I am attempting to get a search to work in Max/MSP with the [maxurl] object. It allows me to send get requests, and send requests in a json dictionary. I am having trouble getting authentication, I keep receiving a 215 error (bad authorization) and I’m not sure why.

Here is what I am sending:

“http_method” : “GET”,
“Header” : “OAuth%20oauth_consumer_key=XXXXXXXXXX,oauth_signature_method=HMAC-SHA1,oauth_timestamp=1410761882900,oauth_nonce=XXXXXXX,oauth_version=1.0,oauth_token=XXXXXXXX-XXXXXXXXXXX,oauth_signature=XXXXXXX”,
“url” : “https://api.twitter.com/1.1/search/tweets.json?q=harvestworks”,
“Content-Type” : “application/x-www-form-urlencoded”,
“Host” : “api.twitter.com”,
“X-Target-URI” : “https://api.twitter.com”,
“Connection” : “Keep-Alive”

I followed the instructions on the twitter dev authorization api, and I searched for other suggestions. That is how I got the “Header” value formatted the way it is. A search online turned up that some people solved this by adding the “Content-Type” key and value. I added the “Host”, “X-Target…”, and “Connection” from what the console tool displayed. I still can’t figure it out… any suggestions?

Thank you!!!


The OAuth signature should be set on a HTTP header named “Authorization”. Also, make sure you are using a library to generate OAuth signature instead of building it from scratch.

Let me know the language you are using then I can recommend a library.


Thank you! I’m using Max/MSP and Javascript. I suppose it would be better to do the OAuth signature in Javascript.

I think my problem is me doing the OAuth signature by hand instead of having it generated. I had tried the hello.js library (Andrew Dodson) but it didn’t seem to be working for me. Are there others you would recommend?

Also, are there instructions somewhere in the documentation that describe what needs to be generated and how for this? While it would do me good to learn to do this in js, It might be easier for me to write a patch in Max/MSP to generate the OAuth signature instead.


I should also mention, my only need is to do a simple search for hashtags and receive the full tweet, and user data.


The restriction on doing that on the browser is that API calls must to use SSL encryption. Not sure if this is supported.

The alternative would be to implement a proxy between your hack and Twitter API.


Hi! I’m still trying this, I’m wondering if I post my error that may help. This appears to be the important part of the JSON response I’m getting. So it’s Bad Authentication data still, and 400 Bad Request…

Does the fact that I’m receiving “max-age=…” indicate that my timestamp may be wrong? Or I need to set when the authorization request expires? or that it includes “ncontent-length:61” indicate I may have missing or extra characters? Or perhaps sending too much or not enough things?

Thanks! Sorry for my newbie questions, I’m learning a lot through this :smile:

“body” : “{“errors”:[{“message”:“Bad Authentication data”,“code”:215}]}”,
“header” : “HTTP/1.1 400 Bad Request\r\ncontent-length: 61\r\ncontent-type: application/json;charset=utf-8\r\ndate: Wed, 17 Sep 2014 14:59:21 UTC\r\nserver: tfe_b\r\nstrict-transport-security: max-age=631138519\r\n\r\n”,
“status” : 400,


PS I’m also generating the signature as per the twitter developer documentation now, so I’m sure that is correct as well