I was getting the same error but for me it was a simple issue. I did not pay careful enough attention to the documentation. When building the “signature base string” the values must be in strict alphabetical order - so this includes the name/value pairs you are including in your query string (GETs) or post data (POSTs). I wasn’t doing this, so some of my API calls worked and some didn’t - purely by fluke (if I happened by chance it include them in the correct order).
When I ensured that they were in order then it all worked fine. I found it my just using the oauth tool for the API in question to generate the example signature, header and HTTP request, then comparing it to the versions my software was generating. It stood out like a sore thumb then.
