I’m currently building an API for my Twitter app and i’m using OAuth Echo. From what i understood, the oauth_signature is generated based on one end point and as @episod pointed out here : https://dev.twitter.com/discussions/5947 there’s a difference between generating a signature for a GET and POST request.
Here’s how my API works :
Consumer generates an oauth_signature using the endpoint https://api.twitter.com/1/account/verify_credentials.json (GET) and then send this together with other oauth parameters in the header to my API. An image to be uploaded and the tweet to be posted is also sent in a POST variable.
I then pass the header to Twitter.
If the response i receive is 200 OK, i then store the image permanently and generate a URL.
Now if i try to post the tweet and url to Twitter (http://api.twitter.com/1/statuses/update.json) i get a 401 error because obviously the oauth_signature is invalid in this case since it was generated using the endpoint https://api.twitter.com/1/account/verify_credentials.json and not http://api.twitter.com/1/statuses/update.json
How do i use OAuth echo in this situation? How can i use the same authorization headers for multiple end points?