We have a few (difficult to pin down) edge cases where we throw a "bad nonce" error in an otherwise legit scenario -- often while we are under heavy amounts of load. Is this error consistent for you no matter what nonce you use?
Do you know if your timestamp is aligned with the time indicated in an HTTP header of our response to your requests? While others have found complicated nonce values cause issues, your nonce seems relatively tame in comparison to those who ran into those issues. Just the same, I'd recommend you try a different nonce generation scheme, perhaps one with an eye for simplicity. Otherwise, your request seems structurally correct. What does your POST body for this request look like? Do you receive the same error when you replace your "%20" space character in your POST body with plus? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Fri, Jun 11, 2010 at 2:48 PM, Craig <chanson9...@gmail.com> wrote: > Hello, > > I have an iphone app that is using xauth. I am able to obtain the > access token with no problem at all. When I go to post a status > update, I receive an invalid / used nonce error. It can't actually be > a used nonce since I have checked this multiple times. Here are the > details of the post: > > url: > http://api.twitter.com/1/statuses/update.xml > > signature base string: > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses > %2Fupdate.xml&oauth_consumer_key%3Dmyconsumerkey%26oauth_nonce > %3D397vi5Ug1YHC3UAVUAoB%26oauth_signature_method%3DHMAC- > SHA1%26oauth_timestamp%3D1276292596%26oauth_token%3Dmytoken > %26oauth_version%3D1.0%26status%3Dmy%2520tweet > > Authorization header: > OAuth oauth_nonce="397vi5Ug1YHC3UAVUAoB", oauth_signature_method="HMAC- > SHA1", oauth_timestamp="1276292596", > oauth_consumer_key="myconsumerkey", oauth_token="mytoken", > oauth_signature="yOh2zQPGDBlVEP5cDWhjddQWTLc%3D", oauth_version="1.0" > > Content-Type: > [request setValue:@"application/x-www-form-urlencoded" > forHTTPHeaderField:@"Content-Type"]; > > I can see no reason why this shouldn't work. Any help would be > greatly appreciated! > > Thanks, > Craig >