Hi Arlo, A few minor points here: - What type of perms do you have set for your API key: RO, RW, or RW+DM? - The "my access token" feature can only yield RO and RW tokens. If you've set your app to RW+DM, you'll get a different kind of token when walking through the OAuth web-flow than you get for the my access token flow (which may explain why you'll see the differing values)
Most importantly: - You aren't accessing valid API URLs. https://api.twitter.com/statuses/user_timeline.xml should have a version: https://api.twitter.com/*1*/statuses/user_timeline.xml - Your authorization header contains your oauth_token_secret -- which should be kept secret and not included in your request. oauth_token_secret is only used as part of the signing process, it's not a value that you'll ever need to send to the API. @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor Singletary On Thu, Jun 16, 2011 at 9:40 AM, arlomedia <[email protected]> wrote: > Thanks for the reply. On one website, I'm accessing the timeline for a > protected account; on the other website, the account is not protected. > For both, I'm using this URL: > https://api.twitter.com/statuses/user_timeline.xml. > Both stopped working last week. > > The oauth example script I posted above requests the oauth token and > secret from the account, then passes it back with the request (you can > see that by checking the $params value before the request). In my own > script, I simply have the token and secret saved in constants and then > I pass them from there. Neither approach is working for me now. I did > notice that the token and secret returned by the request_token API > call are different from the token and secret that I see displayed on > the my_token page in my Twitter account (https://dev.twitter.com/apps/ > nnnnnn/my_token), and the values returned from the API are different > every time. Does that tell us anything? > > Here's what my request_token request looks like: > > POST https://api.twitter.com/oauth/request_token > Authorization: OAuth realm="", oauth_signature_method="HMAC-SHA1", > oauth_signature="[27 characters]%3D", oauth_nonce="[13 characters]", > oauth_timestamp="1308241110", oauth_token="", > oauth_consumer_key="[consumer key]", oauth_version="1.0" > Content-Type: application/x-www-form-urlencoded > > This returns values for oauth_token, oauth_token_secret and > oauth_callback_confirmed (but the token values don't match what I see > in my account). > > Here's what my user_timeline request looks like: > > GET https://api.twitter.com/statuses/user_timeline.xml > Authorization: OAuth realm="", oauth_token="[oauth token]", > oauth_token_secret="[oauth token secret]", > oauth_signature_method="HMAC-SHA1", oauth_signature="[27 characters] > %3D", oauth_nonce="[13 characters]", oauth_timestamp="1308241629", > oauth_consumer_key="[consumer key]", oauth_version="1.0" > > This returns the 401 error whether I send the token values returned by > request_token or the token values I got from my account. > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
