Hi Felipe,

Taking a quick look at your code you've got a few things which will be
causing you problems.

With your signature generation you're correct in using hash_hmac but you've
missed out the base64 encoding. It also looks like you won't be getting the
raw signature from your hash_hmac function. Looking at the docs for that
function you need to append 'true' to the end.

You also want to make sure your parameters are lexicographically ordered
before and after you generate the signature. In your case the sign part is
in order, but your authorization header is not.

You may have done this already but if not, take a look at the Authenticating
Requests page of dev.twitter.com [1] for an overview of the steps you need
to follow. There are also a couple of libraries which do the heavy lifting
for you when generating the signatures so they act as good references if you
want to create your own. We have a list of those on the dev site too [2]

1. http://dev.twitter.com/pages/auth#signing-requests
2. http://dev.twitter.com/pages/oauth_libraries#php

Hope that helps, you know where we are if you still have trouble getting it
all to work,

On Tue, Jun 15, 2010 at 5:58 PM, Felipe Sodré Silva <fso...@gmail.com>wrote:

> Hello all.
> I'm trying to write a simple application that sends an update "Hello World"
> on behalf of my own twitter account. Therefore, I got my access token and
> secret in my dev.twitter webpage and hardcoded it into the code (which I
> hided for making it public): http://pastebin.com/n6Ba5nrW
> However, I keep getting the following response:
> {"request":"/1/statuses/update.json","error":"Incorrect signature"}
> I'm doing the whole process by reading this guide:
> http://dev.twitter.com/pages/auth
> But I just cannot get it to work. What am I doing wrong during the
> signature assembly ?
> Thanks in advance!
> Felipe


Matt Harris
Developer Advocate, Twitter

Reply via email to