401 errors when getting the rate limit using 1.1 - works fine with 1.0


Using 1.0 and oAuth, all is working fine using:


but i get 401 errors when attempting:to get rate limits with 1.1:


Any advice on what might be causing this problem? I’m guessing it’s oauth related but the oauth works fine in 1.0.


I would validate that your commas are being encoded correctly in this request. We’re a little lenient with commas, but it’s still possible that your OAuth library or programming language’s URL encode function either under-escapes or over-escapes commas. Here’s a functional example of your request, along with a signature base string to detail the encoding:



Signature base string:



Yes, the commas appear to be fine. I tried using precisely using the url you provided and I get the same result (401). However, if I go back https://api.twitter.com/1/account/rate_limit_status.json without any other changes, i do get a rate limit without an error.


Are you sure that when you call account/rate_limit_status from 1.0 that you aren’t just being evaluated in an unauthenticated context? (That method supports unauthenticated requests as well, and if you’re auth is faulty you may get it in that context).


I don’t think so because when I started using oauth, rate limits went up from 150 to 300.


One thing I noticed different in the base string is that your oauth_nonce string was longer than mine. The rest was identical.


that rate limit increase should have read 350 and not 300. That is, when I implemented oauth in my application, the rate limit increased to 350 from 150 or whatever it was before.


The nonce shouldn’t be effecting it.

Have you tried leveraging the OAuth tool built into the site and seeing if the curl command it generates works for you? If it does, try to recreate the exact same request in your code and see if you can “train” your code to work for this. Happy to look at a capture of a failed request to see if I can spot any gotchas.


curl works. I’m not sure how to provide a capture of a failed request?


It will depend on your programming environment – different libraries make it easier or harder to capture the raw HTTP of the request in action.

So now you have an example that functions for you with your own keys – if you use the same exact timestamp, nonce, and keys for the successful request in your code, you should be able to build a request that looks exactly the same. Once you can reproduce the exact same request, then try it with a recent timestamp and a new nonce.

Make sure that you’re not sending authorization in multiple ways (mixing query string and auth headers for example).


strange. I made no changes to my code and now it’s suddenly working. Not sure why the rate limit is only 15 but I’m sure that isn’t for the whole hour anymore.


I now have the rate limit working fine in 1.1 but I can’t get search tweets to work without 401 errors. The curl works fine. I’m generating a basestring like the tool gave me or at least I think i am but it’s not clear to me how to now diagnose the 401 error I’m getting. Can you give me some ideas what I should do next to try to fix this problem?