessListAPI, but I find that if the request
> > >> URL contain some char like "_", "(", then twitter will return  401
> > >> Unauthorized.
>
> > >> Does anyone know what is the problem??
>
> > >> and this is my request:
>
> > >> *Request URL:
>
> > >>http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml
>
> > >> *Request header:
>
> > >> Host:api.twitter.com
> > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> > >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> > >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> > >> *;q=0.8
> > >> Accept-Language: en-us,en;q=0.5
> > >> Accept-Encoding: gzip,deflate
> > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> > >> Keep-Alive: 115
> > >> Connection: keep-alive
> > >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> > >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> > >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> > >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> > >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> > >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> > >> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y
> > >> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk
> > >> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon
> > >> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA
> > >> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368
>
> > >> *Post Data:
> > >> Content-type: application/x-www-form-urlencoded
> > >> Content-length: 300
>
> > >> oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&id=66626470&oauth
> > >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ&oauth
> > >> %5Ftimestamp=1259118273&oauth%5Fsignature=zaA0CbWpls3lowiWG0yHCZig%2B2M
> > >> %3D&oauth%5Fversion=1%2E0&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&
> > >> %5Fmethod=DELETE&oauth%5Fnonce=2875
>
> > >> Also, I got same problem in set status using OAuth :
>
> > >> *Request URL:
>
> > >>http://twitter.com/statuses/update.xml
>
> > >> *Request header:
>
> > >> Host: twitter.com
> > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> > >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> > >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> > >> *;q=0.8
> > >> Accept-Language: en-us,en;q=0.5
> > >> Accept-Encoding: gzip,deflate
> > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> > >> Keep-Alive: 115
> > >> Connection: keep-alive
> > >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> > >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> > >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> > >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> > >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> > >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> > >> %250ANjE1YzdjOWU4MTE5MGJjOgl1c2VyaQQ5oOgDOhF0cmFuc19wcm9tcHQwIgpm
> > >> %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG
> > >> %250AOgpAdXNlZHsAOgdpZCIlNGNiZjFiZjY3NGMyZjk5YWRmYzEwNTMxNzcyN2Rl
> > >> %250AMDY6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL3NvZnRwZWRpYW1h
> > >> %250AYw%253D%253D--dfa30d93e80be97e1404abbb466f2c6191816d69;
> > >> __utmc=43838368
> > >> Authorization: Basic Z21hc2JhYnk6eW95b2JhYnk=
>
> > >> *Post Data:
>
> > >> Content-type: application/x-www-form-urlencoded
> > >> Content-length: 303
>
> > >> oauth%5Fnonce=4280&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth
> > >> %5Ftimestamp=1259117789&status=%40vincenthpchan%20%28O%3A&oauth
> > >> %5

[twitter-dev] Re: 401 Unauthorized problem

[Reivax]

I have the same problem.
I've tried to not include the _method param from signature computing,
didn't work any better.


On Dec 3, 11:13 am, Wilfred yau  wrote:
> I have try that put the _method=DELETEin Header, but still not
> work...
> do anyone know if it is Twitter API bug or it is my problem...
> this problem stop the development of my new Twitter Client in
> Firefox...
> Thanks
>
> Wilfred
>

[twitter-dev] Re: 401 Unauthorized problem

[Wilfred yau]

I have try that put the _method=DELETE in Header, but still not
work...
do anyone know if it is Twitter API bug or it is my problem...
this problem stop the development of my new Twitter Client in
Firefox...
Thanks

Wilfred

On Nov 27, 1:24 pm, Mark McBride  wrote:
> It looks like you're trying to actually include the OAuth
> Authorization header in your POST body, which isn't the way you want
> to do it.  Instead, you should be using the Authorization HTTP header
> to transmit this info (seehttp://oauth.net/core/1.0a#anchor46).  To
> make things extra weird, in one case you do have an Authorization
> header set, but it's basic auth.
>
>    ---Mark
>
> On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau  wrote:
> > I have already solve the special char problem because encoding in
> > Flex.
> > but I still find that when I call _method= DELETE in List API, I still
> > get 401 Unauthorized from api.twitter.com.
>
> > On Nov 25, 11:09 am, Wilfred yau  wrote:
> >> I am using OAuth to accessListAPI, but I find that if the request
> >> URL contain some char like "_", "(", then twitter will return  401
> >> Unauthorized.
>
> >> Does anyone know what is the problem??
>
> >> and this is my request:
>
> >> *Request URL:
>
> >>http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml
>
> >> *Request header:
>
> >> Host:api.twitter.com
> >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> >> *;q=0.8
> >> Accept-Language: en-us,en;q=0.5
> >> Accept-Encoding: gzip,deflate
> >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >> Keep-Alive: 115
> >> Connection: keep-alive
> >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> >> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y
> >> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk
> >> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon
> >> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA
> >> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368
>
> >> *Post Data:
> >> Content-type: application/x-www-form-urlencoded
> >> Content-length: 300
>
> >> oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&id=66626470&oauth
> >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ&oauth
> >> %5Ftimestamp=1259118273&oauth%5Fsignature=zaA0CbWpls3lowiWG0yHCZig%2B2M
> >> %3D&oauth%5Fversion=1%2E0&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&
> >> %5Fmethod=DELETE&oauth%5Fnonce=2875
>
> >> Also, I got same problem in set status using OAuth :
>
> >> *Request URL:
>
> >>http://twitter.com/statuses/update.xml
>
> >> *Request header:
>
> >> Host: twitter.com
> >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> >> *;q=0.8
> >> Accept-Language: en-us,en;q=0.5
> >> Accept-Encoding: gzip,deflate
> >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >> Keep-Alive: 115
> >> Connection: keep-alive
> >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> >> %250ANjE1YzdjOWU4MTE5MGJjOgl1c2VyaQQ5oOgDOhF0cmFuc19wcm9tcHQwIgpm
> >> %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG
> >> %250AOgpAdXNlZHsAOgdpZCIlNGNiZjFiZjY3NGMyZjk5YWRmYzEwNTMxNzcyN2Rl
> >> %250AMDY6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL3NvZnRwZWRpYW1h
> >> %250AYw%253D%253D--dfa30d93e80be97e1404abbb466f2c6191816d69;
> >> __utmc=43838368
> >> Authorization: Basic Z21hc2JhYnk6eW95b2JhYnk=
>
> >> *Post Data:
>
> >> Content-type: application/x-www-form-urlencoded
> >> Content-length: 303
>
> >> oauth%5Fnonce=4280&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth
> >> %5Ftimestamp=1259117789&status=%40vincenthpchan%20%28O%3A&oauth
> >> %5Fversion=1%2E0&oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&oauth
> >> %5Fsignature=dZ0OBySJzAZsdhwUKvK9zaIamE4%3D&oauth
> >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ
>
> >> I wonder it is the problem about oauth_signature, but I don't what
> >> wrong with it.
> >> Thanks you very much ;-)

[twitter-dev] Re: 401 Unauthorized problem

[Shannon Whitley]

I'm having the same problem.  I can't delete members from lists using
oAuth.  I've tried using the DELETE method and adding the
_method=DELETE parameter.  All of the combinations return a "401
Unauthorized" error.

[twitter-dev] Re: 401 Unauthorized problem

[Wilfred yau]

I have try to follow to OAuth document to set up Authorization header,
but still get
401 Unauthorized when I am using _method as parameter, and here is the
result:



*Response Headers
DateTue, 01 Dec 2009 03:21:03 GMT
Server  hi
WWW-AuthenticateBasic realm="Twitter API"
Status  401 Unauthorized
Content-Typeapplication/xml; charset=utf-8
Cache-Control   no-cache, max-age=1800
Set-Cookie
_twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
%250AOWM1YzllYzAyYTVjOWU2NGM6CXVzZXJpBDmg6AM6EXRyYW5zX3Byb21wdDAi
%250ACmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7%250AAAY6CkB1c2VkewA6B2lkIiU5ZWI2NmY2MTU5ZmYyODM4NGE3YTAxNGUxMmMy
%250AMTAyNg%253D%253D--4353873c14c39b48b0d30c48abba5858bff5a3a0;
domain=.twitter.com; path=/
Expires Tue, 01 Dec 2009 03:51:03 GMT
VaryAccept-Encoding
Content-Encodinggzip
Content-Length  140
Connection  close

*Request Headers
Hostapi.twitter.com
User-Agent  Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5)
Gecko/20091102 Firefox/3.5.5 GTB6
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive  300
Connection  keep-alive
Cookie  __qca=P0-1306444636-1259550182670;
__utma=43838368.345398731.1259564074.1259574616.1259577218.3;
__utmz=43838368.1259577218.3.2.utmcsr=forum7.hkgolden.com|utmccn=
(referral)|utmcmd=referral|utmcct=/view.aspx; __utmv=43838368.lang%3A
%20en;
_twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
%250AOWM1YzllYzAyYTVjOWU2NGM6EXRyYW5zX3Byb21wdDA6CXVzZXJpBDmg6AM6%250AB2lkIiU5ZWI2NmY2MTU5ZmYyODM4NGE3YTAxNGUxMmMyMTAyNiIKZmxhc2hJ
%250AQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVz
%250AZWR7AA%253D%253D--00951782ee94404e73d0edcbd7d02f1800f10915

*Post Data:
Content-type: application/x-www-form-urlencoded
Authorization: OAuth realm="Test",oauth_signature_method="HMAC-
SHA1",oauth_token="65577017-
K65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ",oauth_nonce="9399",oauth_timestamp="1259637691",oauth_version="1.0",oauth_consumer_key="WiW3RrjmAhPvWvTn6oPLA",oauth_signature="BhLQP0o0OKLXjiQWn1l9ca7Fsek
%3D"
Content-length: 28

id=77938855&%5Fmethod=DELETE



I wonder this the the problem of _method since when I use other
parameter, there are no problem at all. So, do anyone know what is the
problem of my request and could twitter provide a correct Request
example which using _method as a OAuth parameter? Thanks.

Wilfred

On Nov 27, 1:24 pm, Mark McBride  wrote:
> It looks like you're trying to actually include the OAuth
> Authorization header in your POST body, which isn't the way you want
> to do it.  Instead, you should be using the Authorization HTTP header
> to transmit this info (seehttp://oauth.net/core/1.0a#anchor46).  To
> make things extra weird, in one case you do have an Authorization
> header set, but it's basic auth.
>
>    ---Mark
>
> On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau  wrote:
> > I have already solve the special char problem because encoding in
> > Flex.
> > but I still find that when I call _method= DELETE inListAPI, I still
> > get 401 Unauthorized from api.twitter.com.
>
> > On Nov 25, 11:09 am, Wilfred yau  wrote:
> >> I am using OAuth to accessListAPI, but I find that if the request
> >> URL contain some char like "_", "(", then twitter will return  401
> >> Unauthorized.
>
> >> Does anyone know what is the problem??
>
> >> and this is my request:
>
> >> *Request URL:
>
> >>http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml
>
> >> *Request header:
>
> >> Host:api.twitter.com
> >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> >> *;q=0.8
> >> Accept-Language: en-us,en;q=0.5
> >> Accept-Encoding: gzip,deflate
> >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >> Keep-Alive: 115
> >> Connection: keep-alive
> >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> >> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y
> >> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk
> >> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon
> >> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA
> >> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368
>
> >> *Post Data:
> >> Co

Re: [twitter-dev] Re: 401 Unauthorized problem

[Mark McBride]

It looks like you're trying to actually include the OAuth
Authorization header in your POST body, which isn't the way you want
to do it.  Instead, you should be using the Authorization HTTP header
to transmit this info (see http://oauth.net/core/1.0a#anchor46).  To
make things extra weird, in one case you do have an Authorization
header set, but it's basic auth.

