OAuth base string for statuses/update_with_media


#1

What is the correct base string that we need to sign when we POST to statuses/update_with_media?

Referencing this https://dev.twitter.com/discussions/1059 and https://dev.twitter.com/docs/uploading-media, it seems like only the oauth_* parameters should be included. So something like this:

oauth_consumer_key%3DkCFC7HI24y15QEckWv7WVZnFc%26oauth_nonce%3DouDR%252FWhn68lbgM10dBKoz2QwX6IQFB5y4y9ZDzp6TXg%253D%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1404795653%26oauth_token%3D......%26oauth_version%3D1.0"

but the example given has the POST method and URL included in the base string; so:

"POST&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fstatuses%2Fupdate_with_media.format&oauth_consumer_key%3DkCFC7HI24y15QEckWv7WVZnFc%26oauth_nonce%3DouDR%252FWhn68lbgM10dBKoz2QwX6IQFB5y4y9ZDzp6TXg%253D%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1404795653%26oauth_token%3D.........%26oauth_version%3D1.0"

Or is it yet a third option? I’ve tried both and keep getting a 400 “Bad Authentication data” response.
The authorization header entry looks like:

authorization: OAuth oauth_consumer_key="…", oauth_nonce=“ouDR/Whn68lbgM10dBKoz2QwX6IQFB5y4y9ZDzp6TXg=”, oauth_signature=“YzPd/iJAPJ+nijniGjtKtS5T88E=”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1404795653”, oauth_token="…", oauth_version=“1.0”

I’m a bit stuck on this issue. I think my signing code/logic is correct since I’ve used other API endpoints correctly, but this one is giving me a lot of troubles.

Thanks for your help ahead of time.


#2

To answer my own question, it’s the latter base string.
I forgot to uri encode my authorization request.