I'm building a single-user application that uses OAuth, using the access tokens found on my application's dashboard, building my http headers like so:
POST /1/statuses/update.json HTTP/1.1 Authorization: OAuth oauth_nonce= \"zlMped4OwDfPLqsqm61qdc2LoCSTTnERcEGb5clE\", oauth_signature_method= \"HMAC-SHA1\", oauth_timestamp=\"1274718143\", oauth_consumer_key= \"uT8vfUWpS2PDzBigVs1w\", oauth_token=\"28235672- ZPzOO2RLL0ITE5JdfIaOtNHbSA0JhapEH8KG39ib1\", oauth_signature= \"IRS9fjaA6Tj1pXHQBtILjcSRaMc%3D\", oauth_version=\"1.0\" Which works fine over the api console, but when trying the same over an HTTP debugger client (HTTP Client for Mac OS X), or over the browser, it asks always for authentication over HTTP (username and password). Any pointers on where I'm mistaken? I build the signature like so (in PHP): $signature = $MyConsumerSecret.'&'.$MyAccessTokenSecret; $composite = "POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses %2Fupdate.json&oauth_consumer_key%3DuT8vfUWpS2PDzBigVs1w%26oauth_nonce %3DzlMped4OwDfPLqsqm61qdc2LoCSTTnERcEGb5clE%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1274718143%26oauth_token%3D28235672- ZPzOO2RLL0ITE5JdfIaOtNHbSA0JhapEH8KG39ib1%26oauth_version %3D1.0%26status%3Dtestie+test" $oauth_signature = base64_encode(hash_hmac('sha1',$signature, $composite, true)); Thanks for helping me out! r