   ---Mark

On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau  wrote:
> I have already solve the special char problem because encoding in
> Flex.
> but I still find that when I call _method= DELETE in List API, I still
> get 401 Unauthorized from api.twitter.com.
>
> On Nov 25, 11:09 am, Wilfred yau  wrote:
>> I am using OAuth to accessListAPI, but I find that if the request
>> URL contain some char like "_", "(", then twitter will return  401
>> Unauthorized.
>>
>> Does anyone know what is the problem??
>>
>> and this is my request:
>>
>> *Request URL:
>>
>> http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml
>>
>> *Request header:
>>
>> Host:api.twitter.com
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
>> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
>> *;q=0.8
>> Accept-Language: en-us,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 115
>> Connection: keep-alive
>> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
>> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
>> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
>> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
>> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
>> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
>> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y
>> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk
>> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon
>> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA
>> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368
>>
>> *Post Data:
>> Content-type: application/x-www-form-urlencoded
>> Content-length: 300
>>
>> oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&id=66626470&oauth
>> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ&oauth
>> %5Ftimestamp=1259118273&oauth%5Fsignature=zaA0CbWpls3lowiWG0yHCZig%2B2M
>> %3D&oauth%5Fversion=1%2E0&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&
>> %5Fmethod=DELETE&oauth%5Fnonce=2875
>>
>> Also, I got same problem in set status using OAuth :
>>
>> *Request URL:
>>
>> http://twitter.com/statuses/update.xml
>>
>> *Request header:
>>
>> Host: twitter.com
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
>> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
>> *;q=0.8
>> Accept-Language: en-us,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 115
>> Connection: keep-alive
>> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
>> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
>> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
>> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
>> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
>> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
>> %250ANjE1YzdjOWU4MTE5MGJjOgl1c2VyaQQ5oOgDOhF0cmFuc19wcm9tcHQwIgpm
>> %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG
>> %250AOgpAdXNlZHsAOgdpZCIlNGNiZjFiZjY3NGMyZjk5YWRmYzEwNTMxNzcyN2Rl
>> %250AMDY6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL3NvZnRwZWRpYW1h
>> %250AYw%253D%253D--dfa30d93e80be97e1404abbb466f2c6191816d69;
>> __utmc=43838368
>> Authorization: Basic Z21hc2JhYnk6eW95b2JhYnk=
>>
>> *Post Data:
>>
>> Content-type: application/x-www-form-urlencoded
>> Content-length: 303
>>
>> oauth%5Fnonce=4280&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth
>> %5Ftimestamp=1259117789&status=%40vincenthpchan%20%28O%3A&oauth
>> %5Fversion=1%2E0&oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&oauth
>> %5Fsignature=dZ0OBySJzAZsdhwUKvK9zaIamE4%3D&oauth
>> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ
>>
>> I wonder it is the problem about oauth_signature, but I don't what
>> wrong with it.
>> Thanks you very much ;-)
>

[twitter-dev] Re: 401 Unauthorized problem

[Wilfred yau]

I have already solve the special char problem because encoding in
Flex.
but I still find that when I call _method= DELETE in List API, I still
get 401 Unauthorized from api.twitter.com.

On Nov 25, 11:09 am, Wilfred yau  wrote:
> I am using OAuth to accessListAPI, but I find that if the request
> URL contain some char like "_", "(", then twitter will return  401
> Unauthorized.
>
> Does anyone know what is the problem??
>
> and this is my request:
>
> *Request URL:
>
> http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml
>
> *Request header:
>
> Host:api.twitter.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> *;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 115
> Connection: keep-alive
> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y
> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk
> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon
> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA
> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368
>
> *Post Data:
> Content-type: application/x-www-form-urlencoded
> Content-length: 300
>
> oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&id=66626470&oauth
> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ&oauth
> %5Ftimestamp=1259118273&oauth%5Fsignature=zaA0CbWpls3lowiWG0yHCZig%2B2M
> %3D&oauth%5Fversion=1%2E0&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&
> %5Fmethod=DELETE&oauth%5Fnonce=2875
>
> Also, I got same problem in set status using OAuth :
>
> *Request URL:
>
> http://twitter.com/statuses/update.xml
>
> *Request header:
>
> Host: twitter.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:
> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> *;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 115
> Connection: keep-alive
> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22;
> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)|
> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en;
> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264;
> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj
> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh
> %250ANjE1YzdjOWU4MTE5MGJjOgl1c2VyaQQ5oOgDOhF0cmFuc19wcm9tcHQwIgpm
> %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG
> %250AOgpAdXNlZHsAOgdpZCIlNGNiZjFiZjY3NGMyZjk5YWRmYzEwNTMxNzcyN2Rl
> %250AMDY6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL3NvZnRwZWRpYW1h
> %250AYw%253D%253D--dfa30d93e80be97e1404abbb466f2c6191816d69;
> __utmc=43838368
> Authorization: Basic Z21hc2JhYnk6eW95b2JhYnk=
>
> *Post Data:
>
> Content-type: application/x-www-form-urlencoded
> Content-length: 303
>
> oauth%5Fnonce=4280&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth
> %5Ftimestamp=1259117789&status=%40vincenthpchan%20%28O%3A&oauth
> %5Fversion=1%2E0&oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&oauth
> %5Fsignature=dZ0OBySJzAZsdhwUKvK9zaIamE4%3D&oauth
> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ
>
> I wonder it is the problem about oauth_signature, but I don't what
> wrong with it.
> Thanks you very much ;-)

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Ryan Rosario]

Thanks for all of your help!

At some point, the 401 error for User Not Found should be changed to a
404. The fix would make this type of fetch much more efficient, and
save on the number of API calls.

I adapted my code for what you suggested above, but I had to check for
User Not Found which required another URL fetch, which required
another check for HTTP errors.

Thanks!
Ryan

On Oct 20, 11:08 pm, Chad Etzel  wrote:
> If you try to pull a protected users' timeline w/o authentication then
> it will throw a 401.
>
> You can confirm whether a user id is valid by trying to 
> call:http://twitter.com/users/show.xml?id={insert_id_here}
>
> users/show will throw a 404 on a non existent user.
>
> -Chad
>
>
>
> On Wed, Oct 21, 2009 at 1:43 AM, Ryan Rosario  wrote:
>
> > *bangs head on desk...again*
>
> > Now that I know what what my Twitter ID is, and I know that I am a
> > valid user, I tried it and it worked.
> > It's gone way past 15 users now without a problem (without error
> > checking).
>
> > I see what is happening now. After 15 users or so, I hit a
> > user that no longer exists. On a 404, I skip the user, but on a 401,
> > for the time being, I am retrying, and then quickly maxing out my
> > hourly
> > limit.
>
> > The other part was my overworked mind. I was pulling numbers that
> > looked like Twitter IDs from the site HTML that actually weren't.
> > And...then testing over and over with those bad numbers. Sigh.
>
> > I suppose it is safe to treat 401 as a 404? I don't think it would be
> > used for anything else in the REST API, right?
> > Is an HTTP error thrown if I try to pull a protected user's timeline?
>
> > To make a long story short, it does appear that invalid users are
> > returning 401 instead of 404.
>
> > Thanks,
> > Ryan
>
> > On Oct 20, 9:10 pm, Chad Etzel  wrote:
> >> Hi Ryan,
>
> >> I think part of the problem is that user id 1255997062 does not exist,
> >> so it should really be returning a 404 instead of a 401. Do you get
> >> the same 401 result with a known valid user id?
>
> >> -Chad
>
> >> On Tue, Oct 20, 2009 at 3:13 PM, Ryan Rosario  
> >> wrote:
>
> >> > Correct. I thought that was weird, but didn't know what to make of it.
> >> > Same IP.
> >> > The unauthenticated call was from an IP that is not whitelisted, so
> >> > 150/hr.
> >> > The second call was from the same IP, but authenticated as a
> >> > whitelisted account, so should be 2/hr.
>
> >> > I usually only work from the whitelisted IPs, but wanted to check an
> >> > IP that had never been used before for data mining.
>
> >> > On Oct 20, 11:36 am, Dewald Pretorius  wrote:
> >> >> Apart from the 401 issue, the following is also very weird:
>
> >> >> < X-experimental-RLS-remaining: 0
> >> >> < X-experimental-RLS-maxvalue: 150
> >> >> < X-RateLimit-Limit: 2
>
> >> >> This is on the second authenticated call. On the unauthenticated call
> >> >> X-RateLimit-Limit was 150. I assume both calls were made from the same
> >> >> IP address?
>
> >> >> Dewald
>
> >> >> On Oct 20, 3:10 pm, Ryan Rosario  wrote:
>
> >> >> > Below are the responses. I tried various combinations of -
> >> >> > uusername:pass -u=username:pass -u username:pass and each time got an
> >> >> > authentication error.
>
> >> >> > Without authentication
> >> >> > [madhatter:~/Desktop] ryan% curl 
> >> >> > -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> >> >> > * About to connect() to twitter.com port 80 (#0)
> >> >> > *   Trying 168.143.162.100... connected
> >> >> > * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
> >> >> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> >> >> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> >> >> > > OpenSSL/0.9.8k zlib/1.2.3
> >> >> > > Host: twitter.com
> >> >> > > Accept: */*
>
> >> >> > < HTTP/1.1 401 Unauthorized
> >> >> > < X-experimental-RLS-remaining: 132
> >> >> > < X-experimental-RLS-maxvalue: 150
> >> >> > < X-experimental-RLS-reset: 1256065275
> >> >> > < X-experimental-RLS-th: notreq
> >> >> > < X-RLS-id: sjc1c032
> >> >> > < Via: Cachet/0.91
> >> >> > < Date: Tue, 20 Oct 2009 18:03:41 GMT
> >> >> > < Server: hi
> >> >> > < X-RateLimit-Limit: 150
> >> >> > < X-Transaction: 1256061824-5820-4214
> >> >> > < WWW-Authenticate: Basic realm="Twitter API"
> >> >> > < Status: 401 Unauthorized
> >> >> > < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
> >> >> > < X-RateLimit-Remaining: 133
> >> >> > < X-Runtime: 0.05350
> >> >> > < Content-Type: application/json; charset=utf-8
> >> >> > < Pragma: no-cache
> >> >> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> >> >> > post-check=0
> >> >> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> >> >> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> >> >> > < X-RateLimit-Reset: 1256065275
> >> >> > < Set-Cookie: lang=en; path=/
> >> >> > < Set-Cookie:
> >> >> > _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
> >> >> > %

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Chad Etzel]

If you try to pull a protected users' timeline w/o authentication then
it will throw a 401.

You can confirm whether a user id is valid by trying to call:
http://twitter.com/users/show.xml?id={insert_id_here}

users/show will throw a 404 on a non existent user.

