I fixed a few formatting issues with the code, here's the new version, still produces the same 403 result.
-- var reqURL = 'https://api.twitter.com/oauth/request_token'; var reqNonce = getNonce(); var reqTimeStamp = getTimeStamp(); var reqSignatureMethod = 'HMAC-SHA1'; var reqOauthVersion = '1.0'; var reqConsumerKey = 'ySBPkqxaRlheQKFwejMpqg'; var reqConsumerSecret = '___&' // note the & at the end.. var reqCallback = 'http%3A%2F%2Flocalhost%3A3005%2Fthe_dance %2Fprocess_callback%3Fservice_provider_id%3D11' var reqQuery = 'oauth_callback=' + reqCallback + '&oauth_consumer_key=' + reqConsumerKey + '&oauth_nonce=' + reqNonce + '&oauth_signature_method=' + reqSignatureMethod + '&oauth_timestamp=' + reqTimeStamp + '&oauth_version=' + reqOauthVersion; var reqBaseString = 'POST&' + reqURL + '&' + encodeURIComponent(reqQuery); var reqSignature = b64_hmac_sha1(reqConsumerSecret, reqBaseString); var reqSignature = reqSignature + '='; var request = new XMLHttpRequest(); request.onreadystatechange = function(data) { if (request.readyState == 4) { // Good response, got the xml file if (request.status == 200) { alert ('good response'); } } }; // alert (reqURL); // alert (reqBaseString); var oauthParams = encodeURIComponent("OAuth oauth_callback=\"" + reqCallback + "\",oauth_consumer_key=\"" + reqConsumerKey + "\",oauth_nonce=\"" + reqNonce + "\",oauth_signature_method=\"" + reqSignatureMethod + "\",oauth_timestamp=\"" + reqTimeStamp + "\",oauth_version=\"1.0\",oauth_signature=\"" + reqSignature + "\""); request.open("POST", reqURL, true); request.setRequestHeader("Accept", "text/plain, */*"); request.setRequestHeader("Connection", "Keep-Alive"); request.setRequestHeader("Authorization", oauthParams); request.send(); -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk