Hi Gerard, Steps 1-3 of this process are correct from the perspective of initially negotiating permissions for your user. Once you've performed steps 1-3 you shouldn't need to do these steps for this user again unless re-negotiating for the tokens.
Your step 4: I'll improve the documentation we have for OAuth Echo here, as it's not obvious that you should be performing a POST for verify_credentials in this case. The Authorization Header you generate for the verify_credentials request should be a POST, as that's what Twitpic will do. Step 5: Yes, your OAuth authorization header for the verify_credentials request is presented in the X-Verify-Credentials-Authorization header, and X-Auth-Service-Provider contains "https://api.twitter.com/1/account/verify_credentials.json" Let me know if the transition to POST works for you. I have some sample code in PHP available here: http://gist.github.com/490753 Taylor On Mon, Jul 26, 2010 at 8:21 AM, globaljobber <gerardn...@exciteinternet.co.uk> wrote: > Just to check my process is correct: > > 1) Web page goes to twitter to get a request Token > > 2) Token request granted, and a URL for user is generated with this > Token > > 3) User authenticates app via Twitter pop-up > > 3) Twitter reponse redirects to new page which has Access Token and > access token secret given to it. > > 4) Using these tokens, and using GET and the following URL: 'https:// > api.twitter.com/1/account/verify_credentials.json' > > an authorisation header is generated. > > 5) This header, along with the other header: 'X-Auth-Service- > Provider' is then sent off using a post to > http://api.twitpic.com/2/upload.json > > Have I missed anything? > > Regards > Gerard > > > > > > > On Jul 26, 4:03 pm, globaljobber <gerardn...@exciteinternet.co.uk> > wrote: >> Hi Taylor, >> >> Thanks for your reply. I just tried that and still the same 401 error. >> The new header was like this with spaces after each comma: >> >> OAuth realm="http://api.twitter.com", >> oauth_consumer_key="9cjtaDfffOYCRJqyp7XKzA", oauth_nonce="59E4358", >> oauth_signature_method="HMAC-SHA1", oauth_timestamp="1280156335", >> oauth_token="15389554-7q4tjgtwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4", >> oauth_version="1.0", oauth_signature="ZmiBuqZC2SUsRx2%2B7x4O7TrDDWE >> %3D" >> >> I'm also sure no call is made during the generation of the header. >> >> According to other posts I've read, this header is created using a GET >> and uses the following URL: >> >> https://api.twitter.com/1/account/verify_credentials.json >> >> Any other ideas would be grateful, as I've spent over a week on trying >> to get Twitpic to work. >> >> Thank you >> Gerard >> >> On Jul 26, 3:38 pm, Taylor Singletary <taylorsinglet...@twitter.com> >> wrote: >> >> > Hi Gerard, >> >> > Though I know it doesn't sound like it should matter, can you try your >> > request against Twitpic after inserting spaces after each comma in >> > your Authorization Header? Also want to make sure that you aren't >> > executing your verify_credentials request in the preparation sequence >> > (calling the resource prior to TwitPic calling it would invalidate >> > it). >> >> > Thanks, >> > Taylor >> >> > On Mon, Jul 26, 2010 at 7:26 AM, globaljobber >> >> > <gerardn...@exciteinternet.co.uk> wrote: >> > > Hi, >> >> > > I am having trouble getting Twitpic to authorize an image upload >> > > request. >> >> > > I have checked my Oauth 'X-Verify-Credentials-Authorization' >> > > authorization header with a call to >> > > 'https://api.twitter.com/'andI get a 200 OK status. So it appears my >> > > authentication requests are ok. >> >> > > However if I take the same header construct and make a request to >> > > 'http://api.twitpic.com/2/upload.json'usingOAuth Echo with Twitpic I >> > > continually receive a 401 Unauthorized response. >> >> > > My typical setup is this: >> >> > > Parameters for Twitpic: >> >> > > Requiredparameters.Add("key", "97bfc7ffddd827ca9630232def4eea82"); >> > > Requiredparameters.Add("message", "This is a test upload"); >> >> > > requestUrl = OAuthUtility.AppendParametersForPOST("http:// >> > > api.twitpic.com/2/upload.json", Requiredparameters); >> >> > > HttpWebRequest webRequest = >> > > (HttpWebRequest)WebRequest.Create(requestUrl); >> > > webRequest.Method = "POST"; >> >> > > webRequest.Headers.Add("X-Verify-Credentials-Authorization", >> > > AuthorizationHeaderForAuth); >> > > webRequest.Headers.Add("X-Auth-Service-Provider", "https:// >> > > api.twitter.com/1/account/verify_credentials.json"); >> >> > > where a typical AuthorizationHeaderForAuth looks like this: >> >> > > OAuth realm="http:// >> > > api.twitter.com",oauth_consumer_key="9cjtddsslOYCRJqyp7XKzA",oauth_nonce="4D34866",oauth_signature_method="HMAC- >> > > SHA1",oauth_timestamp="1230153261",oauth_token="15322554-7q4tTvSwJ9oB6iWZh7DvRjkn60eKTc1T4VRkNl4",oauth_version="1.0",oauth_signature="gbMRJ1OA9JNiZGksnRyFdT6iP20%3D" >> >> > > Can anyone please suggest where things may be going wrong? >> >> > > Many thanks >> > > Gerard >