-Chad

On Wed, Oct 21, 2009 at 1:43 AM, Ryan Rosario  wrote:
>
> *bangs head on desk...again*
>
> Now that I know what what my Twitter ID is, and I know that I am a
> valid user, I tried it and it worked.
> It's gone way past 15 users now without a problem (without error
> checking).
>
> I see what is happening now. After 15 users or so, I hit a
> user that no longer exists. On a 404, I skip the user, but on a 401,
> for the time being, I am retrying, and then quickly maxing out my
> hourly
> limit.
>
> The other part was my overworked mind. I was pulling numbers that
> looked like Twitter IDs from the site HTML that actually weren't.
> And...then testing over and over with those bad numbers. Sigh.
>
> I suppose it is safe to treat 401 as a 404? I don't think it would be
> used for anything else in the REST API, right?
> Is an HTTP error thrown if I try to pull a protected user's timeline?
>
> To make a long story short, it does appear that invalid users are
> returning 401 instead of 404.
>
> Thanks,
> Ryan
>
> On Oct 20, 9:10 pm, Chad Etzel  wrote:
>> Hi Ryan,
>>
>> I think part of the problem is that user id 1255997062 does not exist,
>> so it should really be returning a 404 instead of a 401. Do you get
>> the same 401 result with a known valid user id?
>>
>> -Chad
>>
>>
>>
>> On Tue, Oct 20, 2009 at 3:13 PM, Ryan Rosario  wrote:
>>
>> > Correct. I thought that was weird, but didn't know what to make of it.
>> > Same IP.
>> > The unauthenticated call was from an IP that is not whitelisted, so
>> > 150/hr.
>> > The second call was from the same IP, but authenticated as a
>> > whitelisted account, so should be 2/hr.
>>
>> > I usually only work from the whitelisted IPs, but wanted to check an
>> > IP that had never been used before for data mining.
>>
>> > On Oct 20, 11:36 am, Dewald Pretorius  wrote:
>> >> Apart from the 401 issue, the following is also very weird:
>>
>> >> < X-experimental-RLS-remaining: 0
>> >> < X-experimental-RLS-maxvalue: 150
>> >> < X-RateLimit-Limit: 2
>>
>> >> This is on the second authenticated call. On the unauthenticated call
>> >> X-RateLimit-Limit was 150. I assume both calls were made from the same
>> >> IP address?
>>
>> >> Dewald
>>
>> >> On Oct 20, 3:10 pm, Ryan Rosario  wrote:
>>
>> >> > Below are the responses. I tried various combinations of -
>> >> > uusername:pass -u=username:pass -u username:pass and each time got an
>> >> > authentication error.
>>
>> >> > Without authentication
>> >> > [madhatter:~/Desktop] ryan% curl 
>> >> > -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
>> >> > * About to connect() to twitter.com port 80 (#0)
>> >> > *   Trying 168.143.162.100... connected
>> >> > * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
>> >> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
>> >> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
>> >> > > OpenSSL/0.9.8k zlib/1.2.3
>> >> > > Host: twitter.com
>> >> > > Accept: */*
>>
>> >> > < HTTP/1.1 401 Unauthorized
>> >> > < X-experimental-RLS-remaining: 132
>> >> > < X-experimental-RLS-maxvalue: 150
>> >> > < X-experimental-RLS-reset: 1256065275
>> >> > < X-experimental-RLS-th: notreq
>> >> > < X-RLS-id: sjc1c032
>> >> > < Via: Cachet/0.91
>> >> > < Date: Tue, 20 Oct 2009 18:03:41 GMT
>> >> > < Server: hi
>> >> > < X-RateLimit-Limit: 150
>> >> > < X-Transaction: 1256061824-5820-4214
>> >> > < WWW-Authenticate: Basic realm="Twitter API"
>> >> > < Status: 401 Unauthorized
>> >> > < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
>> >> > < X-RateLimit-Remaining: 133
>> >> > < X-Runtime: 0.05350
>> >> > < Content-Type: application/json; charset=utf-8
>> >> > < Pragma: no-cache
>> >> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
>> >> > post-check=0
>> >> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
>> >> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
>> >> > < X-RateLimit-Reset: 1256065275
>> >> > < Set-Cookie: lang=en; path=/
>> >> > < Set-Cookie:
>> >> > _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
>> >> > %250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
>> >> > %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab2
>> >> >  1743;
>> >> > domain=.twitter.com; path=/
>> >> > < Vary: Accept-Encoding
>> >> > < Content-Length: 118
>> >> > < Connection: close
>> >> > <
>> >> > * Closing connection #0
>> >> > {"request":"/statuses/user_timeline.json?
>> >> > user_id=1255997062&count=100","error":"This method requires
>> >> > authentication."}
>>
>> >> > With authentication:
>> >> > [madhatter:~/Desktop] ryan% curl -vvv 
>> >> > -uusername:passhttp://twitter.com/statuses

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Ryan Rosario]

*bangs head on desk...again*

Now that I know what what my Twitter ID is, and I know that I am a
valid user, I tried it and it worked.
It's gone way past 15 users now without a problem (without error
checking).

I see what is happening now. After 15 users or so, I hit a
user that no longer exists. On a 404, I skip the user, but on a 401,
for the time being, I am retrying, and then quickly maxing out my
hourly
limit.

The other part was my overworked mind. I was pulling numbers that
looked like Twitter IDs from the site HTML that actually weren't.
And...then testing over and over with those bad numbers. Sigh.

I suppose it is safe to treat 401 as a 404? I don't think it would be
used for anything else in the REST API, right?
Is an HTTP error thrown if I try to pull a protected user's timeline?

To make a long story short, it does appear that invalid users are
returning 401 instead of 404.

Thanks,
Ryan

On Oct 20, 9:10 pm, Chad Etzel  wrote:
> Hi Ryan,
>
> I think part of the problem is that user id 1255997062 does not exist,
> so it should really be returning a 404 instead of a 401. Do you get
> the same 401 result with a known valid user id?
>
> -Chad
>
>
>
> On Tue, Oct 20, 2009 at 3:13 PM, Ryan Rosario  wrote:
>
> > Correct. I thought that was weird, but didn't know what to make of it.
> > Same IP.
> > The unauthenticated call was from an IP that is not whitelisted, so
> > 150/hr.
> > The second call was from the same IP, but authenticated as a
> > whitelisted account, so should be 2/hr.
>
> > I usually only work from the whitelisted IPs, but wanted to check an
> > IP that had never been used before for data mining.
>
> > On Oct 20, 11:36 am, Dewald Pretorius  wrote:
> >> Apart from the 401 issue, the following is also very weird:
>
> >> < X-experimental-RLS-remaining: 0
> >> < X-experimental-RLS-maxvalue: 150
> >> < X-RateLimit-Limit: 2
>
> >> This is on the second authenticated call. On the unauthenticated call
> >> X-RateLimit-Limit was 150. I assume both calls were made from the same
> >> IP address?
>
> >> Dewald
>
> >> On Oct 20, 3:10 pm, Ryan Rosario  wrote:
>
> >> > Below are the responses. I tried various combinations of -
> >> > uusername:pass -u=username:pass -u username:pass and each time got an
> >> > authentication error.
>
> >> > Without authentication
> >> > [madhatter:~/Desktop] ryan% curl 
> >> > -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> >> > * About to connect() to twitter.com port 80 (#0)
> >> > *   Trying 168.143.162.100... connected
> >> > * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
> >> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> >> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> >> > > OpenSSL/0.9.8k zlib/1.2.3
> >> > > Host: twitter.com
> >> > > Accept: */*
>
> >> > < HTTP/1.1 401 Unauthorized
> >> > < X-experimental-RLS-remaining: 132
> >> > < X-experimental-RLS-maxvalue: 150
> >> > < X-experimental-RLS-reset: 1256065275
> >> > < X-experimental-RLS-th: notreq
> >> > < X-RLS-id: sjc1c032
> >> > < Via: Cachet/0.91
> >> > < Date: Tue, 20 Oct 2009 18:03:41 GMT
> >> > < Server: hi
> >> > < X-RateLimit-Limit: 150
> >> > < X-Transaction: 1256061824-5820-4214
> >> > < WWW-Authenticate: Basic realm="Twitter API"
> >> > < Status: 401 Unauthorized
> >> > < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
> >> > < X-RateLimit-Remaining: 133
> >> > < X-Runtime: 0.05350
> >> > < Content-Type: application/json; charset=utf-8
> >> > < Pragma: no-cache
> >> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> >> > post-check=0
> >> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> >> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> >> > < X-RateLimit-Reset: 1256065275
> >> > < Set-Cookie: lang=en; path=/
> >> > < Set-Cookie:
> >> > _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
> >> > %250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
> >> > %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab2
> >> >  1743;
> >> > domain=.twitter.com; path=/
> >> > < Vary: Accept-Encoding
> >> > < Content-Length: 118
> >> > < Connection: close
> >> > <
> >> > * Closing connection #0
> >> > {"request":"/statuses/user_timeline.json?
> >> > user_id=1255997062&count=100","error":"This method requires
> >> > authentication."}
>
> >> > With authentication:
> >> > [madhatter:~/Desktop] ryan% curl -vvv 
> >> > -uusername:passhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> >> > * About to connect() to twitter.com port 80 (#0)
> >> > *   Trying 168.143.162.68... connected
> >> > * Connected to twitter.com (168.143.162.68) port 80 (#0)
> >> > * Server auth using Basic with user ' '> GET 
> >> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> >> > > Authorization: Basic *redacted*
> >> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> >> > 

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Ryan Rosario]

I think I see what is happening now. After 15 users or so, I hit a
user that no longer exists. On a 404, I skip the user, but on a 401,
for the time being, I am retrying, and then maxing out my hourly
limit.

The other part was my overworked mind. I was pulling numbers that
looked like Twitter IDs from the site HTML that actually weren't.
And...then testing over and over with those bad numbers. Sigh.

I suppose it is safe to treat 401 as a 404? I don't think it would be
used for anything else in the REST API, right?
Is an HTTP error thrown if I try to pull a protected user's timeline?

Thanks,
Ryan

On Oct 20, 9:10 pm, Chad Etzel  wrote:
> Hi Ryan,
>
> I think part of the problem is that user id 1255997062 does not exist,
> so it should really be returning a 404 instead of a 401. Do you get
> the same 401 result with a known valid user id?
>
> -Chad
>
>
>
> On Tue, Oct 20, 2009 at 3:13 PM, Ryan Rosario  wrote:
>
> > Correct. I thought that was weird, but didn't know what to make of it.
> > Same IP.
> > The unauthenticated call was from an IP that is not whitelisted, so
> > 150/hr.
> > The second call was from the same IP, but authenticated as a
> > whitelisted account, so should be 2/hr.
>
> > I usually only work from the whitelisted IPs, but wanted to check an
> > IP that had never been used before for data mining.
>
> > On Oct 20, 11:36 am, Dewald Pretorius  wrote:
> >> Apart from the 401 issue, the following is also very weird:
>
> >> < X-experimental-RLS-remaining: 0
> >> < X-experimental-RLS-maxvalue: 150
> >> < X-RateLimit-Limit: 2
>
> >> This is on the second authenticated call. On the unauthenticated call
> >> X-RateLimit-Limit was 150. I assume both calls were made from the same
> >> IP address?
>
> >> Dewald
>
> >> On Oct 20, 3:10 pm, Ryan Rosario  wrote:
>
> >> > Below are the responses. I tried various combinations of -
> >> > uusername:pass -u=username:pass -u username:pass and each time got an
> >> > authentication error.
>
> >> > Without authentication
> >> > [madhatter:~/Desktop] ryan% curl 
> >> > -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> >> > * About to connect() to twitter.com port 80 (#0)
> >> > *   Trying 168.143.162.100... connected
> >> > * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
> >> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> >> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> >> > > OpenSSL/0.9.8k zlib/1.2.3
> >> > > Host: twitter.com
> >> > > Accept: */*
>
> >> > < HTTP/1.1 401 Unauthorized
> >> > < X-experimental-RLS-remaining: 132
> >> > < X-experimental-RLS-maxvalue: 150
> >> > < X-experimental-RLS-reset: 1256065275
> >> > < X-experimental-RLS-th: notreq
> >> > < X-RLS-id: sjc1c032
> >> > < Via: Cachet/0.91
> >> > < Date: Tue, 20 Oct 2009 18:03:41 GMT
> >> > < Server: hi
> >> > < X-RateLimit-Limit: 150
> >> > < X-Transaction: 1256061824-5820-4214
> >> > < WWW-Authenticate: Basic realm="Twitter API"
> >> > < Status: 401 Unauthorized
> >> > < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
> >> > < X-RateLimit-Remaining: 133
> >> > < X-Runtime: 0.05350
> >> > < Content-Type: application/json; charset=utf-8
> >> > < Pragma: no-cache
> >> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> >> > post-check=0
> >> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> >> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> >> > < X-RateLimit-Reset: 1256065275
> >> > < Set-Cookie: lang=en; path=/
> >> > < Set-Cookie:
> >> > _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
> >> > %250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
> >> > %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab2
> >> >  1743;
> >> > domain=.twitter.com; path=/
> >> > < Vary: Accept-Encoding
> >> > < Content-Length: 118
> >> > < Connection: close
> >> > <
> >> > * Closing connection #0
> >> > {"request":"/statuses/user_timeline.json?
> >> > user_id=1255997062&count=100","error":"This method requires
> >> > authentication."}
>
> >> > With authentication:
> >> > [madhatter:~/Desktop] ryan% curl -vvv 
> >> > -uusername:passhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> >> > * About to connect() to twitter.com port 80 (#0)
> >> > *   Trying 168.143.162.68... connected
> >> > * Connected to twitter.com (168.143.162.68) port 80 (#0)
> >> > * Server auth using Basic with user ' '> GET 
> >> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> >> > > Authorization: Basic *redacted*
> >> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> >> > > OpenSSL/0.9.8k zlib/1.2.3
> >> > > Host: twitter.com
> >> > > Accept: */*
>
> >> > < HTTP/1.1 401 Unauthorized
> >> > < X-experimental-RLS-remaining: 0
> >> > < X-experimental-RLS-maxvalue: 150
> >> > < X-experimental-RLS-reset: 1256064142
> >> > < X-experimental-RLS-th: succ
> >> > < X-RLS-id: sjc1c032
> 

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Chad Etzel]

Hi Ryan,

I think part of the problem is that user id 1255997062 does not exist,
so it should really be returning a 404 instead of a 401. Do you get
the same 401 result with a known valid user id?

