Hi Wil, I can help you with the OAuth component of this. Can you share your signature base string for the request?
Here's an example of a few of the steps of a functioning OAuth request against this endpoint: POST body source=softwarename&delimited=1&follow=156934710 Signature Base String POST&http%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Ffilter.json&delimited%3D1%26follow%3D156934710%26oauth_consumer_key%3Dri8JxYK2ddwSV5xIUfNNvQ%26oauth_nonce%3DVBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1277394877%26oauth_token%3D819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw%26oauth_version%3D1.0%26source%3Dsoftwarename Authorization Header OAuth oauth_nonce="VBOxfmeKM2mgMeou28zK78MKlfrkvc7Wo4Hx8BAkf0", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1277394877", oauth_consumer_key="ri8JxYK2ddwSV5xIUfNNvQ", oauth_token="819797-torCkTs0XK7H2Y2i1ee5iofqkMC4p7aayeEXRTmlw", oauth_signature="cLdFEiEy16d2HdWnb5dPBtuxvko%3D", oauth_version="1.0" How do your values for signature base string differ, if at all? (other than the tokens, timestamp, and nonce being different). Thanks, Taylor On Thu, Jun 24, 2010 at 8:17 AM, John Kalucki <j...@twitter.com> wrote: > Aside from the oAuth issue, which others can address, the only valid > delimited value is length. > > -John > > > On Thu, Jun 24, 2010 at 7:58 AM, Wil <willi...@gmail.com> wrote: > >> I'm getting this response: >> >> HTTP/1.1 401 Unauthorized >> Content-Length: 1296 >> Cache-Control: must-revalidate,no-cache,no-store >> Content-Type: text/html; charset=iso-8859-1 >> Server: Jetty(6.1.17) >> WWW-Authenticate: Basic realm="Firehose" >> >> <html> >> <head> >> <meta http-equiv="Content-Type" content="text/html; >> charset=ISO-8859-1"/> >> <title>Error 401 UNAUTHORIZED</title> >> </head> >> <body> >> <h2>HTTP ERROR: 401</h2> >> <p>Problem accessing /1/statuses/filter.json. Reason: >> <pre> UNAUTHORIZED</pre></p> >> <hr /><i><small>Powered by Jetty://</small></i> >> >> Here's what I POSTed(oauth tokens are filtered out): >> >> REQUEST: POST http://stream.twitter.com/1/statuses/filter.json >> Authorization: OAuth >> >> oauth_consumer_key="#####",oauth_token="########",oauth_nonce="#####",oauth_timestamp="#####",oauth_signature_method="HMAC- >> SHA1",oauth_signature="########",oauth_version="1.0", >> Content-Type: application/x-www-form-urlencoded >> Vary: Accept-Encoding >> Connection: close >> >> source=softwarename&delimited=1&follow=156934710 >> >> >> On Jun 23, 1:33 am, John Kalucki <j...@twitter.com> wrote: >> > OAuthshould work fine onstream.twitter.com >> > >> > -John Kaluckihttp://twitter.com/jkalucki >> > Infrastructure, Twitter Inc. >> > >> > >> > >> > On Tue, Jun 22, 2010 at 10:00 AM, Wil <willi...@gmail.com> wrote: >> > > I'm a bit dumbfounded here... >> > >> > > I've been trying to login tostream.twitter.com usingOAuth >> > > (particularly, I've been trying to access >> > >http://stream.twitter.com/1/statuses/filter.json?follow=####). I used >> > > the access keys obtained fromhttps:// >> api.twitter.com/oauth/access_token >> > > however, I've been getting 401 errors. I've tried basic authentication >> > > and it works fine. >> > >> > > Does that mean thatstream:statuses/filter is still can only accept >> > > basic authentication? >> > >> > > Regards, >> > > Wil >> > >> > > On May 25, 5:51 am, John Kalucki <j...@twitter.com> wrote: >> > >> We haven't announced our plans for streaming andoAuth, beyond stating >> that >> > >> User Streams will only be onoAuth. >> > >> > >> On Mon, May 24, 2010 at 1:57 PM, 140dev <140...@gmail.com> wrote: >> > >> > Does this mean that the streaming API will also make the switch >> from >> > >> > basic authentication toOAuthat the end of June? >> > >> > >> > On Mon, May 24, 2010 at 4:50 PM, Mark McBride < >> mmcbr...@twitter.com> >> > >> > wrote: >> > >> > >OAuthis now enabled onstream.twitter.com. I'll also send a note >> out >> > >> > > to the announce list >> > >> > >> > > ---Mark >> > >> > >> > >http://twitter.com/mccv >> > >> > >> > > On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin < >> aran...@gmail.com> >> > >> > wrote: >> > >> > >> Hi, >> > >> > >> > >> Is there an ETA for enablingoauthonstream.twitter.com? >> > >> > >> > >> Thanks, >> > >> > >> Aaron >> > >> > >> > >> On May 13, 1:11 pm, John Kalucki <j...@twitter.com> wrote: >> > >> > >>> OAuthis not enabled onstream.twitter.com. You can try on >> > >> > >>> chirpstream.twitter.com. >> > >> > >> > >>> On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers < >> > >> > lucasvick...