Taylor, Thanks for taking a look at it. and to answer your question yes I do pass the status in the signature basetring.
Also below is my string which i pass to the below mentioned toSign variable. toSign: POST&https%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.xml&oauth_consumer_key%xxxxxxxxxxxxxxx%26oauth_nonce %3Df2756a360f610d375722ee97e4c2391f%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1272560943%26oauth_token%3D36554645- xxxxxxxxxxxxxxxxxxx%26oauth_version%3D1.0%26status %3Dhurrrrrrrrrrrrrray Mac mac = Mac.getInstance(HMAC_SHA1); mac.init(key); byte bytes = mac.doFinal(toSign.getBytes(UTF8)); and in the key i pass: consumerSecret + '&' + tokenSecret Thanks, Rahul On Apr 29, 12:46 pm, Taylor Singletary <taylorsinglet...@twitter.com> wrote: > Hi Rahul, > > When you are POSTing to statuses/update.xml -- are you including the status > that you are posting in your signature base string? As a URL-encoded > parameter, it should be included in both your POST body and the signature > base string (but not in the HTTP authorization header). > > Taylor Singletary > Developer Advocate, Twitterhttp://twitter.com/episod > > > > On Thu, Apr 29, 2010 at 9:35 AM, Rahul <rahul.jun...@gmail.com> wrote: > > Folks, > > > I have been trying this and have already spent lot of time on this but > > what i don't understand is how is getting the access token working and > > post to update is not working when i am using the same signature > > generation method for both the requests. > > > Here is my complete scenario. > > 1. fetch the request token > > 2. redirect the user to the authurize page > > 3. get the verifier from the new called back url > > 4. getting the access token by passing oauth_token and auth_verifier > > 5. create a new post request for update and sign the request with > > HMAC.sign(toSign, consumerSecret + '&' + tokenSecret) > > Note: toSign is the request with the following headers : > > oauth_timestamp, oauth_signature_method, oauth_version, oauth_nonce, > > oauth_consumer_key > > 6. Send the request. > > > Also if helpfull, i am using following values > > oauth_nonce=MD5.hexHash(getTimestampInSeconds()) > > oauth_signature_method=HMAC-SHA1 > > oauth_version=1.0 > > > I have verified most of the things and looks good to me, also there is > > very less possibility of generating wrong signature as I have used the > > same signature to get the access token and was able to successfully > > receive it. > > > Any pointers highly appreciated. > > > Thanks, > > Rahul