Actually, this sounds a lot like a confirmed defect: http://code.google.com/p/twitter-api/issues/detail?id=1345
I verified my signature using the calculator here: http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/ On Tue, Mar 16, 2010 at 11:27 AM, Dan B <pivotdevb...@gmail.com> wrote: > I'm sure this is my fault, but I have kind of a bizarre scenario, > where OAuth is working for certain APIs, but not the ones for which > "Requires Authorization" is always true. > > * I am able to obtain access tokens, both through the PIN process and > through xAuth. > * I can successfully use these access tokens to make certain API calls > using GET. These are APIs that may have different results if the user > is authenticated or not (user_timeline, rate_limit_status, etc). I > get the expected results for successful authentication > (ie.user_timeline shows tweets for a protected user; lists/my_list/ > statuses shows tweets for my private list). > * However, for APIs that *always* require authentication (eg > verify_credentials, mentions, myusername/lists, etc), I get a 401 with > "Incorrect signature" > > I'm not sure what to do. It was my understanding that OAuth was > pretty unforgiving, so I'm surprised that it seems to half work... > > Is this the right forum for this question? I would be grateful for > any wise counsel! > > Dan B