You can't re-use signatures. Signatures use a nonce which is unique, a timestamp that will invalidate the request after about 5 minutes, and a signature that is based on the request you do (including URL).
Tom On Aug 9, 4:22 am, ianrose <ianros...@gmail.com> wrote: > Hi - > > I hope I am not posting a question that has previously been answered - > I tried searching the archives but to no avail. > > I am trying to get the 'sample' stream API working but am getting 401 > Unathorized errors. For debugging purposes, I am using curl for now. > The following command fails (401): > > curl 'http://stream.twitter.com/1/statuses/sample.json? > delimited=length' -H 'Authorization: OAuth realm="Twitter API", > oauth_nonce="24599946", oauth_timestamp="1281319798", > oauth_consumer_key="", oauth_signature_method="HMAC-SHA1", > oauth_version="1.0", oauth_token="175905996- > JkrGAl8ZXCgIjeZl3o7fMCD8HbyfVeDbkP9Y13mX", oauth_signature="i > %2BVzWX23sp5t8%2Fz0swJl%2FDHloOo%3D"' > > However, I believe that my OAuth stuff is (hopefully) correct because > the following command works, where I have reused the exact same OAuth > header (all I changed was the URL): > > curl 'http://api.twitter.com/1/statuses/user_timeline.json'-H > 'Authorization: OAuth realm="Twitter API", oauth_nonce="24599946", > oauth_timestamp="1281319798", oauth_consumer_key="", > oauth_signature_method="HMAC-SHA1", oauth_version="1.0", > oauth_token="175905996-JkrGAl8ZXCgIjeZl3o7fMCD8HbyfVeDbkP9Y13mX", > oauth_signature="i%2BVzWX23sp5t8%2Fz0swJl%2FDHloOo%3D"' > > So what does this mean? Are the authentication requirements at all > different for these two API calls? In case its relevant, note that I > am using my account's "single access token" to create these OAuth > signatures as opposed to a "real" customer key/secret pair. Any > suggestions on what else I can do to try and debug this? > > Many thanks! > - Ian