-Chad

On Tue, Oct 20, 2009 at 3:13 PM, Ryan Rosario  wrote:
>
> Correct. I thought that was weird, but didn't know what to make of it.
> Same IP.
> The unauthenticated call was from an IP that is not whitelisted, so
> 150/hr.
> The second call was from the same IP, but authenticated as a
> whitelisted account, so should be 2/hr.
>
> I usually only work from the whitelisted IPs, but wanted to check an
> IP that had never been used before for data mining.
>
>
> On Oct 20, 11:36 am, Dewald Pretorius  wrote:
>> Apart from the 401 issue, the following is also very weird:
>>
>> < X-experimental-RLS-remaining: 0
>> < X-experimental-RLS-maxvalue: 150
>> < X-RateLimit-Limit: 2
>>
>> This is on the second authenticated call. On the unauthenticated call
>> X-RateLimit-Limit was 150. I assume both calls were made from the same
>> IP address?
>>
>> Dewald
>>
>> On Oct 20, 3:10 pm, Ryan Rosario  wrote:
>>
>>
>>
>> > Below are the responses. I tried various combinations of -
>> > uusername:pass -u=username:pass -u username:pass and each time got an
>> > authentication error.
>>
>> > Without authentication
>> > [madhatter:~/Desktop] ryan% curl 
>> > -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
>> > * About to connect() to twitter.com port 80 (#0)
>> > *   Trying 168.143.162.100... connected
>> > * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
>> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
>> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
>> > > OpenSSL/0.9.8k zlib/1.2.3
>> > > Host: twitter.com
>> > > Accept: */*
>>
>> > < HTTP/1.1 401 Unauthorized
>> > < X-experimental-RLS-remaining: 132
>> > < X-experimental-RLS-maxvalue: 150
>> > < X-experimental-RLS-reset: 1256065275
>> > < X-experimental-RLS-th: notreq
>> > < X-RLS-id: sjc1c032
>> > < Via: Cachet/0.91
>> > < Date: Tue, 20 Oct 2009 18:03:41 GMT
>> > < Server: hi
>> > < X-RateLimit-Limit: 150
>> > < X-Transaction: 1256061824-5820-4214
>> > < WWW-Authenticate: Basic realm="Twitter API"
>> > < Status: 401 Unauthorized
>> > < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
>> > < X-RateLimit-Remaining: 133
>> > < X-Runtime: 0.05350
>> > < Content-Type: application/json; charset=utf-8
>> > < Pragma: no-cache
>> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
>> > post-check=0
>> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
>> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
>> > < X-RateLimit-Reset: 1256065275
>> > < Set-Cookie: lang=en; path=/
>> > < Set-Cookie:
>> > _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
>> > %250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
>> > %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab2
>> >  1743;
>> > domain=.twitter.com; path=/
>> > < Vary: Accept-Encoding
>> > < Content-Length: 118
>> > < Connection: close
>> > <
>> > * Closing connection #0
>> > {"request":"/statuses/user_timeline.json?
>> > user_id=1255997062&count=100","error":"This method requires
>> > authentication."}
>>
>> > With authentication:
>> > [madhatter:~/Desktop] ryan% curl -vvv 
>> > -uusername:passhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
>> > * About to connect() to twitter.com port 80 (#0)
>> > *   Trying 168.143.162.68... connected
>> > * Connected to twitter.com (168.143.162.68) port 80 (#0)
>> > * Server auth using Basic with user ' '> GET 
>> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
>> > > Authorization: Basic *redacted*
>> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
>> > > OpenSSL/0.9.8k zlib/1.2.3
>> > > Host: twitter.com
>> > > Accept: */*
>>
>> > < HTTP/1.1 401 Unauthorized
>> > < X-experimental-RLS-remaining: 0
>> > < X-experimental-RLS-maxvalue: 150
>> > < X-experimental-RLS-reset: 1256064142
>> > < X-experimental-RLS-th: succ
>> > < X-RLS-id: sjc1c032
>> > < Via: Cachet/0.91
>> > < Date: Tue, 20 Oct 2009 18:04:33 GMT
>> > < Server: hi
>> > < X-RateLimit-Limit: 2
>> > < X-Transaction: 1256061882-45021-11545
>> > * Authentication problem. Ignoring this.
>> > < WWW-Authenticate: Basic realm="Twitter API"
>> > < Status: 401 Unauthorized
>> > < Last-Modified: Tue, 20 Oct 2009 18:04:42 GMT
>> > < X-RateLimit-Remaining: 19823
>> > < X-Runtime: 0.11979
>> > < Content-Type: application/json; charset=utf-8
>> > < Pragma: no-cache
>> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
>> > post-check=0
>> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
>> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
>> > < X-RateLimit-Reset: 1256064139
>> > < Set-Cookie: lang=en; path=/
>> > < Set-Cookie: lang=en; path=/
>> > < Set-Cookie:
>> > _twitter_sess=BAh7C

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Ryan Rosario]

Correct. I thought that was weird, but didn't know what to make of it.
Same IP.
The unauthenticated call was from an IP that is not whitelisted, so
150/hr.
The second call was from the same IP, but authenticated as a
whitelisted account, so should be 2/hr.

I usually only work from the whitelisted IPs, but wanted to check an
IP that had never been used before for data mining.


On Oct 20, 11:36 am, Dewald Pretorius  wrote:
> Apart from the 401 issue, the following is also very weird:
>
> < X-experimental-RLS-remaining: 0
> < X-experimental-RLS-maxvalue: 150
> < X-RateLimit-Limit: 2
>
> This is on the second authenticated call. On the unauthenticated call
> X-RateLimit-Limit was 150. I assume both calls were made from the same
> IP address?
>
> Dewald
>
> On Oct 20, 3:10 pm, Ryan Rosario  wrote:
>
>
>
> > Below are the responses. I tried various combinations of -
> > uusername:pass -u=username:pass -u username:pass and each time got an
> > authentication error.
>
> > Without authentication
> > [madhatter:~/Desktop] ryan% curl 
> > -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> > * About to connect() to twitter.com port 80 (#0)
> > *   Trying 168.143.162.100... connected
> > * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> > > OpenSSL/0.9.8k zlib/1.2.3
> > > Host: twitter.com
> > > Accept: */*
>
> > < HTTP/1.1 401 Unauthorized
> > < X-experimental-RLS-remaining: 132
> > < X-experimental-RLS-maxvalue: 150
> > < X-experimental-RLS-reset: 1256065275
> > < X-experimental-RLS-th: notreq
> > < X-RLS-id: sjc1c032
> > < Via: Cachet/0.91
> > < Date: Tue, 20 Oct 2009 18:03:41 GMT
> > < Server: hi
> > < X-RateLimit-Limit: 150
> > < X-Transaction: 1256061824-5820-4214
> > < WWW-Authenticate: Basic realm="Twitter API"
> > < Status: 401 Unauthorized
> > < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
> > < X-RateLimit-Remaining: 133
> > < X-Runtime: 0.05350
> > < Content-Type: application/json; charset=utf-8
> > < Pragma: no-cache
> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> > post-check=0
> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> > < X-RateLimit-Reset: 1256065275
> > < Set-Cookie: lang=en; path=/
> > < Set-Cookie:
> > _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
> > %250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
> > %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab2 
> > 1743;
> > domain=.twitter.com; path=/
> > < Vary: Accept-Encoding
> > < Content-Length: 118
> > < Connection: close
> > <
> > * Closing connection #0
> > {"request":"/statuses/user_timeline.json?
> > user_id=1255997062&count=100","error":"This method requires
> > authentication."}
>
> > With authentication:
> > [madhatter:~/Desktop] ryan% curl -vvv 
> > -uusername:passhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> > * About to connect() to twitter.com port 80 (#0)
> > *   Trying 168.143.162.68... connected
> > * Connected to twitter.com (168.143.162.68) port 80 (#0)
> > * Server auth using Basic with user ' '> GET 
> > /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> > > Authorization: Basic *redacted*
> > > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> > > OpenSSL/0.9.8k zlib/1.2.3
> > > Host: twitter.com
> > > Accept: */*
>
> > < HTTP/1.1 401 Unauthorized
> > < X-experimental-RLS-remaining: 0
> > < X-experimental-RLS-maxvalue: 150
> > < X-experimental-RLS-reset: 1256064142
> > < X-experimental-RLS-th: succ
> > < X-RLS-id: sjc1c032
> > < Via: Cachet/0.91
> > < Date: Tue, 20 Oct 2009 18:04:33 GMT
> > < Server: hi
> > < X-RateLimit-Limit: 2
> > < X-Transaction: 1256061882-45021-11545
> > * Authentication problem. Ignoring this.
> > < WWW-Authenticate: Basic realm="Twitter API"
> > < Status: 401 Unauthorized
> > < Last-Modified: Tue, 20 Oct 2009 18:04:42 GMT
> > < X-RateLimit-Remaining: 19823
> > < X-Runtime: 0.11979
> > < Content-Type: application/json; charset=utf-8
> > < Pragma: no-cache
> > < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> > post-check=0
> > < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> > < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> > < X-RateLimit-Reset: 1256064139
> > < Set-Cookie: lang=en; path=/
> > < Set-Cookie: lang=en; path=/
> > < Set-Cookie:
> > _twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLTg1ZTQ4OTU0ZjdmM2MyOGQzMjFhOGIy
> > %250ANjEyYjBhZDAzZjYzZjY3M2Y6EXRyYW5zX3Byb21wdDA6CXVzZXJpA57usDoH
> > %250AaWQiJTgxZTNhMGNlYmE0YjRlNWI2NWRlZjdhZjU3ZDk3MmM2IgpmbGFzaElD
> > %250AOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNl
> > %250AZHsA--26052e0c4f20f2f852537f173106f426be9df437;
> > domain=.twitter.com; path=/
> > < Vary: Accept-Encoding
> > < Conten

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Dewald Pretorius]

Apart from the 401 issue, the following is also very weird:

< X-experimental-RLS-remaining: 0
< X-experimental-RLS-maxvalue: 150
< X-RateLimit-Limit: 2

This is on the second authenticated call. On the unauthenticated call
X-RateLimit-Limit was 150. I assume both calls were made from the same
IP address?

