When you’re making this request, are you also including an oauth_signature value, computed from the various parameters and signed with your consumer secret? I also recommend using HTTP headers to communicate OAuth parameters – it separates concerns. Check out [node:204].
