I have try to follow to OAuth document to set up Authorization header, but still get 401 Unauthorized when I am using _method as parameter, and here is the result:
======================================================================== *Response Headers Date Tue, 01 Dec 2009 03:21:03 GMT Server hi WWW-Authenticate Basic realm="Twitter API" Status 401 Unauthorized Content-Type application/xml; charset=utf-8 Cache-Control no-cache, max-age=1800 Set-Cookie _twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj %250AOWM1YzllYzAyYTVjOWU2NGM6CXVzZXJpBDmg6AM6EXRyYW5zX3Byb21wdDAi %250ACmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7%250AAAY6CkB1c2VkewA6B2lkIiU5ZWI2NmY2MTU5ZmYyODM4NGE3YTAxNGUxMmMy %250AMTAyNg%253D%253D--4353873c14c39b48b0d30c48abba5858bff5a3a0; domain=.twitter.com; path=/ Expires Tue, 01 Dec 2009 03:51:03 GMT Vary Accept-Encoding Content-Encoding gzip Content-Length 140 Connection close *Request Headers Host api.twitter.com User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 GTB6 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Cookie __qca=P0-1306444636-1259550182670; __utma=43838368.345398731.1259564074.1259574616.1259577218.3; __utmz=43838368.1259577218.3.2.utmcsr=forum7.hkgolden.com|utmccn= (referral)|utmcmd=referral|utmcct=/view.aspx; __utmv=43838368.lang%3A %20en; _twitter_sess=BAh7CjoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj %250AOWM1YzllYzAyYTVjOWU2NGM6EXRyYW5zX3Byb21wdDA6CXVzZXJpBDmg6AM6%250AB2lkIiU5ZWI2NmY2MTU5ZmYyODM4NGE3YTAxNGUxMmMyMTAyNiIKZmxhc2hJ %250AQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVz %250AZWR7AA%253D%253D--00951782ee94404e73d0edcbd7d02f1800f10915 *Post Data: Content-type: application/x-www-form-urlencoded Authorization: OAuth realm="Test",oauth_signature_method="HMAC- SHA1",oauth_token="65577017- K65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ",oauth_nonce="9399",oauth_timestamp="1259637691",oauth_version="1.0",oauth_consumer_key="WiW3RrjmAhPvWvTn6oPLA",oauth_signature="BhLQP0o0OKLXjiQWn1l9ca7Fsek %3D" Content-length: 28 id=77938855&%5Fmethod=DELETE ======================================================================== I wonder this the the problem of _method since when I use other parameter, there are no problem at all. So, do anyone know what is the problem of my request and could twitter provide a correct Request example which using _method as a OAuth parameter? Thanks. Wilfred On Nov 27, 1:24 pm, Mark McBride <mmcbr...@twitter.com> wrote: > It looks like you're trying to actually include the OAuth > Authorization header in your POST body, which isn't the way you want > to do it. Instead, you should be using the Authorization HTTP header > to transmit this info (seehttp://oauth.net/core/1.0a#anchor46). To > make things extra weird, in one case you do have an Authorization > header set, but it's basic auth. > > ---Mark > > On Thu, Nov 26, 2009 at 6:47 PM, Wilfred yau <wld991...@gmail.com> wrote: > > I have already solve the special char problem because encoding in > > Flex. > > but I still find that when I call _method= DELETE inListAPI, I still > > get 401 Unauthorized from api.twitter.com. > > > On Nov 25, 11:09 am, Wilfred yau <wld991...