Dewald

On Oct 20, 3:10 pm, Ryan Rosario  wrote:
> Below are the responses. I tried various combinations of -
> uusername:pass -u=username:pass -u username:pass and each time got an
> authentication error.
>
> Without authentication
> [madhatter:~/Desktop] ryan% curl 
> -vvvhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> * About to connect() to twitter.com port 80 (#0)
> *   Trying 168.143.162.100... connected
> * Connected to twitter.com (168.143.162.100) port 80 (#0)> GET 
> /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> > OpenSSL/0.9.8k zlib/1.2.3
> > Host: twitter.com
> > Accept: */*
>
> < HTTP/1.1 401 Unauthorized
> < X-experimental-RLS-remaining: 132
> < X-experimental-RLS-maxvalue: 150
> < X-experimental-RLS-reset: 1256065275
> < X-experimental-RLS-th: notreq
> < X-RLS-id: sjc1c032
> < Via: Cachet/0.91
> < Date: Tue, 20 Oct 2009 18:03:41 GMT
> < Server: hi
> < X-RateLimit-Limit: 150
> < X-Transaction: 1256061824-5820-4214
> < WWW-Authenticate: Basic realm="Twitter API"
> < Status: 401 Unauthorized
> < Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
> < X-RateLimit-Remaining: 133
> < X-Runtime: 0.05350
> < Content-Type: application/json; charset=utf-8
> < Pragma: no-cache
> < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> post-check=0
> < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> < X-RateLimit-Reset: 1256065275
> < Set-Cookie: lang=en; path=/
> < Set-Cookie:
> _twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
> %250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
> %250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab21743;
> domain=.twitter.com; path=/
> < Vary: Accept-Encoding
> < Content-Length: 118
> < Connection: close
> <
> * Closing connection #0
> {"request":"/statuses/user_timeline.json?
> user_id=1255997062&count=100","error":"This method requires
> authentication."}
>
> With authentication:
> [madhatter:~/Desktop] ryan% curl -vvv 
> -uusername:passhttp://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
> * About to connect() to twitter.com port 80 (#0)
> *   Trying 168.143.162.68... connected
> * Connected to twitter.com (168.143.162.68) port 80 (#0)
> * Server auth using Basic with user ' '> GET 
> /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> > Authorization: Basic *redacted*
> > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> > OpenSSL/0.9.8k zlib/1.2.3
> > Host: twitter.com
> > Accept: */*
>
> < HTTP/1.1 401 Unauthorized
> < X-experimental-RLS-remaining: 0
> < X-experimental-RLS-maxvalue: 150
> < X-experimental-RLS-reset: 1256064142
> < X-experimental-RLS-th: succ
> < X-RLS-id: sjc1c032
> < Via: Cachet/0.91
> < Date: Tue, 20 Oct 2009 18:04:33 GMT
> < Server: hi
> < X-RateLimit-Limit: 2
> < X-Transaction: 1256061882-45021-11545
> * Authentication problem. Ignoring this.
> < WWW-Authenticate: Basic realm="Twitter API"
> < Status: 401 Unauthorized
> < Last-Modified: Tue, 20 Oct 2009 18:04:42 GMT
> < X-RateLimit-Remaining: 19823
> < X-Runtime: 0.11979
> < Content-Type: application/json; charset=utf-8
> < Pragma: no-cache
> < Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
> post-check=0
> < Expires: Tue, 31 Mar 1981 05:00:00 GMT
> < X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
> < X-RateLimit-Reset: 1256064139
> < Set-Cookie: lang=en; path=/
> < Set-Cookie: lang=en; path=/
> < Set-Cookie:
> _twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLTg1ZTQ4OTU0ZjdmM2MyOGQzMjFhOGIy
> %250ANjEyYjBhZDAzZjYzZjY3M2Y6EXRyYW5zX3Byb21wdDA6CXVzZXJpA57usDoH
> %250AaWQiJTgxZTNhMGNlYmE0YjRlNWI2NWRlZjdhZjU3ZDk3MmM2IgpmbGFzaElD
> %250AOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNl
> %250AZHsA--26052e0c4f20f2f852537f173106f426be9df437;
> domain=.twitter.com; path=/
> < Vary: Accept-Encoding
> < Content-Length: 118
> < Connection: close
> <
> * Closing connection #0
>
> On Oct 20, 10:25 am, Chad Etzel  wrote:
>
> > Hi Ryan,
>
> > This sounds like a bug. Can you provide full HTTP request/response
> > headers+body traces for some of these requests? (be sure to obscure
> > the authentication header). Using curl -vvv would be good.
>
> > -Chad
>
> > On Tue, Oct 20, 2009 at 1:10 PM, Ryan Rosario  wrote:
>
> > > I have been running into a recurring problem that I have been facing
> > > for the past couple of days, on numerous machines.
>
> > > I am extracting 200 tweets for a large number of users, using the
> > > numeric user ID (user_id). After a small num

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Ryan Rosario]

Below are the responses. I tried various combinations of -
uusername:pass -u=username:pass -u username:pass and each time got an
authentication error.

Without authentication
[madhatter:~/Desktop] ryan% curl -vvv
http://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
* About to connect() to twitter.com port 80 (#0)
*   Trying 168.143.162.100... connected
* Connected to twitter.com (168.143.162.100) port 80 (#0)
> GET /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> OpenSSL/0.9.8k zlib/1.2.3
> Host: twitter.com
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-experimental-RLS-remaining: 132
< X-experimental-RLS-maxvalue: 150
< X-experimental-RLS-reset: 1256065275
< X-experimental-RLS-th: notreq
< X-RLS-id: sjc1c032
< Via: Cachet/0.91
< Date: Tue, 20 Oct 2009 18:03:41 GMT
< Server: hi
< X-RateLimit-Limit: 150
< X-Transaction: 1256061824-5820-4214
< WWW-Authenticate: Basic realm="Twitter API"
< Status: 401 Unauthorized
< Last-Modified: Tue, 20 Oct 2009 18:03:44 GMT
< X-RateLimit-Remaining: 133
< X-Runtime: 0.05350
< Content-Type: application/json; charset=utf-8
< Pragma: no-cache
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
post-check=0
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
< X-RateLimit-Reset: 1256065275
< Set-Cookie: lang=en; path=/
< Set-Cookie:
_twitter_sess=BAh7CDoRdHJhbnNfcHJvbXB0MDoHaWQiJWM5OTU5MWNkNmE5MjMwNzU0Nzhh
%250AMzdkMTA3NzE2Zjk5IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFz
%250AaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--73f950f824e3e048d3691a3eeec8a8fbbab21743;
domain=.twitter.com; path=/
< Vary: Accept-Encoding
< Content-Length: 118
< Connection: close
<
* Closing connection #0
{"request":"/statuses/user_timeline.json?
user_id=1255997062&count=100","error":"This method requires
authentication."}



With authentication:
[madhatter:~/Desktop] ryan% curl -vvv -uusername:pass
http://twitter.com/statuses/user_timeline.json\?user_id=1255997062\&count=100
* About to connect() to twitter.com port 80 (#0)
*   Trying 168.143.162.68... connected
* Connected to twitter.com (168.143.162.68) port 80 (#0)
* Server auth using Basic with user ' '
> GET /statuses/user_timeline.json?user_id=1255997062&count=100 HTTP/1.1
> Authorization: Basic *redacted*
> User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 
> OpenSSL/0.9.8k zlib/1.2.3
> Host: twitter.com
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-experimental-RLS-remaining: 0
< X-experimental-RLS-maxvalue: 150
< X-experimental-RLS-reset: 1256064142
< X-experimental-RLS-th: succ
< X-RLS-id: sjc1c032
< Via: Cachet/0.91
< Date: Tue, 20 Oct 2009 18:04:33 GMT
< Server: hi
< X-RateLimit-Limit: 2
< X-Transaction: 1256061882-45021-11545
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Twitter API"
< Status: 401 Unauthorized
< Last-Modified: Tue, 20 Oct 2009 18:04:42 GMT
< X-RateLimit-Remaining: 19823
< X-Runtime: 0.11979
< Content-Type: application/json; charset=utf-8
< Pragma: no-cache
< Cache-Control: no-cache, no-store, must-revalidate, pre-check=0,
post-check=0
< Expires: Tue, 31 Mar 1981 05:00:00 GMT
< X-Revision: 726d1f10cbe49a923e837d8c3fca3a3993a0f964
< X-RateLimit-Reset: 1256064139
< Set-Cookie: lang=en; path=/
< Set-Cookie: lang=en; path=/
< Set-Cookie:
_twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLTg1ZTQ4OTU0ZjdmM2MyOGQzMjFhOGIy
%250ANjEyYjBhZDAzZjYzZjY3M2Y6EXRyYW5zX3Byb21wdDA6CXVzZXJpA57usDoH
%250AaWQiJTgxZTNhMGNlYmE0YjRlNWI2NWRlZjdhZjU3ZDk3MmM2IgpmbGFzaElD
%250AOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNl
%250AZHsA--26052e0c4f20f2f852537f173106f426be9df437;
domain=.twitter.com; path=/
< Vary: Accept-Encoding
< Content-Length: 118
< Connection: close
<
* Closing connection #0


On Oct 20, 10:25 am, Chad Etzel  wrote:
> Hi Ryan,
>
> This sounds like a bug. Can you provide full HTTP request/response
> headers+body traces for some of these requests? (be sure to obscure
> the authentication header). Using curl -vvv would be good.
>
> -Chad
>
>
>
> On Tue, Oct 20, 2009 at 1:10 PM, Ryan Rosario  wrote:
>
> > I have been running into a recurring problem that I have been facing
> > for the past couple of days, on numerous machines.
>
> > I am extracting 200 tweets for a large number of users, using the
> > numeric user ID (user_id). After a small number of requests (between
> > 10 and 50) I receive nothing but "This method requires
> > authentication". Authenticating with my username and password does not
> > make the message go away. I have verified that the users I am trying
> > to pull are not protected users. I have also verified that I am not
> > hitting the rate limit.
>
> > On my latest attempt, I used an IP I have not used in the past. I was
> > able to extract the first 200 tweets for *12* users, then I started
> > receiving 401s ("This method requires authentication") on every single
> > request of this type.
>
> 

[twitter-dev] Re: 401 Unauthorized -- user_timeline -- using Numeric ID

[Chad Etzel]

Hi Ryan,

This sounds like a bug. Can you provide full HTTP request/response
headers+body traces for some of these requests? (be sure to obscure
the authentication header). Using curl -vvv would be good.

-Chad

On Tue, Oct 20, 2009 at 1:10 PM, Ryan Rosario  wrote:
>
> I have been running into a recurring problem that I have been facing
> for the past couple of days, on numerous machines.
>
> I am extracting 200 tweets for a large number of users, using the
> numeric user ID (user_id). After a small number of requests (between
> 10 and 50) I receive nothing but "This method requires
> authentication". Authenticating with my username and password does not
> make the message go away. I have verified that the users I am trying
> to pull are not protected users. I have also verified that I am not
> hitting the rate limit.
>
> On my latest attempt, I used an IP I have not used in the past. I was
> able to extract the first 200 tweets for *12* users, then I started
> receiving 401s ("This method requires authentication") on every single
> request of this type.
>
> After about 10 minutes, I tried again and it worked for about another
> 15 users, then I started getting the same message as well as other
> messages including 502.
>
> Is this behavior expected? Does this 401 message possibly mean
> something else?
>

[twitter-dev] Re: 401 Unauthorized error while posting status with Unicode characters (non english characters)

[Satheesh Natesan]

Thanks, I will try that!

