Hi Rhys, - you're right status should be at the end of the base string. Even though it's sent as a POST, it still has to go in alpha order in the base string. - Also be careful of the leading %3F you've got after the update.xml - should just be (method)&(baseURL+service)&(list of params separated by %26) - Once you've signed with this string, your message will look like: (pseudo code not actual message)
POST HTTP 1.1 /statuses/update.xml Host: api.twitter.com:443 Authorization: (list of params as normal, including oauth_signature but NOT including status) Content-type: application/x-www-form-urlencoded Body: status=test Also note that if you have non-alpha characters in the status string (eg. space, etc) you must URL encode them BEFORE compiling the base signature string, and also ensure they remain URL encoded in the POST body. Hope this helps Stephen On Jun 8, 7:36 am, rhysmeister <therhysmeis...@hotmail.com> wrote: > Hi, thanks to you both. I've removed the source parameter. > > There is something wrong with my signature base indeed. Here's what I > am sending for a status update... > > POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.xml&%3Fstatus > %3Dtest%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce > %3DE9X6lVKiDkQ1n%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp > %3D1275946125%26oauth_token%3Dxxxxxxxxxxxxxxxxxxxxxxxxxx > %26oauth_version%3D1.0 > > As far as I can gather from this > linkhttp://dev.twitter.com/pages/auth#auth-request, > I need to remove query parameter from the url and order them in the > string. So in this case status would appear at the end. I can't find > it now, but some poster in a group said to put the status paramter in > the url rather than the post body. I think I must have been ordering > the signature base incorrectly previous to this. > > Rhys > > On Jun 7, 3:09 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > > To help you debug, it would be useful to see the signature base string that > > was generated for the request. Possible things going wrong: the signature > > base string isn't mentioning that this is a POST, or your OAuth-based > > parameters are leaking into your POST body.. > > > As Hwee-Boon said, you also needn't include the source parameter, as it will > > be ignored. > > > Taylor Singletary > > Developer Advocate, Twitterhttp://twitter.com/episod > > > On Sun, Jun 6, 2010 at 10:07 AM, Hwee-Boon Yar <hweeb...@gmail.com> wrote: > > > Since it's GET works and POST, no. 1 reason is to make sure the base > > > URI in the base signature string is constructed correctly. In your > > > example, you don't need source=xxxx since it's OAuth. > > > > -- > > > Hwee-Boon > > > > On Jun 6, 8:56 pm, rhysmeister <therhysmeis...@hotmail.com> wrote: > > > > Hi All, > > > > > I am having problems identifying what is wrong with converting my app > > > > to use oAuth. All my GET requests work fine but my POST requests all > > > > fail with an incorrect signature error. I am adding the oauth > > > > parameters to the authorisation header of my request. My authorisation > > > > header is build like below for GET requests (this works); > > > > > OAuth > > > > oauth_timestamp="1234567890",oauth_nonce="xxxxxx",oauth_version="1.0",oauth > > > _signature_method="HMAC- > > > > SHA1",oauth_consumer_key="xxxxxx",oauth_token="xxxxxx",oauth_signature="xxx > > > xxx" > > > > > My POST requests (these don't work); > > > > > OAuth > > > > oauth_timestamp="1234567890",oauth_nonce="xxxxxx",oauth_version="1.0",oauth > > > _signature_method="HMAC- > > > > SHA1",oauth_consumer_key="xxxxxx",oauth_token="xxxxxx",oauth_signature="xxx > > > xxx" > > > > > I get the below error returned... > > > > > <pre> > > > > <?xml version="1.0" encoding="UTF-8"?> > > > > <hash> > > > > <request>/1/statuses/update.xml?source=xxxxxxxxxx</request> > > > > <error>Incorrect signature</error> > > > > </hash> > > > > > Would anyone be able to provide any pointers here? > > > > > Cheers, > > > > > Rhys
