Great, glad you got to that point. So if this request is failing it’s likely due to the OAuth signature basestring not generating correctly – that screen_name parameter needs to be sorted with all the other parameters (including oauth_*) parameters.
Here’s a quick example of this same call successfully performed, using my own credentials:
URL:
https://api.twitter.com/1.1/users/lookup.json?screen_name=progr4mmer
Signature base string:
GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fusers%2Flookup.json&oauth_consumer_key%3D5aA6oofBOFAwN4tfmEYWjg%26oauth_nonce%3DftXkCQeMrj6AcKGI9xNJga5axY8eOGnbk6H2RNAvHtw%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1374849497%26oauth_token%3D119476949-oYGCs2M5duG5QalbOAK2YUZh8zG3ur7DPYo5qIFN%26oauth_version%3D1.0%26screen_name%3Dprogr4mmer
HTTP headers, including the Authorization header:
Accept: /
Connection: close
Authorization: OAuth oauth_nonce=“ftXkCQeMrj6AcKGI9xNJga5axY8eOGnbk6H2RNAvHtw”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1374849497”, oauth_consumer_key=“5aA6oofBOFAwN4tfmEYWjg”, oauth_token=“119476949-oYGCs2M5duG5QalbOAK2YUZh8zG3ur7DPYo5qIFN”, oauth_signature=“7W4NaSOnNzak6c%2FBduD%2FV0sgOXs%3D”, oauth_version=“1.0”