On Sat, Sep 26, 2009 at 8:11 AM, JDG  wrote:

> That's true -- %5BB6, for example, is NOT a UTF-8 encoded codepoint for a
> character. It's Unicode (or UTF-16).
>
> On Fri, Sep 25, 2009 at 20:54, Mageuzi  wrote:
>
>>
>> Hello,
>> I had this same problem.  I had to convert all multi-byte characters
>> into their individual bytes.
>> So, for example, for the character "の":
>> Your example has %306E, but the encoding that works for me is
>> %E3%81%AE (three bytes for the three-byte character).
>>
>>
>> On Sep 25, 5:00 pm, Satheesh Natesan 
>> wrote:
>> > Yes, it is UTF-8 encoded.
>> >
>> > The request body for "の脚本家が贈る" is
>> >
>> oauth_consumer_key=wmeO7Y20oMFa1ptKVY4WA&oauth_nonce=3231757&oauth_signatur­e_method=HMAC-SHA1&oauth_timestamp=1253903495&oauth_token=76084396-0M9ll2ng­hrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ&oauth_version=1.0&status=%306E%811A%672C%­5BB6%304C%8D08%308B&oauth_signature=AMcLsF43vPP6Hmn8fv%2bZCMdqEnU%3d
>> >
>> > and the base signature is
>> >
>> POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.json&oauth_consumer_key%3­DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce%3D3231757%26oauth_signature_method%3DH­MAC-SHA1%26oauth_timestamp%3D1253903495%26oauth_token%3D76084396-0M9ll2nghr­jWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version%3D1.0%26status%3D%25306E%25­811A%25672C%255BB6%25304C%258D08%25308B
>> >
>> > Do you see anything wrong here?
>> >
>> > Thanks!
>> > Satheesh Natesan
>> >
>> >
>> >
>>  > On Thu, Sep 24, 2009 at 6:49 PM, Carlos  wrote:
>> >
>> > > Are you sure you are encoding your posts as UTF-8?
>> >
>> > > On Sep 24, 5:16 pm, Satheesh Natesan 
>> > > wrote:
>> > >  > I am getting "401 Unauthorized" exception when updating status with
>> > > > non english characters using my app.
>> >
>> > > > This exception is happening for any Japanese or Korean characters.
>> >
>> > > > Another interesting thing is that it is possible to post some other
>> > > > non english characters like Malayalam. The exception will not happen
>> > > > for single word in these cases, but occurs for multiple words.
>> > > > For example consider the following example
>> >
>> > > > ØáÇÞµæù çµdw - does not work
>> >
>> > > > ØáÇÞµæùçµdw - with space removed works.
>> >
>> > > > Base signature for "ØáÇÞµæù çµdw" which throws exception is
>> >
>> > > > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
>> > > > %2Fupdate.json&oauth_consumer_key%
>> > > > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
>> > > > %3D4504682%26oauth_signature_method%
>> > > > 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396-
>> > > > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
>> > > > %3D1.0%26status%
>> > > > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw
>> >
>> > > > and for "ØáÇÞµæùçµdw" which works is
>> >
>> > > > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
>> > > > %2Fupdate.json&oauth_consumer_key%
>> > > > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
>> > > > %3D9388868%26oauth_signature_method%
>> > > > 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396-
>> > > > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
>> > > > %3D1.0%26status%
>> > > > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw
>> >
>> > > > OAuth client library I am using is in .Net
>> >
>> > > > Could you please help to solve this issue? Also I would like to know
>> > > > you support all unicode characters.
>> > > > Your help is greatly appreciated.
>> >
>> > > > Thanks,
>> > > > Satheesh Natesan- Hide quoted text -
>> >
>> > - Show quoted text -
>
>
>
>
> --
> Internets. Serious business.
>

[twitter-dev] Re: 401 Unauthorized error while posting status with Unicode characters (non english characters)

[JDG]

That's true -- %5BB6, for example, is NOT a UTF-8 encoded codepoint for a
character. It's Unicode (or UTF-16).

On Fri, Sep 25, 2009 at 20:54, Mageuzi  wrote:

>
> Hello,
> I had this same problem.  I had to convert all multi-byte characters
> into their individual bytes.
> So, for example, for the character "の":
> Your example has %306E, but the encoding that works for me is
> %E3%81%AE (three bytes for the three-byte character).
>
>
> On Sep 25, 5:00 pm, Satheesh Natesan 
> wrote:
> > Yes, it is UTF-8 encoded.
> >
> > The request body for "の脚本家が贈る" is
> >
> oauth_consumer_key=wmeO7Y20oMFa1ptKVY4WA&oauth_nonce=3231757&oauth_signatur­e_method=HMAC-SHA1&oauth_timestamp=1253903495&oauth_token=76084396-0M9ll2ng­hrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ&oauth_version=1.0&status=%306E%811A%672C%­5BB6%304C%8D08%308B&oauth_signature=AMcLsF43vPP6Hmn8fv%2bZCMdqEnU%3d
> >
> > and the base signature is
> >
> POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.json&oauth_consumer_key%3­DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce%3D3231757%26oauth_signature_method%3DH­MAC-SHA1%26oauth_timestamp%3D1253903495%26oauth_token%3D76084396-0M9ll2nghr­jWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version%3D1.0%26status%3D%25306E%25­811A%25672C%255BB6%25304C%258D08%25308B
> >
> > Do you see anything wrong here?
> >
> > Thanks!
> > Satheesh Natesan
> >
> >
> >
> > On Thu, Sep 24, 2009 at 6:49 PM, Carlos  wrote:
> >
> > > Are you sure you are encoding your posts as UTF-8?
> >
> > > On Sep 24, 5:16 pm, Satheesh Natesan 
> > > wrote:
> > >  > I am getting "401 Unauthorized" exception when updating status with
> > > > non english characters using my app.
> >
> > > > This exception is happening for any Japanese or Korean characters.
> >
> > > > Another interesting thing is that it is possible to post some other
> > > > non english characters like Malayalam. The exception will not happen
> > > > for single word in these cases, but occurs for multiple words.
> > > > For example consider the following example
> >
> > > > ØáÇÞµæù çµdw - does not work
> >
> > > > ØáÇÞµæùçµdw - with space removed works.
> >
> > > > Base signature for "ØáÇÞµæù çµdw" which throws exception is
> >
> > > > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> > > > %2Fupdate.json&oauth_consumer_key%
> > > > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> > > > %3D4504682%26oauth_signature_method%
> > > > 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396-
> > > > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> > > > %3D1.0%26status%
> > > > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw
> >
> > > > and for "ØáÇÞµæùçµdw" which works is
> >
> > > > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> > > > %2Fupdate.json&oauth_consumer_key%
> > > > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> > > > %3D9388868%26oauth_signature_method%
> > > > 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396-
> > > > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> > > > %3D1.0%26status%
> > > > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw
> >
> > > > OAuth client library I am using is in .Net
> >
> > > > Could you please help to solve this issue? Also I would like to know
> > > > you support all unicode characters.
> > > > Your help is greatly appreciated.
> >
> > > > Thanks,
> > > > Satheesh Natesan- Hide quoted text -
> >
> > - Show quoted text -




-- 
Internets. Serious business.

[twitter-dev] Re: 401 Unauthorized error while posting status with Unicode characters (non english characters)

[Mageuzi]

Hello,
I had this same problem.  I had to convert all multi-byte characters
into their individual bytes.
So, for example, for the character "の":
Your example has %306E, but the encoding that works for me is
%E3%81%AE (three bytes for the three-byte character).


On Sep 25, 5:00 pm, Satheesh Natesan 
wrote:
> Yes, it is UTF-8 encoded.
>
> The request body for "の脚本家が贈る" is
> oauth_consumer_key=wmeO7Y20oMFa1ptKVY4WA&oauth_nonce=3231757&oauth_signatur­e_method=HMAC-SHA1&oauth_timestamp=1253903495&oauth_token=76084396-0M9ll2ng­hrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ&oauth_version=1.0&status=%306E%811A%672C%­5BB6%304C%8D08%308B&oauth_signature=AMcLsF43vPP6Hmn8fv%2bZCMdqEnU%3d
>
> and the base signature is
> POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.json&oauth_consumer_key%3­DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce%3D3231757%26oauth_signature_method%3DH­MAC-SHA1%26oauth_timestamp%3D1253903495%26oauth_token%3D76084396-0M9ll2nghr­jWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version%3D1.0%26status%3D%25306E%25­811A%25672C%255BB6%25304C%258D08%25308B
>
> Do you see anything wrong here?
>
> Thanks!
> Satheesh Natesan
>
>
>
> On Thu, Sep 24, 2009 at 6:49 PM, Carlos  wrote:
>
> > Are you sure you are encoding your posts as UTF-8?
>
> > On Sep 24, 5:16 pm, Satheesh Natesan 
> > wrote:
> >  > I am getting "401 Unauthorized" exception when updating status with
> > > non english characters using my app.
>
> > > This exception is happening for any Japanese or Korean characters.
>
> > > Another interesting thing is that it is possible to post some other
> > > non english characters like Malayalam. The exception will not happen
> > > for single word in these cases, but occurs for multiple words.
> > > For example consider the following example
>
> > > ØáÇÞµæù çµdw - does not work
>
> > > ØáÇÞµæùçµdw - with space removed works.
>
> > > Base signature for "ØáÇÞµæù çµdw" which throws exception is
>
> > > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> > > %2Fupdate.json&oauth_consumer_key%
> > > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> > > %3D4504682%26oauth_signature_method%
> > > 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396-
> > > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> > > %3D1.0%26status%
> > > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw
>
> > > and for "ØáÇÞµæùçµdw" which works is
>
> > > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> > > %2Fupdate.json&oauth_consumer_key%
> > > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> > > %3D9388868%26oauth_signature_method%
> > > 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396-
> > > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> > > %3D1.0%26status%
> > > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw
>
> > > OAuth client library I am using is in .Net
>
> > > Could you please help to solve this issue? Also I would like to know
> > > you support all unicode characters.
> > > Your help is greatly appreciated.
>
> > > Thanks,
> > > Satheesh Natesan- Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Re: 401 Unauthorized error while posting status with Unicode characters (non english characters)

[Satheesh Natesan]

Yes, it is UTF-8 encoded.

The request body for "の脚本家が贈る" is
oauth_consumer_key=wmeO7Y20oMFa1ptKVY4WA&oauth_nonce=3231757&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1253903495&oauth_token=76084396-0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ&oauth_version=1.0&status=%306E%811A%672C%5BB6%304C%8D08%308B&oauth_signature=AMcLsF43vPP6Hmn8fv%2bZCMdqEnU%3d

and the base signature is
POST&http%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.json&oauth_consumer_key%3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce%3D3231757%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1253903495%26oauth_token%3D76084396-0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version%3D1.0%26status%3D%25306E%25811A%25672C%255BB6%25304C%258D08%25308B

Do you see anything wrong here?

Thanks!
Satheesh Natesan






On Thu, Sep 24, 2009 at 6:49 PM, Carlos  wrote:

>
> Are you sure you are encoding your posts as UTF-8?
>
> On Sep 24, 5:16 pm, Satheesh Natesan 
> wrote:
>  > I am getting "401 Unauthorized" exception when updating status with
> > non english characters using my app.
> >
> > This exception is happening for any Japanese or Korean characters.
> >
> > Another interesting thing is that it is possible to post some other
> > non english characters like Malayalam. The exception will not happen
> > for single word in these cases, but occurs for multiple words.
> > For example consider the following example
> >
> > ØáÇÞµæù çµdw - does not work
> >
> > ØáÇÞµæùçµdw - with space removed works.
> >
> > Base signature for "ØáÇÞµæù çµdw" which throws exception is
> >
> > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> > %2Fupdate.json&oauth_consumer_key%
> > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> > %3D4504682%26oauth_signature_method%
> > 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396-
> > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> > %3D1.0%26status%
> > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw
> >
> > and for "ØáÇÞµæùçµdw" which works is
> >
> > POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> > %2Fupdate.json&oauth_consumer_key%
> > 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> > %3D9388868%26oauth_signature_method%
> > 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396-
> > 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> > %3D1.0%26status%
> > 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw
> >
> > OAuth client library I am using is in .Net
> >
> > Could you please help to solve this issue? Also I would like to know
> > you support all unicode characters.
> > Your help is greatly appreciated.
> >
> > Thanks,
> > Satheesh Natesan
>

[twitter-dev] Re: 401 Unauthorized error while posting status with Unicode characters (non english characters)

[Carlos]

Are you sure you are encoding your posts as UTF-8?

