401 Unauthorizen while verifying credentials


#1

Hello,

I am developing a Blackberry application which uses TwitterAPI ME (http://twitterapime.com) for authentication.
It works perfectly but I need to update statuses with media and, considering the fact that this api doesn’t support image uploading,
I decided to use token I’m receiving after I authenticate with this api to form my own request to upload pictures.
I have implemented the signing part and it works (at least it generated the same signature as it did here: https://dev.twitter.com/docs/auth/oauth if I put all data (consumer secret and key etc) from the example).
Unfortunately, I’m having troubles with verifying credentials:

In this example I’m trying to post a simple status “setting up my twitter”.
I’m generating signature, using this basestring:

POST&https%3A%2F%2Ftwitter.com%2Fstatuses%2Fupdate.json&oauth_consumer_key%3DqKm2knzwxJ0B6J2xVj4TQ%26oauth_nonce%3D13190400491111%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1319040052%26oauth_token%3D192609975-NXt7XeCRsvABEEkdqPiEKZ8MryRCRWX2AAUnlbPu%26oauth_version%3D1.0%26status%3Dsetting%2520up%2520my%2520twitter

Then the header:

OAuth oauth_nonce="13190400491111",
 oauth_signature_method="HMAC-SHA1", 
oauth_timestamp="1319040052", 
oauth_consumer_key="qKm2knzwxJ0B6J2xVj4TQ",
 oauth_token="192609975-NXt7XeCRsvABEEkdqPiEKZ8MryRCRWX2AAUnlbPu",
 oauth_signature="5qr2vaKuJ%2BiR3K2pOU4plmsPqVU%3D", oauth_version="1.0"

Then I’m trying to verify my credentials using this GET request:

http://twitter.com/account/verify_credentials.json?oauth_nonce=13190400491111&oauth_timestamp=1319040052&oauth_consumer_key=qKm2knzwxJ0B6J2xVj4TQ&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=192609975-NXt7XeCRsvABEEkdqPiEKZ8MryRCRWX2AAUnlbPu&oauth_signature=5qr2vaKuJ%2BiR3K2pOU4plmsPqVU%3D

And I’m getting 401 response. I can’t find the mistake in my code, can you point me in the right direction? Why won’t it authenticate?
Thanks in advance.


#2

The signature needs to be generated for every request you make. The signature base string you’ve shown is for a POST request to /statuses/update.json - this will certainly not work for a GET to /account/verify_credentials.json.