It seems like some photo sharing services require it in their API upload endpoint but whether they receive the realm parameter or not in the header, it still validates. While others will receive a failed authentication from Twitter’s API if its not present.
But this makes sense. My original understanding of the early oauth echo docs were that it was included/required and in a specific order.
Thanks for quick response.
