It looks like you're trying to actually include the OAuth Authorization header in your POST body, which isn't the way you want to do it. Instead, you should be using the Authorization HTTP header to transmit this info (see http://oauth.net/core/1.0a#anchor46). To make things extra weird, in one case you do have an Authorization header set, but it's basic auth.
---Mark On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau <[email protected]> wrote: > I have already solve the special char problem because encoding in > Flex. > but I still find that when I call _method= DELETE in List API, I still > get 401 Unauthorized from api.twitter.com. > > On Nov 25, 11:09 am, Wilfred yau <[email protected]> wrote: >> I am using OAuth to accessListAPI, but I find that if the request >> URL contain some char like "_", "(", then twitter will return 401 >> Unauthorized. >> >> Does anyone know what is the problem?? >> >> and this is my request: >> >> *Request URL: >> >> http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml >> >> *Request header: >> >> Host:api.twitter.com >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6 >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ >> *;q=0.8 >> Accept-Language: en-us,en;q=0.5 >> Accept-Encoding: gzip,deflate >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive: 115 >> Connection: keep-alive >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22; >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)| >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en; >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264; >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh >> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y >> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk >> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon >> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA >> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368 >> >> *Post Data: >> Content-type: application/x-www-form-urlencoded >> Content-length: 300 >> >> oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&id=66626470&oauth >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ&oauth >> %5Ftimestamp=1259118273&oauth%5Fsignature=zaA0CbWpls3lowiWG0yHCZig%2B2M >> %3D&oauth%5Fversion=1%2E0&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1& >> %5Fmethod=DELETE&oauth%5Fnonce=2875 >> >> Also, I got same problem in set status using OAuth : >> >> *Request URL: >> >> http://twitter.com/statuses/update.xml >> >> *Request header: >> >> Host: twitter.com >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6 >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ >> *;q=0.8 >> Accept-Language: en-us,en;q=0.5 >> Accept-Encoding: gzip,deflate >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive: 115 >> Connection: keep-alive >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22; >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)| >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en; >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264; >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh >> %250ANjE1YzdjOWU4MTE5MGJjOgl1c2VyaQQ5oOgDOhF0cmFuc19wcm9tcHQwIgpm >> %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG >> %250AOgpAdXNlZHsAOgdpZCIlNGNiZjFiZjY3NGMyZjk5YWRmYzEwNTMxNzcyN2Rl >> %250AMDY6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL3NvZnRwZWRpYW1h >> %250AYw%253D%253D--dfa30d93e80be97e1404abbb466f2c6191816d69; >> __utmc=43838368 >> Authorization: Basic Z21hc2JhYnk6eW95b2JhYnk= >> >> *Post Data: >> >> Content-type: application/x-www-form-urlencoded >> Content-length: 303 >> >> oauth%5Fnonce=4280&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth >> %5Ftimestamp=1259117789&status=%40vincenthpchan%20%28O%3A&oauth >> %5Fversion=1%2E0&oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&oauth >> %5Fsignature=dZ0OBySJzAZsdhwUKvK9zaIamE4%3D&oauth >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ >> >> I wonder it is the problem about oauth_signature, but I don't what >> wrong with it. >> Thanks you very much ;-) >
