Two ideas:
(1) Is the user who's access token you have a member of the blog you're trying to post to? Obvious, yes, but I've made such mistakes before.
(2) I haven't worked with tumblr in a bit, but twitter has a parameter titles "
x_auth_access_type" which can be set to read (read-only) or write (read and write). I don't recall if tumblr implements that or not, but if they do, make sure you get an access token for write access.(3) One other possibility I should mention. I use HostGator for my main site and they have security rules that cause any scripts that you pass a URL to to return a 401. By default if I called a script on my server with a URL in a parameter, it would not even run. If you're not familiar with your server environment and you use URLs in query parameters, this is worth checking on.