API v1.1 is stricter on two levels that can cause some issues for developers… the first is that it’s more strict with HTTP 1.1 compliance – it won’t tolerate unencoded reserved characters in query strings, URLs, or POST bodies. Further, the OAuth 1.0A implementation is also stricter, mainly because of the level of strictness required in HTTP. (For example, in API v1 perhaps a reserved character was allowed to be sent naked in the POST body and re-encoded only once for the OAuth 1.0a signature base string, but in API v1.1 the character would have to be encoded in the POST body for compliance, and as a result encoded again in the signature base string.
