Hi there,

If you've gotten to the point of retrieving an access token, it's
likely you managed to get the composite signing key "right" (or your
library handled it for you) -- as when you're exchanging the request
token for an access token, you use the oauth_token_secret from the
request token as part of the signing key. Are you using an OAuth

When you're making a resource request such as one to
verify_credentials, you'll use the oauth_token_secret you received in
the access token step as part of the signing key: $consumer_secret +
"&" + $oauth_token_secret


On Wed, Jul 21, 2010 at 12:13 PM, clinisbut <clinis...@gmail.com> wrote:
> Hello everybody.
> I just achieved to autenticate via OAuth, and I'm trying to get user's
> data through account/verify_credentials but I think I'm not building
> correctly the composite signing key or something, mainly because I'm
> not able to fully understand all the different tokens I receive from
> Twitter.
> After I got my access token, I got:
> An oauth_token in the form of: /┬┐User-ID?/-/letters+numbers/
> An oauth_token_secret
> Which one I should use to built the composite key? In 
> http://dev.twitter.com/pages/auth
> they use the first oauth_token getted in the request token, and in the
> Resource request example they use the oauth_token_secret.
> These is the headers I sent:
> OAuth oauth_consumer_key="XXXXXXXXXXXXXXXXXXXXXX",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1279738886",
> oauth_nonce="a97ff8b71a313a03a650068e1e6b9bd8f31ad04f",
> oauth_version="1.0", oauth_token="ZZZZZZZZ-
> %2BL9%2B6o8mkRdBSS8I84%3D"
> and then I do a GET request to: 
> http://api.twitter.com/1/account/verify_credentials.json
> But all I got is:
> 401 Unauthorized
> Failed to validate oauth signature and token

Reply via email to