@gmail.com> wrote: >> > >> > >>> > I am writing my own c++ basedOAuthlibrary. I know there is >> liboauth >> > >> > >>> > but I like to do things myself to learn. >> > >> > >> > >>> > Anyhow I am trying to accesshttp:// >> > >> >stream.twitter.com/1/statuses/sample.xml >> > >> > >>> > and I keep getting 401. >> > >> > >> > >>> > I have verified pretty much every parameter, and used the >> tool on >> > >> > >> > >> http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... >> > >> > >>> > to verify my signature is correct. I used twurl to obtain the >> user >> > >> > >>> > access tokens to my account. >> > >> > >> > >>> > After doing some reading I'm no longer convinced that >> thestreaming >> > >> > >>> > server even supportsoauth. >> > >> > >> > >>> > can you fill me in on the current status >> ofstream.twitter.com and >> > >> > >>> >oauth? >> > >> > >> > >>> > thanks! >> > >> > >>> > Lucas >> > >> > >> > >>> > On Apr 20, 11:02 pm, Jonathon Hill <jhill9...@gmail.com> >> wrote: >> > >> > >>> >> Thanks Taylor for the very detailed and helpful response! >> > >> > >> > >>> >> Jonathon >> > >> > >> > >>> >> On Apr 20, 1:17 pm, Taylor Singletary < >> taylorsinglet...@twitter.com >> > >> > >> > >>> >> wrote: >> > >> > >> > >>> >> > Hi Jonathon, >> > >> > >> > >>> >> > ForStreamingAPI access that isn't from the perspective of >> a user's >> > >> > >>> >> > account, you would use two-leggedOAuthto establish >> authentication >> > >> > instead >> > >> > >>> >> > of basic auth. >> > >> > >> > >>> >> > A two-leggedOAuthrequest is very similar to >> otherOAuthrequests: >> > >> > you have >> > >> > >>> >> > a specific resource you are trying to access, you have >> some >> > >> > parameters you >> > >> > >>> >> > want to pass to that resource, and you have >> anOAuthconsumer key >> > >> > andOAuth >> > >> > >>> >> > consumer secret. Which is unlike three-leggedOAuthwhere >> you also >> > >> > have >> > >> > >>> >> > oauth_tokens representing either a user/access_token or a >> request >> > >> > token in >> > >> > >>> >> > addition to the rest. >> > >> > >> > >>> >> > But the rules remain the same. You take all >> theOAuthparameters and >> > >> > the >> > >> > >>> >> > parameters you are sending to the resource, organize them, >> build a >> > >> > signature >> > >> > >>> >> > base string, then sign that with your consumer secret and >> send the >> > >> > request >> > >> > >>> >> > on to Twitter properly signed. The only difference is that >> there >> > >> > is no >> > >> > >>> >> > oauth_token and oauth_token_secret getting involved in the >> mix. >> > >> > >> > >>> >> > This is essentially what a two-legged request to >> thestreamingAPI >> > >> > would >> > >> > >>> >> > look like: >> > >> > >> > >>> >> > Signature Base String >> > >> > >>> >> > GET&http%3A%2F%2Fstream.twitter.com >> > >> > >> > >> %2F1%2Fstatuses%2Fsample.json&oauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%2 >> 6oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signatu >> re_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 >> > >> > >> > >>> >> > Signature >> > >> > >>> >> > Xi5jfuw2XqtU5KpNX9ZCtTptJS0= >> > >> > >> > >>> >> > Authorization Header >> > >> > >>> >> >> >OAuthoauth_nonce="SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8", >> > >> > >>> >> > oauth_signature_method="HMAC-SHA1", >> oauth_timestamp="1271783743", >> > >> > >>> >> > oauth_consumer_key="ri8JxYK2zzwSV5xIUfNNvQ", >> > >> > >>> >> > oauth_signature="Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D", >> > >> > oauth_version="1.0" >> > >> > >> > >>> >> > Taylor Singletary >> > >> > >>> >> > Developer Advocate, Twitterhttp://twitter.com/episod >> > >> > >> > >>> >> > On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill < >> > >> > jhill9...@gmail.com> wrote: >> > >> > >>> >> > > One thing I meant to find out @chirp last week--what >> > >> > willoauthlook >> > >> > >>> >> > > like for theStreamingAPI? I'm having a hard time >> visualizing how >> > >> > >>> >> > > that will work. >> > >> > >> > >>> >> > > Thanks, >> > >> > >> > >>> >> > > Jonathon Hill >> > >> > >>> >> > > @compwright >> > >> > >>> >> > > Company52 >> > >> > >>> >> > >http://company52.com >> > >> > >> > >>> >> > > -- >> > >> > >>> >> > > Subscription settings: >> > >> > >> > >> http://groups.google.com/group/twitter-development-talk/subscribe?hl=en >> > >