When you're constructing your signature base string, don't include the
query parameters in the URL. The query parameters do need to be
included in the next part of the signature base string though. Here's
what the base string in your example should look like:


"%3Fcount%3D200" has been removed, and "count%3D200%26" has been
inserted after the second ampersand.

On Fri, May 21, 2010 at 9:59 AM, Miguel de Icaza
<miguel.de.ic...@gmail.com> wrote:
> Hello folks,
>    I have my client speaking OAuth to twitter for the entire initial
> dance up to getting my access token.
>    But once I try using the access token to call:
> http://api.twitter.com/1/statuses/mentions.json?count=200
>    All I get from twitter is a 401 with the following body:
> {"request":"/1/statuses/mentions.json?count=200","error":"Incorrect
> signature"}
>    I followed the steps described here:http://dev.twitter.com/pages/
> auth and just assumed that since there is no content, the value for
> computing the signature is not needed.
> GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fhome_timeline.json
> %3Fcount%3D200&oauth_consumer_key%3D***********%26oauth_nonce
> %3Dcbj41uc3y0d0lju8%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1274460844%26oauth_token%3D**********
> %26oauth_version%3D1.0
> My composite signature is made of my consumer secret (from the twitter
> app page) and the oauth_token_secret returned by the acquire access
> token process
> This is what ends up in the HTTP traffic, when I  append the
> oauth_signature:
> GET /1/statuses/home_timeline.json?count=200 HTTP/1.1
> authorization: OAuth
> oauth_consumer_key="******",oauth_nonce="r3cy0enwrqeq1qns",oauth_signature_method="HMAC-
> SHA1",oauth_timestamp="1274461098",oauth_token="823083-
> *******",oauth_version="1.0",oauth_signature="dGhefwoSaiSQ0XMSswJ1UdPtkeI
> %3D"
> Connection: keep-alive
> Host: api.twitter.com
> Any ideas on what I am doing wrong?

Dana Contreras
Twitter Platform Team

Reply via email to