% character not handle well in direct_messages and statuses udpate


I found a issue in the direct_messages/new if there has % character in the text. Here is my test text:

plain: Random status update: 1797744914%
encode: Random%20status%20update%3A%201797744914%25

The API returns HTTP/1.1 401 Unauthorized error.

{"errors":[{"message":"Could not authenticate you","code":32}]}

I know my authentication is correct because once I remove the % character. But once I add a space after the %, it works.

And I found the same issue on statuses/update method as well.

Is this a bug of the REST API?



Maybe your library is tampering with the encoding somehow? I’m able to issue such direct messages ending with a “%” character easily enough:

POST body:


Signature base string:


The resulting direct message JSON object contains the correct text:

“text”:“hello and %”


I found out that the % will work if I pass the oAuth info in the post body instead of header like you do. And more interesting is that I running the same code today morning and everything works fine even oAuth is pass in the header cookie.

It seems Twitter team fix the issue last night but not telling everybody.