Hey there Paul,

First, you'll want to change/reset your API keys ASAP -- you should never
post your consumer secret (that signing key) on a public forum.

One thing that may be amiss in your request here is that you're including an
oauth_callback parameter in your header that is not in your signature base
string. In fact, you shouldn't be setting an oauth_callback on any other API
method other than oauth/request_token. This sort of inconsistency can easily
invalidate a request. Make sure to strip this parameter out of your
authorization header.

When you finally get back to your mission, including since_id -- be sure and
add it to your signature base string, and since this is
in lexicographical order and s comes after o, it'll be the last parameter in
your signature base string assuming you don't add any other additional
parameters. You'll also need to include it on the querystring of your
request.

Hope this helps.

@episod <http://twitter.com/intent/user?screen_name=episod> - Taylor
Singletary


On Wed, Jul 6, 2011 at 5:20 AM, Paul <jpb....@gmail.com> wrote:

> This is really frustrating. Thank you Tom, made the changes but no
> effect. Here is everything I pass and get. Im trying to do a GET for
> mentions.
>
> Whats the problem? :(
>
> - Generate Base URL -
> base=GET&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses
> %2Fmentions.xml&oauth_consumer_key%3D0RaXE4T4CuMFJHI1jViEQ
> %26oauth_nonce%3DDGTQVDPXRAYASJJFJLJF%26oauth_signature_method%3DHMAC-
> SHA1%26oauth_timestamp%3D1309954505%26oauth_token
> %3D298006718-8yTikfcuvQ3Xq1ZGuykhkxK2wY0ZAOxcI0jesRxd%26oauth_version
> %3D1.0
> ----------------------------------
> - Build Signature -
> ----------------------------------
> - Request twit Start -
> postvars=
> url=http://api.twitter.com/1/statuses/mentions.xml
> ----------------------------------
> - Socket Before Header Send -
> GET /1/statuses/mentions.xml HTTP/1.0
> Accept: */*
> Referer: http://eden.fm
> User-Agent: Mozilla/4.0 (compatible; ICS)
> Host: api.twitter.com
> Authorization: OAuth oauth_nonce="DGTQVDPXRAYASJJFJLJF",
> oauth_callback="oob",
> oauth_token="298006718-8yTikfcuvQ3Xq1ZGuykhkxK2wY0ZAOxcI0jesRxd",
> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1309954505",
> oauth_consumer_key="0RaXE4T4CuMFJHI1jViEQ",
> oauth_signature="Q844NOw7T0oq8tNQkdR%2F6ez6Z8s%3D",
> oauth_version="1.0"
>
> ----------------------------------
> - Socket Header End -
> HTTP/1.1 401 Unauthorized
> Date: Wed, 06 Jul 2011 12:16:11 GMT
> Server: hi
> Status: 401 Unauthorized
> WWW-Authenticate: OAuth realm="http://api.twitter.com";
> X-Runtime: 0.00899
> Content-Type: application/xml; charset=utf-8
> Content-Length: 152
> Cache-Control: no-cache, max-age=1800
> Set-Cookie: k=41.133.180.120.1309954571265496; path=/; expires=Wed, 13-
> Jul-11 12:16:11 GMT; domain=.twitter.com
> Set-Cookie: guest_id=v1%3A130995457172572573; domain=.twitter.com;
> path=/; expires=Sat, 06 Jul 2013 00:16:11 GMT
> Set-Cookie: original_referer=ojItV1ByhTzWh74Jc1NQEw%3D%3D; path=/
> Set-Cookie:
> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNR9YP8wAToHaWQiJTQzZGVmMTE3YTI5ZjEz
> %250AOGYzZWEwYjlmNTRlM2I3MzA2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
> dd24ddb28d1207c2ebf479e57b6f9edb82553bbe; domain=.twitter.com; path=/;
> HttpOnly
> Expires: Wed, 06 Jul 2011 12:46:11 GMT
> Vary: Accept-Encoding
> Connection: close
>
> ----------------------------------
> - Request Done Socket DocEnd -
> result=
> status code=401
> headers=HTTP/1.1 401 Unauthorized
> Date: Wed, 06 Jul 2011 12:16:11 GMT
> Server: hi
> Status: 401 Unauthorized
> WWW-Authenticate: OAuth realm="http://api.twitter.com";
> X-Runtime: 0.00899
> Content-Type: application/xml; charset=utf-8
> Content-Length: 152
> Cache-Control: no-cache, max-age=1800
