How to Generate OAuth Signature for Batch API Requests that have a JSON array parameter

amobeedev · 2016-03-28T17:00:40.393Z

The new batch endpoints in the Twitter V1 API take a request body that is an array, rather than an object that contains key/value pairs.

Its not clear to me how to generate an OAuth signature when the request body is a JSON array, rather than a JSON object containing key/value pairs for fields. What are we, as API users, supposed to send up in the OAuth signature in this case?

My first approach was to ignore the JSON array when generating the signature. Using this approach, I seem to always receive a “401 Unauthorized Request” error.

I’ve been using the Scribe OAuth library and have logged a bug at their site ~ "401 Authorization Required" error with Twitter API bulk create campaign call · Issue #648 · scribejava/scribejava · GitHub

I’m wondering if its a bug in the Scribe library, or there is a twitter-specific OAuth implementation detail that I’m missing that isn’t documented.

Related Links:

Creating a signature | Docs | Twitter Developer Platform
https://dev.twitter.com/ads/reference/post/batch/accounts/%3Aaccount_id/campaigns
"401 Authorization Required" error with Twitter API bulk create campaign call · Issue #648 · scribejava/scribejava · GitHub

amobeedev · 2016-03-29T01:48:08.832Z

The solution is to use the “Content-Type” header with value "application/json;charset=UTF-8”, along with the payload field on Request in the Scribe Java library. The JSON array is then ignored for the purposes of generating the OAuth signature, and it succeeds with an HTTP 200 OK response.

So, you can mark the question “user error” or whichever similar resolution.

I’d suggest adding some details on how to handle JSON array parameters to Creating a signature | Docs | Twitter Developer Platform, as it isn’t documented anywhere that a JSON array POST body is ignored in the OAuth spec.