Please show your Base String. A lot of issues are related to the Base String.
Also, to answer your question: yes, you need to combine both secrets. consumersecret&usersecret = your signing key. Tom On 9/12/10 12:09 AM, DK wrote: > I keep getting this when I try to update status. I am using xAuth and > am able to successfully get access token. MY request: > > POST /1/statuses/update.xml HTTP/1.1 > > Accept: */* > > Referer: > file:///Applications/Install/8B95EF94-D747-4976-B877-9C0D6F69C000/Install/ > > Content-Length: 140 > > Accept-Encoding: identity > > Content-Type: application/x-www-form-urlencoded > > Authorization: OAuth oauth_nonce="7fa7df55-dff0-498d- > a412-31f311a58aa2", oauth_signature_method="HMAC-SHA1", > oauth_timestamp="1284241920", > oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxxxxxxx", > oauth_token="185630219-3cz8iKUYxazA9RQyXMSl0WIZK76lJTYlrJ7LZUeR", > oauth_signature="5F19ANULI0fYZVVCicdbcSTiF2g%3D", oauth_version="1.0" > > User-Agent: @sebagomez shelltwit > > Host: api.twitter.com > > Connection: Keep-Alive > > Cache-Control: no-cache > > > status=Nothing%20is%20to%20come%2C%20and%20nothing%20past%3A%20But%20an > %20eternal%20now%2C%20does%20always%20last.%20%0A-%20Abraham%20Cowley > > the response i get is: > > HTTP/1.1 401 Unauthorized > > Date: Sat, 11 Sep 2010 21:52:54 GMT > > Server: hi > > Status: 401 Unauthorized > > WWW-Authenticate: Basic realm="Twitter API" > > Content-Type: application/xml; charset=utf-8 > > Content-Length: 135 > > Cache-Control: no-cache, max-age=1800 > > Set-Cookie: k=173.79.181.196.1284241973942054; path=/; expires=Sat, 18- > Sep-10 21:52:53 GMT; domain=.twitter.com > > Set-Cookie: guest_id=128424197394768797; path=/; expires=Mon, 11 Oct > 2010 21:52:53 GMT > > Set-Cookie: > original_referer=fBxhJyK4Ko2le28vCjFdUuU0TPqFAtRdqYyfC0jPsNARZDQUgPOC8mBAw3pSUcn9KGWZLCcqP3zbWjCZVfqsrV8qgcG0M3IvAN > %2FeDqwRZDs%3D; path=/ > > Set-Cookie: > _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMhiyQIrAToHaWQiJTA0NTkyNDA5YWI5ZWRm > %250ANmEyYTIzZmVlMmI2MGQyODhlIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy > %250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--048b4c682393f66d9e63abd364abb048db4022cf; > domain=.twitter.com; path=/ > > Expires: Sat, 11 Sep 2010 22:22:53 GMT > > Vary: Accept-Encoding > > Connection: close > > > > <?xml version="1.0" encoding="UTF-8"?> > <hash> > <request>/1/statuses/update.xml</request> > <error>Incorrect signature</error> > </hash> > > > I am urlencoding the params. Do I need to also include the consumer > secret in the signature? > > Any help is really appreciated as I have spend 2 full days with this :- > ( > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en