> Set-Cookie: k=41.133.180.120.1309954571265496; path=/; expires=Wed, 13-
> Jul-11 12:16:11 GMT; domain=.twitter.com
> Set-Cookie: guest_id=v1%3A130995457172572573; domain=.twitter.com;
> path=/; expires=Sat, 06 Jul 2013 00:16:11 GMT
> Set-Cookie: original_referer=ojItV1ByhTzWh74Jc1NQEw%3D%3D; path=/
> Set-Cookie:
> _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNR9YP8wAToHaWQiJTQzZGVmMTE3YTI5ZjEz
> %250AOGYzZWEwYjlmNTRlM2I3MzA2IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy
> %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--
> dd24ddb28d1207c2ebf479e57b6f9edb82553bbe; domain=.twitter.com; path=/;
> HttpOnly
> Expires: Wed, 06 Jul 2011 12:46:11 GMT
> Vary: Accept-Encoding
> Connection: close
>
> ----------------------------------
> result=<?xml version="1.0" encoding="UTF-8"?>
> <hash>
>  <error>Could not authenticate with OAuth.</error>
>  <request>/1/statuses/mentions.xml</request>
> </hash>
>
>
> On Jun 10, 9:23 pm, Tom van der Woerdt <i...@tvdw.eu> wrote:
> > There's a : after oauth_consumer_key while there should be an =. There's
> > also an = (in oauth_signature) which should be URLencoded.
> >
> > Tom
> >
> > On 6/10/11 9:15 PM, Paul wrote:
> >
> >
> >
> >
> >
> >
> >
> > > This is my headers thats being send.
> >
> > > Content-Type: application/x-www-form-urlencoded
> > > Authorization: OAuth oauth_consumer_key: "0RaXE4T4CuMFJHI1jViEQ",
> > >   oauth_signature_method="HMAC-
> > >
> SHA1",oauth_timestamp="1307733172",oauth_nonce="F0F2B456BC9606278FB345323D753CEC",oauth_version="1.0",
> > >   oauth_token="291935165-WqP8tSDqJyTewmsabMV7fiS7Y3ahxTXh60LSzFNb",
> > >   oauth_signature="VbTbuDqv+IZZQQoO1CUuvPXYGKo="
> > > Host: api.twitter.com
> > > Accept: text/html, */*
> > > Accept-Encoding: identity
> > > User-Agent: Mozilla/3.0 (compatible; Indy Library)
> >
> > > On May 23, 8:22 pm, Arnaud Meunier<arn...@twitter.com>  wrote:
> > >> Hey Paul,
> >
> > >> If you can, I recommend you use header-based OAuth (passing OAuth
> related
> > >> parameters in an Authorization header, instead of the query string).
> > >> Which signature base string are you using? Are you using a library? If
> yes,
> > >> could you share the code you're using? :)
> >
> > >> Arnaud / @rno<http://twitter.com/rno>
> >
> > >> On Sun, May 22, 2011 at 11:58 PM, Paul<jpb....@gmail.com>  wrote:
> > >>> Im trying to get mentions using the since_id parameter. If I leave
> out
> > >>> the since_id parameter I get all my mentions, which is correct, but
> as
> > >>> soon as I add the since_id, I get 401, unauthorised. Since Im VERY
> new
> > >>> to the twitter and oAuth API, it might be the way my string is made
> > >>> up, but I need some help please.
> > >>>
> http://api.twitter.com/1/statuses/mentions.json?since_id=1&oauth_cons...{key}&oauth_nonce={key}&oauth_signature_method=HMAC-SHA1&oauth_signature={key}&oauth_timestamp=1306132513&oauth_token={key}&oauth_version=1.0
> > >>> Where {key} are the correct values. I've tried adding the since_id at
> > >>> the back but without any luck. From the source code it seems that the
> > >>> signature is created on the base code of :
> > >>>http://api.twitter.com/1/statuses/mentions.json?since_id=1and
> > >>> afterwards the rest is added to that string.
> > >>> Any ideas?
> > >>> Thank you
> > >>> --
> > >>> Twitter developer documentation and resources:
> https://dev.twitter.com/doc
> > >>> API updates via Twitter:https://twitter.com/twitterapi
> > >>> Issues/Enhancements Tracker:
> > >>>https://code.google.com/p/twitter-api/issues/list
> > >>> Change your membership to this group:
> > >>>https://groups.google.com/forum/#!forum/twitter-development-talk
>
> --
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> https://groups.google.com/forum/#!forum/twitter-development-talk
>

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to