How to update Twitter status with Oauth authentication in core Java



I’ve been receiving HTTP response code 400, error code 215, ‘Bad Authentication data’ when trying to post a Twitter update. From the Twitter developer app, I have an oauth_consumer_key & oauth_token along with oauth_consumer_secret & oauth_token_secret for the Twitter account.

public void doPOSTTweet() throws IOException {		
    // Build Signature base string

    String message = "Hey Ladies and Gentlemen a signed OAuth request";
    int timeint 	= (int) (System.currentTimeMillis() / 1000);
    String oauth_timestamp = Integer.toString(timeint);
    int nonce	= (int) (Math.random() * 100000000);
    String oauth_nonce 	= Integer.toString(nonce);
    String url = POST_TWITTER_URL;

    // Parameters
    String params = "include_entities=true&oauth_consumer_key="+oauth_consumer_key
    String signature_base_string = "POST" + "&" + encodeURIComponent(url) + "&" + encodeURIComponent(params);

    // Getting a signing key
    String oauth_signature	= generateSignature(signature_base_string, oauth_consumer_secret, oauth_token_secret);
    URL obj = new URL(url);
    HttpsURLConnection conn = (HttpsURLConnection) obj.openConnection();
    conn.setRequestProperty("User-Agent", USER_AGENT);
    // set POST headers
    conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    conn.setRequestProperty("Authorization", "OAuth oauth_consumer_key=\""+oauth_consumer_key
    		+"\", oauth_nonce=\""+oauth_nonce
    		+"\", oauth_signature=\""+oauth_signature
    		+"\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\""+oauth_timestamp
    		+"\", oauth_token=\""+oauth_token+"\", oauth_version=\"1.0\"");
    // POST output		
    OutputStream os = conn.getOutputStream();

    int responseCode = conn.getResponseCode();
    System.out.println("Twitter POST Response Code :: " + responseCode);

// ....


The oauth_signature is being generated with these functions:

public String generateSignature(String signatureBaseStr, String oAuthConsumerSecret, String oAuthTokenSecret) {  
    byte[] byteHMAC = null;  
    try {  
      Mac mac = Mac.getInstance("HmacSHA1");  
      SecretKeySpec spec;  
      if (null == oAuthTokenSecret) {  
        String signingKey = encodeURIComponent(oAuthConsumerSecret) + '&';  
        spec = new SecretKeySpec(signingKey.getBytes(), "HmacSHA1");  
      } else {  
        String signingKey = encodeURIComponent(oAuthConsumerSecret) + '&' + encodeURIComponent(oAuthTokenSecret);  
        spec = new SecretKeySpec(signingKey.getBytes(), "HmacSHA1");  
          byteHMAC = mac.doFinal(signatureBaseStr.getBytes());  
        } catch (Exception e) {  
        return Base64.encode(byteHMAC.toString());  

public static String encodeURIComponent(String s) {
    String result;

    try {
        result = URLEncoder.encode(s, "UTF-8")
                .replaceAll("\\+", "%20")
                .replaceAll("\\&", "%26");
    } catch (UnsupportedEncodingException e) {
        result = s;

    return result;

The parameter string is:


The signature_base_string :


The oauth_signature is: W0JAMTBkZDcwMTg=

When posted, the HTTP response code is 400 with a JSON response:

    "errors": [
            "code": 215,
        "message": "Bad Authentication data."

I have manually recreated this post with Postman, entering the same info:

Twitter Post

The error message is the same from Postman. I’ve confirmed the oauth keys with the Twitter app page, and all is identical. Any ideas on troubleshooting this? Is there a proper syntax and/or order that is missing?


I recommend a couple of things…

First off, have you seen this OAuth library?
It might help you with your setup.

We also have identified that Postman doesn’t handle some OAuth 1.0a dependencies properly. Have you tried playing around with Insomnia at all?


String oauth_signature = generateSignature(signature_base_string, oauth_consumer_secret, oauth_token_secret);
I think in this line, you need an extra step of encoding the oauth_signature string:
oauth_signature = encodeURIComponent(oauth_signature);
and use this afterwards.