Hi Milen,

When you're using a DELETE HTTP method, are you sending the id=12345
parameter on the query string or in a POST body?

It should be in the query string. There's some contention in the universe on
whether HTTP DELETEs should accept a body. In our case, like many HTTP
servers, we do not.

Here's an example of a successfully signed DELETE request:


POST body

Signature Base String

Authorization Header
OAuth oauth_nonce="LnME61XWvwjp3ORhhLd5MMEb9EDO1DeYIsb7HfhoeE4",
oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877",
oauth_signature="UKwl3lVQygmKAMsIffFCWlLQaeg%3D", oauth_version="1.0"

On Thu, Jun 24, 2010 at 9:02 AM, Milen <mi...@thecosmicmachine.com> wrote:

> Hi all,
> I've stumbled upon a strange issue with the /:user/:list_id/members
> method. If we use DELETE as the HTTP method, we get back "Could not
> authenticate you." when we try to delete a member. If we just switch
> to POST and use _method=DELETE, the call succeeds with the _exact_
> same secret tokens etc. So, I'm not quite sure why we're getting an
> authentication error with DELETE and no error when we use POST
> (there's no difference in the auth info in the two calls). Has anyone
> else observed this?
> M

Reply via email to