Hi Milen, When you're using a DELETE HTTP method, are you sending the id=12345 parameter on the query string or in a POST body?
It should be in the query string. There's some contention in the universe on whether HTTP DELETEs should accept a body. In our case, like many HTTP servers, we do not. Here's an example of a successfully signed DELETE request: URL http://api.twitter.com/1/episod/virtual/members.xml?id=12345 POST body n/a Signature Base String DELETE&http%3A%2F%2Fapi.twitter.com %2F1%2Fepisod%2Fvirtual%2Fmembers.xml&id%3D12345%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DLnME61XWvwjp3ORhhLd5MMEb9EDO1DeYIsb7HfhoeE4%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0 Authorization Header OAuth oauth_nonce="LnME61XWvwjp3ORhhLd5MMEb9EDO1DeYIsb7HfhoeE4", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877", oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ", oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw", oauth_signature="UKwl3lVQygmKAMsIffFCWlLQaeg%3D", oauth_version="1.0" On Thu, Jun 24, 2010 at 9:02 AM, Milen <mi...@thecosmicmachine.com> wrote: > Hi all, > > I've stumbled upon a strange issue with the /:user/:list_id/members > method. If we use DELETE as the HTTP method, we get back "Could not > authenticate you." when we try to delete a member. If we just switch > to POST and use _method=DELETE, the call succeeds with the _exact_ > same secret tokens etc. So, I'm not quite sure why we're getting an > authentication error with DELETE and no error when we use POST > (there's no difference in the auth info in the two calls). Has anyone > else observed this? > > M >