[twitter-dev] Status Update - Incorrect Signature
107 views
Skip to first unread message
Sush
May 4, 2010, 1:37:22 PM5/4/10
to Twitter Development Talk
Hi Folks,
I have come till the point where I get the access_token and access
token secret from twitter.
I need to now update the status which keeps throwing incorrect
signature error message.
My request is an https POSTrequest.
Signature String is
POST&https%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.xml%3Fstatus
%3D1272994211%2520test&oauth_consumer_key%3D**********************
%26oauth_nonce%3D1322660295%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1272994211%26oauth_token%3D********-
********************%26oauth_version%3D1.0a%26status
%3D1272994211%2520test
Response:
<?xml version="1.0" encoding="UTF-8"?>
<hash>
<request>/statuses/update.xml?status=1272994211%20test</request>
<error>Incorrect signature</error>
</hash>
Please help.
Thanks.
I have come till the point where I get the access_token and access
token secret from twitter.
I need to now update the status which keeps throwing incorrect
signature error message.
My request is an https POSTrequest.
Signature String is
POST&https%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.xml%3Fstatus
%3D1272994211%2520test&oauth_consumer_key%3D**********************
%26oauth_nonce%3D1322660295%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1272994211%26oauth_token%3D********-
********************%26oauth_version%3D1.0a%26status
%3D1272994211%2520test
Response:
<?xml version="1.0" encoding="UTF-8"?>
<hash>
<request>/statuses/update.xml?status=1272994211%20test</request>
<error>Incorrect signature</error>
</hash>
Please help.
Thanks.
Taylor Singletary
May 4, 2010, 3:11:45 PM5/4/10
to twitter-deve...@googlegroups.com
Hi Sushma,
It would be easier to assist you if we knew what OAuth library (if any) you are using and the programming language involved and whether you are using header-based or query-string-based authentication.
A few quick recommendations:
- Use api.twitter.com as the host name when making resource requests.
- If you're using query-string based OAuth, considering using header-based OAuth instead. It makes debugging signifigantly easier and keeps concerns separated
These are the most likely reasons for your denied signature, assuming everything else you are doing is correct:
- Even though the current revision of OAuth is 1.0a, the oauth_version OAuth parameter should always be "1.0"
- When using an HTTP method like POST, the key/value pairs that you are sending to Twitter should be part of the POST body, not the URL (the error message indicates you were passing the new status in the URL). In your signature base string you are placing the "status=xxx" parameters at the end of the request URI and ALSO at the end of the signature base string. Your status parameter should not be attached to the base URL and it should only appear at the end of your signature base string. The status should be specified in the POST body.
Your signature base string should end up looking something more like:
POST&https%3A%2F%2Fapi.twitter.com%2Fstatuses%2Fupdate.xml&oauth_consumer_key%3D*********************%26oauth_nonce%3D1322660295%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272994211%26oauth_token%3D********-********************%26oauth_version%3D1.0%26status%3D1272994211%2520test
Reply all
Reply to author
Forward
0 new messages