Hi, We are integrating into OAuth. So far we managed to sign and work with as many as 30 API functions with OAuth. We succeed on all but 2 functions: /favorites/create and /favorites/destroy. We get response code 401 with message: Could not authenticate you. Detailed below is the information regarding our signature base string and the OAuth header with the signature calculated, as well as the request we send to twitter and the response we get from twitter (sniffed with wireshark). What are we doing wrong here?
Our signature base string is as follows: POST&http%3A%2F%2Fapi.twitter.com%2F1%2Ffavorites%2Fcreate %2F19408545095.xml&id%3D19408545095%26oauth_consumer_key%3DXXXXXXXXXXXX %26oauth_nonce%3D1296103309843726254%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1280221546%26oauth_token%3DXXXXXX- XXXXXXXXXXXXXXXX%26oauth_version%3D1.0 Our Header is as follows: OAuth oauth_signature="6IEyw61Vi1INPo3e%2FRaeu7GfP38%3D", oauth_version="1.0", oauth_nonce="1296103309843726254", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="XXXXXXXXXXXXXX", oauth_token="XXXXXX- XXXXXXXXXXXXXXXX", oauth_timestamp="1280221546" Our request looks like this (sniffed with wireshark): POST /1/favorites/create/19408545095.xml HTTP/1.1 Host: api.twitter.com User-Agent: AsyncHttpClient 1.0 Content-Length: 302 Authorization= OAuth oauth_signature="6IEyw61Vi1INPo3e %2FRaeu7GfP38%3D", oauth_version="1.0", oauth_nonce="1296103309843726254", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="XXXXXXXXX", oauth_token="XXXXXX- XXXXXXXXXXXXXXXXX", oauth_timestamp="1280221546" The response we get looks like this: HTTP/1.1 401 Unauthorized Date: Tue, 27 Jul 2010 09:04:17 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm="Twitter API" X-Runtime: 0.00346 Content-Type: application/xml; charset=utf-8 Content-Length: 156 Cache-Control: no-cache, max-age=1800 Set-Cookie: k=62.219.129.78.1280221457069202; path=/; expires=Tue, 03- Aug-10 09:04:17 GMT; domain=.twitter.com Set-Cookie: guest_id=128022145709437051; path=/; expires=Thu, 26 Aug 2010 09:04:17 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMgqJRMqAToHaWQiJWYwOTYxZjdmYTMxY2Y5%250AODhlNzI5YzRiNmIyOGJhNDI2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2aa62d945615ad137a5fe099065e64a4bb5120b1; domain=.twitter.com; path=/ Expires: Tue, 27 Jul 2010 09:34:17 GMT Vary: Accept-Encoding Connection: close <?xml version="1.0" encoding="UTF-8"?> <hash> <request>/1/favorites/create/19408545095.xml</request> <error>Could not authenticate you.</error> </hash> Thanks, Onn
