I'm attempting to use the Tumblr API in an Android app to authorize users and make text and photo posts. I'm using the Scribe library. So for, I can successfully obtain an access token and use it to get user info. I can also make text posts without any issues. This tells me that I'm signing requests correctly.
However, I've spent the last week attempting to make photo posts without success. I continuously receive 401 errors (Not Authorized) I've read through many posts on this support forum as well as on Stack Overflow, but was unable to find a solution. I'm reluctant to include the Jumblr library because I'm trying to keep my app as lean as possible. That said, I reviewed the Jumblr code and decided to mimic how photo posts are sent (
https://github.com/tumblr/jumblr/blob/master/src/main/java/com/tumblr/jumblr/request/MultipartConverter.java). I'm still receiving the exact same error.
Below is an example my multipart POST request and the response I receive. I've replace the blog name, and OAuth signature, consumer key, and token variables, and have removed the binary image data for brevity sake. Everything else is untouched. I have a couple of questions...
- Are there any other variables that should be included in the multipart section? A Stack Overflow user stated that placing the "oauth_" signature variables in there fixed his problem. I didn't have success with this, but maybe there was something I was missing.
- The Jumblr app doesn't appear to do any encoding of the image data, although the Tumblr documentation states that it should be URL encoded. Right now I'm sending it as the Jumblr app appears to (raw binary). Is this correct?
- Does anything else in my request look incorrect?
**********************************************
REQUEST
**********************************************
Content-Type: multipart/form-data, boundary=9bca53d1bf899bca53d1fd97
Authorization: OAuth oauth_signature="***REMOVED***", oauth_version="1.0", oauth_nonce="1031084836", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="***REMOVED***", oauth_timestamp="1388726724", oauth_token="***REMOVED***"
Content-Length: 1194
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.3; SM-N900T Build/JSS15J)
Connection: Keep-Alive
Accept-Encoding: gzip
--9bca53d1bf899bca53d1fd97
Content-Disposition: form-data; name="type"
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
photo
--9bca53d1bf899bca53d1fd97
Content-Disposition: form-data; name="caption"
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Another pic test...
--9bca53d1bf899bca53d1fd97
Content-Disposition: form-data; name="data[0]"; filename="postr_media_file_1388726724-1709648435.jpg"
Content-Type: image/jpeg
Content-Transfer-Encoding: binary
***** BINARY DATA REMOVED FOR BREVITY *****
**********************************************
RESPONSE
**********************************************
HTTP/1.1 401 Not Authorized
Server: nginx
Date: Fri, 03 Jan 2014 05:25:25 GMT
Content-Type: application/json; charset=utf-8
Connection: close
Set-Cookie: tmgioct=52c649c5c510450950980100; expires=Mon, 01-Jan-2024 05:25:25 GMT; path=/; httponly
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
Content-Length: 60
{"meta":{"status":401,"msg":"Not Authorized"},"response":[]}