Could not authenticate with OAuth when doing friendship/create



Im having lots of trouble trying to sort out this issue and am at a lost. Hopefully someone can point me in the right direction. I’m busy dev-ing an app, of which part is to follow someone else. Everything I’ve got is working (Get Mentions, Get Direct Message, Get Followers, Get Friends), except following someone. Whenever I try this I get “Could not authenticate with OAuth.”. I presume it cant be the tokens etc that has expired as Im using the same ones for the functions mentioned above. The only difference is that the ones above is GET’s where the following (friendship/create) is POST. I’ve checked my BASESTRING and its 100% if Im using to check it. Also the same basestring (except for GET/POST in it) that Im using for the functions above.

All the functions im using, is the same (basestring generation, nonce, timestamp, etc).

The headers is as follow:

POST /1/friendships/create.json HTTP/1.0
Accept: /
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; ICS)
Content-Length: 17
Authorization: OAuth oauth_consumer_key=“XXXXXXXXXX”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1310826943”, oauth_nonce=“NACFBZVEVWEBSZSYYDTC”, oauth_version=“1.0”, oauth_token=“XXXXXXXXXXXXXX”, oauth_signature=“Qi4g5UfhxRz5EkpwrtGGvCQOfBg%3D”

The server response is as follow:

status code=401
headers=HTTP/1.1 401 Unauthorized
Date: Sat, 16 Jul 2011 14:36:31 GMT
Server: hi
Status: 401 Unauthorized
WWW-Authenticate: OAuth realm=""
X-Runtime: 0.00999
Content-Type: application/json; charset=utf-8
Content-Length: 88
Cache-Control: no-cache, max-age=300
Set-Cookie: k=; path=/; expires=Sat, 23-Jul-11 14:36:31 GMT;
Set-Cookie: guest_id=v1%3A131082699181691445;; path=/; expires=Tue, 16 Jul 2013 02:36:31 GMT
Set-Cookie: original_referer=ZLhHHTiegr8wMX3KjMz3b%2BaDc9Eazq28; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNGQYDMxAToHaWQiJTIxM2JkZDliMGQxYTlj%250AOWFkNmMxOTFmMGZlNjBkOTljIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–6c3a1f14db84adc7ec271f9bf716c5925198aba3;; path=/; HttpOnly
Expires: Sat, 16 Jul 2011 14:41:31 GMT
Vary: Accept-Encoding
Connection: close

Any help would be appreciated.

Thank you


I was having the same sort of problem working on an app in php. Having followed the examples over at I was able to get info, but not send tweets. I was getting a “Could not authenticate with OAuth” and “Invalid auth/bad request (got a 401, expected HTTP/1.1 20X or a redirect)” response when I tried.

For me the solution was to ensure that my $oauth->fetch call had the ‘method’ parameter set correctly. Changed from:
$oauth->fetch( ‘’, $args );
$oauth->fetch( ‘’, $args, ‘POST’ );
and everything works.
Don’t know if you’re even in the same language, but I’d say making sure you’re sending with a POST request, and maybe using the ‘form’ auth type may help.



What happens when you try to access GET /1/account/verify_credentials.json? If this request fails, there still might be something amiss with your OAuth – the API can be very lenient when it comes to content that could be returned in an unauthenticated context. If you’re being returned content even though your auth is bad, we’ll also return a X-Warning HTTP header on those GET methods.