Hi Chris, On our developer resources page you can find some libraires which handle this process for you. You may find these a helpful reference to see how others have implemented the OAuth specification.
The libraries are at this link: http://dev.twitter.com/pages/libraries The 401 error can be returned for a couple of reasons. The response body the API returns contains more information about the cause of the error. Often this reason is enough to be able to know what action is needed in your code. To answer your questions: - From what I understand in the doc, do the parameters for a POST request go in the body? (I saw a reference to adding them as query params in the url string but that seems to have been removed). POST parameters are best sent in the body of the request. - Looking at the OAuth spec and the example on the auth page, can I assume POST parameters are ordered alphabetically along with the other params when building the base string? Do they have to be doubly url encoded? It is more correct to say parameters are sorted by name, using lexicographical byte value ordering. If two parameters share the same name, they are ordered according to their value. One thing that may help is to think of the POST parameters the same as GET parameters when you are constructing your basestring. To the OAuth signing process the difference is the word POST, the rest of the signing process is the same. Best, @themattharris <https://twitter.com/intent/follow?screen_name=themattharris> Developer Advocate, Twitter On Sat, Jun 18, 2011 at 7:22 AM, Chris Mowforth <ch...@mowforth.com> wrote: > Hey all, I'm playing around with the Twitter OAuth API, having rolled > my own clients in both ruby and Objective-C. I've managed to authorise > myself successfully and send status updates, but api methods like > direct_messages/new always give me 401 errors. > > I know I'm missing something elementary in the way I'm making the > calls, so I just want to clarify a couple of things: > > - From what I understand in the doc, do the parameters for a POST > request go in the body? (I saw a reference to adding them as query > params in the url string but that seems to have been removed). > > - Looking at the OAuth spec and the example on the auth page, can I > assume POST parameters are ordered alphabetically along with the other > params when building the base string? Do they have to be doubly url > encoded? > > Here's a quick excerpt of the ruby client I put together: > https://gist.github.com/1033130 > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk