Invalid or expired token when using the search API with application only authentication


#1

Trying to troubleshoot a ‘Invalid or expired token’ returned when using the search API with application only authentication
ie
https://api.twitter.com/1.1/search/tweets.json?q=%23sochi

Could any Oauth experts confirm the following for me

-I should be using GET

-In my Request Headers I should see ‘Authorization Bearer’ followed by base64 encoded bearer token

-I don’t need any other custom headers (i.e. content-type, etc) in my Request Headers

I assume that the issue must reside in the creation of my Authorization header (base64 encoded bearer token). How can I check this?


#2

FYI, the bearer token should only be URL encoded. As you can see from this example

Authorization: Bearer AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAA…truncated

from https://dev.twitter.com/docs/auth/application-only-auth, it’s not Base64 encoded (% is not a valid Base64 character - http://stackoverflow.com/a/6102251/3490817), just URL encoded. The documentation states “…with the value of Bearer <base64 bearer token value from step 2>…” but it’s inaccurate and should be changed.