Well, I see. First of all oauth_signature is HMAC hash of your properly encoded query parameters, not oauth_token_secret. The idea is that only your app and Twitter may know it. Don't ever send it!
Request token is like an authorization session ID, which you would exchange for an access token (You may not know access token before that, actually.) So, doublecheck http://dev.twitter.com/doc/post/oauth/request_token, it requires no authentication. All you need is to fetch oauth_request_token and oauth_request_secret. If you already have an access token, like in your example, you can work with all API's methods right away, but don't forget provide valid oauth_signature. Here's easily explained routine: http://dev.twitter.com/pages/auth And more in-depth OAuth 1.0 info: http://tools.ietf.org/html/rfc5849 On Wed, Nov 24, 2010 at 10:38 AM, rajat <[email protected]> wrote: > I am sending AJAX request to acquire a request token but getting 403 > Forbidden error. I am putting following example to show my approach > > Available info : > --------------------------------------------------- > 1. Consumer Key : abckey > 2. Consumer secret : xyzsecret > 3. Request token URL : https://api.twitter.com/oauth/request_token > 4. Registered OAuth Callback URL : http://127.0.0.1/twitter/index.html > 5. Access Token (oauth_token) : 1234-efghaccess > 6. Access Token Secret (oauth_token_secret) : mnopqrstaccesssecret > > My Javascript code > -------------------------------------------------------------------------------------------------------------------------------------------------------------------- > var today = new Date(); > var ts = Math.round(today.getTime()/1000.0); > > xmlhttp=getxmlhttobject(); > url = "http://api.twitter.com/oauth/request_token";; > xmlhttp.open("POST", url, true); > xmlhttp.setRequestHeader("Authorization","OAuth oauth_nonce= > \"126weOPUDSBLS02dXTlp5tYjv434FE9ALwKILYFIU\", oauth_signature_method= > \"HMAC-SHA1\", oauth_timestamp=\""+ ts +"\", oauth_consumer_key= > \"abckey\", oauth_token=\"1234-efghaccess\", oauth_signature= > \"mnopqrstaccesssecret\" , oauth_version=\"1.0\""); > xmlhttp.send(null); > ------------------------------------------------------------------------------------------------------------------------------------------------------------------- > When i check live headers in mozilla i get status as 403 Forbidden > error. > > Can anyone guide me where i am doing wrong.. > > Thank you. > > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
