401 Authorization Required


I am doing PIN based Authentication. I have successfully got the oauth_token and oauth_token_secret on /oauth/request_token call.
However after receiving the PIN from the user , i am making a call to oauth/access_token with a POST method. But I am receiving 401 Authorization Required error. What am i doing wrong here?

Attached is the image for the Header which i am sending.
Consumer Key & Token has been hidden due to security concern.


I’m having a similar problem. I get all the way through the authorization sequence with the user logged in and I have their authorization token, but when I try to call an api (even a get), I get a 401 error… Maybe the header has to be created differently for api calls?



Found my issue: the Key passed to the hashing algorithm for user calls have to include both the application secret and the user’s token secret (retrieved with the request_token call)…

So, in my case:
strSignKey = TwitterEncode(Uri.EscapeDataString(strApplicationSecret) + “&” + Uri.EscapeDataString(strTokenSecret));

For the call to request_token, you only need the application secret (followed by “&”) in the sign key.

Hope this helps,


Thank you for the Reply, i did try with the token secret which request_token call returns.
However i have not been able to succeed and i still get the same 401 error.
Can you tell me how your header looks like and whats the base string for generating the signature?
Probably the signature might be wrong , but shouldn’t it give some different error when the signature is not correct. Something like ‘Invalid Signature’ ??


Twitter’s error messages have been most UN-helpful in my experience: you get 401 for just about anything that is wrong.

The base string looks like this (secrets modified):

The authorization header looks like this (secrets modified):
OAuth realm=“twitter.com”,oauth_consumer_key="[app-key]",oauth_nonce=“MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAw”,oauth_signature="[generated signature]",oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1428074015”,oauth_token="[user-token]",oauth_version=“1.0”

Hope this helps.