Hi Arlo,

A few minor points here:
  - What type of perms do you have set for your API key: RO, RW, or RW+DM?
  - The "my access token" feature can only yield RO and RW tokens. If you've
set your app to RW+DM, you'll get a different kind of token when walking
through the OAuth web-flow than you get for the my access token flow (which
may explain why you'll see the differing values)

Most importantly:
  - You aren't accessing valid API URLs.
https://api.twitter.com/statuses/user_timeline.xml should have a version:
https://api.twitter.com/*1*/statuses/user_timeline.xml
  - Your authorization header contains your oauth_token_secret -- which
should be kept secret and not included in your request. oauth_token_secret
is only used as part of the signing process, it's not a value that you'll
ever need to send to the API.

@episod <http://twitter.com/intent/user?screen_name=episod> - Taylor
Singletary


On Thu, Jun 16, 2011 at 9:40 AM, arlomedia <a...@arlomedia.com> wrote:

> Thanks for the reply. On one website, I'm accessing the timeline for a
> protected account; on the other website, the account is not protected.
> For both, I'm using this URL:
> https://api.twitter.com/statuses/user_timeline.xml.
> Both stopped working last week.
>
> The oauth example script I posted above requests the oauth token and
> secret from the account, then passes it back with the request (you can
> see that by checking the $params value before the request). In my own
> script, I simply have the token and secret saved in constants and then
> I pass them from there. Neither approach is working for me now. I did
> notice that the token and secret returned by the request_token API
> call are different from the token and secret that I see displayed on
> the my_token page in my Twitter account (https://dev.twitter.com/apps/
> nnnnnn/my_token), and the values returned from the API are different
> every time. Does that tell us anything?
>
> Here's what my request_token request looks like:
>
> POST https://api.twitter.com/oauth/request_token
> Authorization: OAuth realm="", oauth_signature_method="HMAC-SHA1",
> oauth_signature="[27 characters]%3D", oauth_nonce="[13 characters]",
> oauth_timestamp="1308241110", oauth_token="",
> oauth_consumer_key="[consumer key]", oauth_version="1.0"
> Content-Type: application/x-www-form-urlencoded
>
> This returns values for oauth_token, oauth_token_secret and
> oauth_callback_confirmed (but the token values don't match what I see
> in my account).
>
> Here's what my user_timeline request looks like:
>
> GET https://api.twitter.com/statuses/user_timeline.xml
> Authorization: OAuth realm="", oauth_token="[oauth token]",
> oauth_token_secret="[oauth token secret]",
> oauth_signature_method="HMAC-SHA1", oauth_signature="[27 characters]
> %3D", oauth_nonce="[13 characters]", oauth_timestamp="1308241629",
> oauth_consumer_key="[consumer key]", oauth_version="1.0"
>
> This returns the 401 error whether I send the token values returned by
> request_token or the token values I got from my account.
>
> --
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> https://groups.google.com/forum/#!forum/twitter-development-talk
>

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to