Having trouble migrating to API 1.1, Still getting 400 or 401. Works in REST client though


Hey guys, I am having issue with either authorization or my request. I am able to get the correct response out of the REST client and I have verified that my headers are the same as the REST clients, with the exception that nonce and the timestamp are different. I am trying to implement a single user OAuth, and I have my information from the applications page.

I am either getting a 400 error or a 401 error, the difference is between the order of the header parameters.

If I order the parameters nonce, signature method, timestamp, consumer key, token, signature, version. I get a 401 error.

However, if I order the parameters the same way as in the REST clients headers IE version, signature method, nonce, timestamp, consumer key, token, then signature I get a 400 error.

My question is does a 400 error mean I was authorized I just had a bad request? And like wise does a 401 error mean I had a good request I was just not authorized. which is the correct order for the parameters?

Anyways bellow is my url, and my headers I am trying to GET from. does anything look incorrect? I have verified that the timestamp is the same as the time stamp when using the rest client, well if I refresh both it is with ~2.

URL: https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=DIYMediaService&count=5

Header Parameters: OAuth oauth_nonce=“NjM1MDE4MDgwNjk2MjQwOTQ3”,oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1366236470”,oauth_consumer_key=“MYCONSUMERKEY”,oauth_token=“MYTOKEN”,oauth_signature=“MYSIGNATURE”,oauth_version=“1.0”,oauth_token_secret=“MYTOKENSECRET”

Thanks in advance for the help.


When you get the 400, it likely means that we can’t even interpret your request as bearing any form of auth challenge. When you get the 401, it means that we’ve interpreted your credentials but found them invalid in some way (either the token itself is wrong, the signature is invalid, or perhaps the clock is off).

Check out [node:204] for some common things to try when debugging this kind of scenario.




Hi, thanks for the reply. I did have a chance to look through the troubleshooting page and it was helpful, though I am still getting a 401 error.

I have checked both my base signature sting and authentication headers against the Oauth tool and they match.

my base signature string is.


then it is hashed like so.

string signatureString = Convert.ToBase64String(hmacsha1.ComputeHash(
new ASCIIEncoding().GetBytes(signatureBaseString)));

My Authentication header is.

Authorization: OAuth oauth_consumer_key="{MYCK}", oauth_nonce=“NjM1MDE4ODgyMTQ3NzkxMzU0”, oauth_signature=“e4iZ7U%2BR8B838Xm4p%2FRZfyImKwY%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1366316615”, oauth_token="{MYTOKEN}", oauth_version=“1.0”


One thing I am not sure of though is whether I still need to include the query parameters in the query string or just in the headers. These are my parameters. ‘?screen_name=DIYMediaService&count=2’



Here is my base string with line breaks so it is not hidden by the overflow.




So in the end how did you do it ? I am having the same issue, if you could help me …

Thank you very much