Hi there, If you've gotten to the point of retrieving an access token, it's likely you managed to get the composite signing key "right" (or your library handled it for you) -- as when you're exchanging the request token for an access token, you use the oauth_token_secret from the request token as part of the signing key. Are you using an OAuth library?
When you're making a resource request such as one to verify_credentials, you'll use the oauth_token_secret you received in the access token step as part of the signing key: $consumer_secret + "&" + $oauth_token_secret Taylor On Wed, Jul 21, 2010 at 12:13 PM, clinisbut <clinis...@gmail.com> wrote: > Hello everybody. > > I just achieved to autenticate via OAuth, and I'm trying to get user's > data through account/verify_credentials but I think I'm not building > correctly the composite signing key or something, mainly because I'm > not able to fully understand all the different tokens I receive from > Twitter. > > After I got my access token, I got: > > An oauth_token in the form of: /¿User-ID?/-/letters+numbers/ > An oauth_token_secret > > Which one I should use to built the composite key? In > http://dev.twitter.com/pages/auth > they use the first oauth_token getted in the request token, and in the > Resource request example they use the oauth_token_secret. > > > These is the headers I sent: > > OAuth oauth_consumer_key="XXXXXXXXXXXXXXXXXXXXXX", > oauth_signature_method="HMAC-SHA1", oauth_timestamp="1279738886", > oauth_nonce="a97ff8b71a313a03a650068e1e6b9bd8f31ad04f", > oauth_version="1.0", oauth_token="ZZZZZZZZ- > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_signature="0OFTpLp8o > %2BL9%2B6o8mkRdBSS8I84%3D" > > and then I do a GET request to: > http://api.twitter.com/1/account/verify_credentials.json > > > But all I got is: > 401 Unauthorized > Failed to validate oauth signature and token > >