On Sep 24, 5:16 pm, Satheesh Natesan 
wrote:
> I am getting "401 Unauthorized" exception when updating status with
> non english characters using my app.
>
> This exception is happening for any Japanese or Korean characters.
>
> Another interesting thing is that it is possible to post some other
> non english characters like Malayalam. The exception will not happen
> for single word in these cases, but occurs for multiple words.
> For example consider the following example
>
> ØáÇÞµæù çµdw - does not work
>
> ØáÇÞµæùçµdw - with space removed works.
>
> Base signature for "ØáÇÞµæù çµdw" which throws exception is
>
> POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> %2Fupdate.json&oauth_consumer_key%
> 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> %3D4504682%26oauth_signature_method%
> 3DHMAC-SHA1%26oauth_timestamp%3D1253727596%26oauth_token%3D76084396-
> 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> %3D1.0%26status%
> 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%2520%25E7%25B5dw
>
> and for "ØáÇÞµæùçµdw" which works is
>
> POST&http%3A%2F%2Ftwitter.com%2Fstatuses
> %2Fupdate.json&oauth_consumer_key%
> 3DwmeO7Y20oMFa1ptKVY4WA%26oauth_nonce
> %3D9388868%26oauth_signature_method%
> 3DHMAC-SHA1%26oauth_timestamp%3D1253727793%26oauth_token%3D76084396-
> 0M9ll2nghrjWhjALbH7YEHXizcLDNvoLfgXKfHQZQ%26oauth_version
> %3D1.0%26status%
> 3D%25D8%25E1%25C7%25DE%25B5%25E6%25F9%25E7%25B5dw
>
> OAuth client library I am using is in .Net
>
> Could you please help to solve this issue? Also I would like to know
> you support all unicode characters.
> Your help is greatly appreciated.
>
> Thanks,
> Satheesh Natesan

[twitter-dev] Re: 401 Unauthorized...

[Josh Roesslein]

Are you getting anything in the response body with the 401?

On Wed, Aug 12, 2009 at 2:22 PM, Alex Payne  wrote:

> To the best of my knowledge, we're not doing any unusual blocking. Rate
> limits are as they have been.
>
>
> On Wed, Aug 12, 2009 at 08:08, AccountingSoftwareGuy <
> virga.rob...@gmail.com> wrote:
>
>>
>> Is Twitter still blocking posts to the API from non-white listed
>> apps?  Since the DDOS attack we can't seem to send any posts through
>> the API using oAuth.  Nothing in our code has changed but all was
>> working prior to the attack. Is anyone out there havine any success
>> sending messages with oauth (non-whitelisted app)???
>>
>> Can someone/anyone please comment, I need to get our app working but
>> considering our code has not changed I don't want to spend a lot of
>> time chasing something down that is not my fault and out of my
>> control.
>>
>> PLEASE HELP
>>
>
>
>
> --
> Alex Payne - Platform Lead, Twitter, Inc.
> http://twitter.com/al3x
>



-- 
Josh

[twitter-dev] Re: 401 Unauthorized...

[Alex Payne]

To the best of my knowledge, we're not doing any unusual blocking. Rate
limits are as they have been.

On Wed, Aug 12, 2009 at 08:08, AccountingSoftwareGuy  wrote:

>
> Is Twitter still blocking posts to the API from non-white listed
> apps?  Since the DDOS attack we can't seem to send any posts through
> the API using oAuth.  Nothing in our code has changed but all was
> working prior to the attack. Is anyone out there havine any success
> sending messages with oauth (non-whitelisted app)???
>
> Can someone/anyone please comment, I need to get our app working but
> considering our code has not changed I don't want to spend a lot of
> time chasing something down that is not my fault and out of my
> control.
>
> PLEASE HELP
>



-- 
Alex Payne - Platform Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: 401 Unauthorized...

[Duane Roelands]

I'm seeing some app problems this morning as well.  Attempting to
retrieve the timeline for the authenticated user returns no statuses.

On Aug 12, 11:08 am, AccountingSoftwareGuy 
wrote:
> Is Twitter still blocking posts to the API from non-white listed
> apps?  Since the DDOS attack we can't seem to send any posts through
> the API using oAuth.  Nothing in our code has changed but all was
> working prior to the attack. Is anyone out there havine any success
> sending messages with oauth (non-whitelisted app)???
>
> Can someone/anyone please comment, I need to get our app working but
> considering our code has not changed I don't want to spend a lot of
> time chasing something down that is not my fault and out of my
> control.
>
> PLEASE HELP

[twitter-dev] Re: 401 Unauthorized

[Duane Roelands]

I think Twitter is still experiencing issues from this morning's DDOS
attack.  I've been working on code tonight and things were working
swimmingly and now my app can't connect.

On Aug 6, 8:38 pm, Goldbird  wrote:
> Are anyone experiencing "401 Unauthorized " errors? Everything worked
> fine before yesterday. Now we are getting 401 Unauthorized  on both
> basic authorization and OAuth on 80% of the calls. Other 20% works
> fine.
>
> What's happening?

[twitter-dev] Re: 401 Unauthorized When Getting an Access Token

[JDG]

oob means Out of Band, and is designed for desktop applications. If you
don't specify a callback when getting the request token, you're given a pin
to enter. It sounds like you're not using that flow though.

On Sat, Aug 1, 2009 at 14:55, mattarnold1977 wrote:

>
> JDG,
>
> Thanks for the reply.  I didn't realize that I needed to include an
> oauth_callback parameter for getting the ACCESS TOKEN.  I knew I could
> supply one (optional) when getting the REQUEST TOKEN.  I thought it
> would automatically callback to the application I created with
> Twitter.  I'm also not sure what you mean by the oob flow?
>
> -Matt
>
> On Jul 31, 3:20 pm, JDG  wrote:
> > Since you're not including an oauth_callback, i would assume you're using
> > the oob flow, in which case, i have to ask, where's your oauth_verifier
> > parameter?
> >
> > On Fri, Jul 31, 2009 at 13:09, mattarnold1977 <
> matt.arnold.1...@gmail.com>wrote:
> >
> >
> >
> >
> >
> >
> >
> > > Please, if anyone can assist I would be grateful.  Here is a sample of
> > > my url I've formed to get the access token:
> >
> > >http://twitter.com/oauth/access_token?oauth_consumer_key=myconsumerke.
> ..
> >
> > > -Matt
> >
> > > On Jul 30, 7:49 pm, mattarnold1977  wrote:
> > > > I am using ASP .NET (VB) to try and authenticate using oAuth.  I have
> > > > been able to get a request token and direct a user to Twitter's
> > > > authentication page.  Twitter then redirects back to my app.  At that
> > > > point I attempt to get an access token, but I continue to receive 401
> > > > "unauthorized" errors.  I have made sure that I am getting a new
> > > > signature, using both the token and token secret when generating the
> > > > signature, and that my url parameters are in alphabetical order, but
> I
> > > > continue to get 401 errors.  Has anyone experienced this, and if so,
> > > > could you point me in the right direction toward diagnosing this
> > > > issue?
> >
> > > > -Matt
> >
> > --
> > Internets. Serious business.
>



-- 
Internets. Serious business.

[twitter-dev] Re: 401 Unauthorized When Getting an Access Token

[mattarnold1977]

JDG,

Thanks for the reply.  I didn't realize that I needed to include an
oauth_callback parameter for getting the ACCESS TOKEN.  I knew I could
supply one (optional) when getting the REQUEST TOKEN.  I thought it
would automatically callback to the application I created with
Twitter.  I'm also not sure what you mean by the oob flow?

-Matt

On Jul 31, 3:20 pm, JDG  wrote:
> Since you're not including an oauth_callback, i would assume you're using
> the oob flow, in which case, i have to ask, where's your oauth_verifier
> parameter?
>
> On Fri, Jul 31, 2009 at 13:09, mattarnold1977 
> wrote:
>
>
>
>
>
>
>
> > Please, if anyone can assist I would be grateful.  Here is a sample of
> > my url I've formed to get the access token:
>
> >http://twitter.com/oauth/access_token?oauth_consumer_key=myconsumerke...
>
> > -Matt
>
> > On Jul 30, 7:49 pm, mattarnold1977  wrote:
> > > I am using ASP .NET (VB) to try and authenticate using oAuth.  I have
> > > been able to get a request token and direct a user to Twitter's
> > > authentication page.  Twitter then redirects back to my app.  At that
> > > point I attempt to get an access token, but I continue to receive 401
> > > "unauthorized" errors.  I have made sure that I am getting a new
> > > signature, using both the token and token secret when generating the
> > > signature, and that my url parameters are in alphabetical order, but I
> > > continue to get 401 errors.  Has anyone experienced this, and if so,
> > > could you point me in the right direction toward diagnosing this
> > > issue?
>
> > > -Matt
>
> --
> Internets. Serious business.

[twitter-dev] Re: 401 Unauthorized When Getting an Access Token

[JDG]

Since you're not including an oauth_callback, i would assume you're using
the oob flow, in which case, i have to ask, where's your oauth_verifier
parameter?

On Fri, Jul 31, 2009 at 13:09, mattarnold1977 wrote:

>
> Please, if anyone can assist I would be grateful.  Here is a sample of
> my url I've formed to get the access token:
>
>
> http://twitter.com/oauth/access_token?oauth_consumer_key=myconsumerkey&oauth_nonce=6475147&oauth_signature=mysignature&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1248981982&oauth_token=mytoken&oauth_version=1.0
>
> -Matt
>
> On Jul 30, 7:49 pm, mattarnold1977  wrote:
> > I am using ASP .NET (VB) to try and authenticate using oAuth.  I have
> > been able to get a request token and direct a user to Twitter's
> > authentication page.  Twitter then redirects back to my app.  At that
> > point I attempt to get an access token, but I continue to receive 401
> > "unauthorized" errors.  I have made sure that I am getting a new
> > signature, using both the token and token secret when generating the
> > signature, and that my url parameters are in alphabetical order, but I
> > continue to get 401 errors.  Has anyone experienced this, and if so,
> > could you point me in the right direction toward diagnosing this
> > issue?
> >
> > -Matt
>



-- 
Internets. Serious business.

[twitter-dev] Re: 401 Unauthorized When Getting an Access Token

[mattarnold1977]

Please, if anyone can assist I would be grateful.  Here is a sample of
my url I've formed to get the access token:

http://twitter.com/oauth/access_token?oauth_consumer_key=myconsumerkey&oauth_nonce=6475147&oauth_signature=mysignature&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1248981982&oauth_token=mytoken&oauth_version=1.0

-Matt

On Jul 30, 7:49 pm, mattarnold1977  wrote:
> I am using ASP .NET (VB) to try and authenticate using oAuth.  I have
> been able to get a request token and direct a user to Twitter's
> authentication page.  Twitter then redirects back to my app.  At that
> point I attempt to get an access token, but I continue to receive 401
> "unauthorized" errors.  I have made sure that I am getting a new
> signature, using both the token and token secret when generating the
> signature, and that my url parameters are in alphabetical order, but I
> continue to get 401 errors.  Has anyone experienced this, and if so,
> could you point me in the right direction toward diagnosing this
> issue?
>
> -Matt

[twitter-dev] Re: 401: Unauthorized application or token on friendship/exists

[tayknight]

Well, I feel like a moron. Thanks for the help. Sorry to have asked
you to spend time on something so ridiculously simple.