@gmail.com> wrote: > >> I am using OAuth to accessListAPI, but I find that if the request > >> URL contain some char like "_", "(", then twitter will return 401 > >> Unauthorized. > > >> Does anyone know what is the problem?? > > >> and this is my request: > > >> *Request URL: > > >>http://api.twitter.com/1/wilfred_yau/yedsrc/members.xml > > >> *Request header: > > >> Host:api.twitter.com > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: > >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6 > >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ > >> *;q=0.8 > >> Accept-Language: en-us,en;q=0.5 > >> Accept-Encoding: gzip,deflate > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: 115 > >> Connection: keep-alive > >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22; > >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)| > >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en; > >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264; > >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj > >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh > >> %250ANjE1YzdjOWU4MTE5MGJjOhF0cmFuc19wcm9tcHQwOgl1c2VyaQQ5oOgDOg5y > >> %250AZXR1cm5fdG8iJGh0dHA6Ly90d2l0dGVyLmNvbS9zb2Z0cGVkaWFtYWM6B2lk > >> %250AIiU0Y2JmMWJmNjc0YzJmOTlhZGZjMTA1MzE3NzI3ZGUwNiIKZmxhc2hJQzon > >> %250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA > >> %253D%253D--3573176707558a7f9cd9653e6a60c073c94e91f5; __utmc=43838368 > > >> *Post Data: > >> Content-type: application/x-www-form-urlencoded > >> Content-length: 300 > > >> oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&id=66626470&oauth > >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ&oauth > >> %5Ftimestamp=1259118273&oauth%5Fsignature=zaA0CbWpls3lowiWG0yHCZig%2B2M > >> %3D&oauth%5Fversion=1%2E0&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1& > >> %5Fmethod=DELETE&oauth%5Fnonce=2875 > > >> Also, I got same problem in set status using OAuth : > > >> *Request URL: > > >>http://twitter.com/statuses/update.xml > > >> *Request header: > > >> Host: twitter.com > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: > >> 1.9.2b3) Gecko/20091115 Firefox/3.6b3 GTB6 > >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ > >> *;q=0.8 > >> Accept-Language: en-us,en;q=0.5 > >> Accept-Encoding: gzip,deflate > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: 115 > >> Connection: keep-alive > >> Cookie: __utma=43838368.448377351.1258538849.1259115844.1259117264.22; > >> __utmz=43838368.1258703218.9.4.utmcsr=google|utmccn=(organic)| > >> utmcmd=organic|utmctr=gmasbaby; __utmv=43838368.lang%3A%20en; > >> __qca=P0-1731751766-1258598366235; __utmb=43838368.8.10.1259117264; > >> _twitter_sess=BAh7DDoTcGFzc3dvcmRfdG9rZW4iLWYxZDlkMzA5OWExZTMxMDIzZTlmMGJj > >> %250AOWM1YzllYzAyYTVjOWU2NGM6DGNzcmZfaWQiJTU4MTVlMjgzNWUyNGNhYThh > >> %250ANjE1YzdjOWU4MTE5MGJjOgl1c2VyaQQ5oOgDOhF0cmFuc19wcm9tcHQwIgpm > >> %250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG > >> %250AOgpAdXNlZHsAOgdpZCIlNGNiZjFiZjY3NGMyZjk5YWRmYzEwNTMxNzcyN2Rl > >> %250AMDY6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL3NvZnRwZWRpYW1h > >> %250AYw%253D%253D--dfa30d93e80be97e1404abbb466f2c6191816d69; > >> __utmc=43838368 > >> Authorization: Basic Z21hc2JhYnk6eW95b2JhYnk= > > >> *Post Data: > > >> Content-type: application/x-www-form-urlencoded > >> Content-length: 303 > > >> oauth%5Fnonce=4280&oauth%5Fsignature%5Fmethod=HMAC%2DSHA1&oauth > >> %5Ftimestamp=1259117789&status=%40vincenthpchan%20%28O%3A&oauth > >> %5Fversion=1%2E0&oauth%5Fconsumer%5Fkey=WiW3RrjmAhPvWvTn6oPLA&oauth > >> %5Fsignature=dZ0OBySJzAZsdhwUKvK9zaIamE4%3D&oauth > >> %5Ftoken=65577017%2DK65DjHAcUbYOEJW5XMVnVuAkRy8fDnNnVGRZDOSAQ > > >> I wonder it is the problem about oauth_signature, but I don't what > >> wrong with it. > >> Thanks you very much ;-)