How to Generate OAuth Signature for Batch API Requests that have a JSON array parameter

oauth

#1

The new batch endpoints in the Twitter V1 API take a request body that is an array, rather than an object that contains key/value pairs.

Its not clear to me how to generate an OAuth signature when the request body is a JSON array, rather than a JSON object containing key/value pairs for fields. What are we, as API users, supposed to send up in the OAuth signature in this case?

My first approach was to ignore the JSON array when generating the signature. Using this approach, I seem to always receive a “401 Unauthorized Request” error.

I’ve been using the Scribe OAuth library and have logged a bug at their site ~ https://github.com/scribejava/scribejava/issues/648

I’m wondering if its a bug in the Scribe library, or there is a twitter-specific OAuth implementation detail that I’m missing that isn’t documented.

Related Links:


OAuth Signature Generation & JSON Request Bodies ~ Best Practices
#2

The solution is to use the “Content-Type” header with value "application/json;charset=UTF-8”, along with the payload field on Request in the Scribe Java library. The JSON array is then ignored for the purposes of generating the OAuth signature, and it succeeds with an HTTP 200 OK response.

So, you can mark the question “user error” or whichever similar resolution.

I’d suggest adding some details on how to handle JSON array parameters to https://dev.twitter.com/oauth/overview/creating-signatures, as it isn’t documented anywhere that a JSON array POST body is ignored in the OAuth spec.