On Apr 30, 11:04 am, Abraham Williams <4bra...@gmail.com> wrote:
> friendships/exists.json
> *not*
> friendship/exists.json
>
>
>
> On Tue, Apr 28, 2009 at 11:06, tayknight  wrote:
>
> > I'm fairly sure I'm getting a proper token. Using the page
> >http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.htmlI
> > get the same signature as in my failing url.
>
> > GET looks like:
> >http://twitter.com/friendship/exists.json?
> > oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg
> > &oauth_nonce=375494971125145587
> > &oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D
> > &oauth_signature_method=HMAC-SHA1
> > &oauth_timestamp=1240933535
> > &oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk
> > &oauth_version=1.0
> > &user_a=tayknight
> > &user_b=wxtweet
>
> > I must be missing something obvious. Other GETs work. I can provide
> > secrets to TwitterAPI folks if they want to help debug.
>
> > Thanks.
>
> --
> Abraham Williams |http://the.hackerconundrum.com
> Hacker |http://abrah.am|http://twitter.com/abraham
> Web608 | Community Evangelist |http://web608.org
> This email is: [ ] blogable [x] ask first [ ] private.
> Sent from Madison, WI, United States

[twitter-dev] Re: 401: Unauthorized application or token on friendship/exists

[Abraham Williams]

statuses/followers.json
*not*
status/followers.json

On Thu, Apr 30, 2009 at 01:47, app  wrote:

>
> Getting the same problem for /status/followers.json
>
> Request for /verify/credentials.json works but not for /status/
> followers.json
>
> verify credentials header:
>
> GET /account/verify_credentials.json?
>
> oauth_nonce=1867266443966123327&oauth_timestamp=1241073359&oauth_consumer_key=xKG4bNvaxBrHFD7tiLQA&oauth_signature_method=HMAC-
> SHA1&oauth_version=1.0&oauth_token=20687908-
> j3YphuX2QGTipIvapvJK4RdHld19meNecc0PtQBvs&oauth_signature=Esh
> %2FToKgEYj6rCVbzBHp5UBan%2Bk%3D HTTP/1.1
> Accept-Encoding: identity
> Host: twitter.com
> Connection: close
> User-Agent: Python-urllib/2.5
>
> status followers header:
>
> GET /status/followers.json?
>
> oauth_nonce=6139498031622514402&oauth_timestamp=1241073817&oauth_consumer_key=xKG4bNvaxBrHFD7tiLQA&oauth_signature_method=HMAC-
> SHA1&oauth_version=1.0&oauth_token=20687908-
> j3YphuX2QGTipIvapvJK4RdHld19meNecc0PtQBvs&oauth_signature=iW01C77P
> %2FjSzzY%2Fnuma3Oq7rzGI%3D HTTP/1.1
> Accept-Encoding: identity
> Host: twitter.com
> Connection: close
> User-Agent: Python-urllib/2.5
>
> going to file a bug
>
> On Apr 28, 9:06 am, tayknight  wrote:
> > I'm fairly sure I'm getting a proper token. Using the pagehttp://
> www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.htmlI
> > get the same signature as in my failing url.
> >
> > GET looks like:http://twitter.com/friendship/exists.json?
> > oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg
> > &oauth_nonce=375494971125145587
> > &oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D
> > &oauth_signature_method=HMAC-SHA1
> > &oauth_timestamp=1240933535
> > &oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk
> > &oauth_version=1.0
> > &user_a=tayknight
> > &user_b=wxtweet
> >
> > I must be missing something obvious. Other GETs work. I can provide
> > secrets to TwitterAPI folks if they want to help debug.
> >
> > Thanks.
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, WI, United States

[twitter-dev] Re: 401: Unauthorized application or token on friendship/exists

[Abraham Williams]

friendships/exists.json
*not*
friendship/exists.json

On Tue, Apr 28, 2009 at 11:06, tayknight  wrote:

>
> I'm fairly sure I'm getting a proper token. Using the page
> http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html I
> get the same signature as in my failing url.
>
> GET looks like:
> http://twitter.com/friendship/exists.json?
> oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg
> &oauth_nonce=375494971125145587
> &oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D
> &oauth_signature_method=HMAC-SHA1
> &oauth_timestamp=1240933535
> &oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk
> &oauth_version=1.0
> &user_a=tayknight
> &user_b=wxtweet
>
> I must be missing something obvious. Other GETs work. I can provide
> secrets to TwitterAPI folks if they want to help debug.
>
> Thanks.
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, WI, United States

[twitter-dev] Re: 401: Unauthorized application or token on friendship/exists

[app]

Getting the same problem for /status/followers.json

Request for /verify/credentials.json works but not for /status/
followers.json

verify credentials header:

GET /account/verify_credentials.json?
oauth_nonce=1867266443966123327&oauth_timestamp=1241073359&oauth_consumer_key=xKG4bNvaxBrHFD7tiLQA&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=20687908-
j3YphuX2QGTipIvapvJK4RdHld19meNecc0PtQBvs&oauth_signature=Esh
%2FToKgEYj6rCVbzBHp5UBan%2Bk%3D HTTP/1.1
Accept-Encoding: identity
Host: twitter.com
Connection: close
User-Agent: Python-urllib/2.5

status followers header:

GET /status/followers.json?
oauth_nonce=6139498031622514402&oauth_timestamp=1241073817&oauth_consumer_key=xKG4bNvaxBrHFD7tiLQA&oauth_signature_method=HMAC-
SHA1&oauth_version=1.0&oauth_token=20687908-
j3YphuX2QGTipIvapvJK4RdHld19meNecc0PtQBvs&oauth_signature=iW01C77P
%2FjSzzY%2Fnuma3Oq7rzGI%3D HTTP/1.1
Accept-Encoding: identity
Host: twitter.com
Connection: close
User-Agent: Python-urllib/2.5

going to file a bug

On Apr 28, 9:06 am, tayknight  wrote:
> I'm fairly sure I'm getting a proper token. Using the 
> pagehttp://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.htmlI
> get the same signature as in my failing url.
>
> GET looks like:http://twitter.com/friendship/exists.json?
> oauth_consumer_key=Rg4VBVUvAoThpl78duF3Rg
> &oauth_nonce=375494971125145587
> &oauth_signature=xWCdscsa6I4GJphDIQAnsDmjyhM%3D
> &oauth_signature_method=HMAC-SHA1
> &oauth_timestamp=1240933535
> &oauth_token=765803-e2mAy2wkQy4wRI9LQC73cZwbiwmmJ7mZJh04MZiWk
> &oauth_version=1.0
> &user_a=tayknight
> &user_b=wxtweet
>
> I must be missing something obvious. Other GETs work. I can provide
> secrets to TwitterAPI folks if they want to help debug.
>
> Thanks.

[twitter-dev] Re: 401 Unauthorized on OAuth calls?

[Dominik Schwind]

Oh,

On Fri, Apr 10, 2009 at 8:48 PM, Dominik Schwind  wrote:
 ["body:protected"]=>
> string(60) " �  sK��IMQ(�W(K��LI,IU�O,-�P(�L�K,)- ��٩y0y(�+" }

That gibberish is just a gzip version of:

string(43) "Failed to validate oauth signature or token"

Thx,

Dominik

[twitter-dev] Re: 401 Unauthorized on OAuth calls?

[Dominik Schwind]

Hi,

I'm seeing it on two applications "EagleTweet" and "EagleTweetDev" - I
am using the Zend_OAuth library for PHP and I'm updating location
fields for roughly 100 users with their FireEagle location once in a
while. You can see it at http://eagletweet.com/ and I can give you the
API Keys in private mail if you want.

The thing has been running for a about two weeks now and has been
working fine until this friday morning (Central European Time) - since
then the library returns an error with the http code "401
Unauthorized" - without any code changes from me, so I figured it
can't really be a bug on my side.

To debug I had my code give me the Zend_Http_Response object:

object(Zend_Http_Response)#49 (5) { ["version:protected"]=> string(3)
"1.1" ["code:protected"]=> int(401) ["message:protected"]=> string(12)
"Unauthorized" ["headers:protected"]=> array(11) { ["Date"]=>
string(29) "Fri, 10 Apr 2009 18:44:37 GMT" ["Server"]=> string(2) "hi"
["Status"]=> string(16) "401 Unauthorized" ["Cache-control"]=>
string(21) "no-cache, max-age=300" ["Content-type"]=> string(24)
"text/html; charset=utf-8" ["Set-cookie"]=> string(182)
"_twitter_sess=BAh7BiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7AA%253D%253D--1164b91ac812d853b877e93ddb612b7471bebc74;
domain=.twitter.com; path=/" ["Expires"]=> string(29) "Fri, 10 Apr
2009 18:49:37 GMT" ["Vary"]=> string(15) "Accept-Encoding"
["Content-encoding"]=> string(4) "gzip" ["Content-length"]=> string(2)
"60" ["Connection"]=> string(5) "close" } ["body:protected"]=>
string(60) "�sK��IMQ(�W(K��LI,IU�O,-�P(�L�K,)-��٩y0y(�+" }

Maybe that helps?

Thanks,

Dominik

On Fri, Apr 10, 2009 at 6:21 PM, Doug Williams  wrote:
> Guys,
> Details are essential to help track down claims like these. What are you
> doing, and more importantly, how are you doing it?
>
> Doug Williams
> Twitter API Support
> http://twitter.com/dougw
>
>
> On Fri, Apr 10, 2009 at 6:48 AM, Bluespark  wrote:
>>
>> Same here.
>>
>> On Apr 10, 10:19 pm, Dominik Schwind  wrote:
>> > Hi everyone,
>> >
>> > since about half an hour ago I seem to be getting 401 Unauthorized
>> > responses to my OAuth-ed API calls.
>> >
>> > Is that a known problem?
>> >
>> > Regards,
>> >
>> > Dominik
>
>



-- 
Dominik Schwind
www.lostfocus.de

Other ways to contact me on
www.dominikschwind.com

[twitter-dev] Re: 401 Unauthorized on OAuth calls?

[Doug Williams]

Before opening an issue [1] it would have been nice to discuss. What are you
trying to do? What steps have you taken to debug? Why do you think this is
on our end and not a bug in your code? We can't help without knowing what's
going on.

1. http://code.google.com/p/twitter-api/issues/detail?id=447

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Apr 10, 2009 at 8:56 AM, HSL  wrote:

>
> I;ve created an issue,.. can you all comment there too?
>
> http://shortr.me/lz
>
>
>
>
> On Apr 10, 12:19 pm, Dominik Schwind  wrote:
> > Hi everyone,
> >
> > since about half an hour ago I seem to be getting 401 Unauthorized
> > responses to my OAuth-ed API calls.
> >
> > Is that a known problem?
> >
> > Regards,
> >
> > Dominik
>

[twitter-dev] Re: 401 Unauthorized on OAuth calls?

[HSL]

I;ve created an issue,.. can you all comment there too?

http://shortr.me/lz




On Apr 10, 12:19 pm, Dominik Schwind  wrote:
> Hi everyone,
>
> since about half an hour ago I seem to be getting 401 Unauthorized
> responses to my OAuth-ed API calls.
>
> Is that a known problem?
>
> Regards,
>
> Dominik

[twitter-dev] Re: 401 Unauthorized on OAuth calls?

[Doug Williams]

Guys,
Details are essential to help track down claims like these. What are you
doing, and more importantly, how are you doing it?

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Fri, Apr 10, 2009 at 6:48 AM, Bluespark  wrote:

>
> Same here.
>
> On Apr 10, 10:19 pm, Dominik Schwind  wrote:
> > Hi everyone,
> >
> > since about half an hour ago I seem to be getting 401 Unauthorized
> > responses to my OAuth-ed API calls.
> >
> > Is that a known problem?
> >
> > Regards,
> >
> > Dominik
>

[twitter-dev] Re: 401 Unauthorized on OAuth calls?

[Bluespark]

Same here.

On Apr 10, 10:19 pm, Dominik Schwind  wrote:
> Hi everyone,
>
> since about half an hour ago I seem to be getting 401 Unauthorized
> responses to my OAuth-ed API calls.
>
> Is that a known problem?
>
> Regards,
>
> Dominik