"How can i use the same authorization headers for multiple end points?"
The answer is that you cannot.
OAuth Echo allows a client (say Tweetbot) to use a third party service (say Twitpic) to assert the current user’s identity in a way which Twitpic can verify. It does not support posting of Tweets or really much else beyond a verifiy_credentials call.
For my example, the flow would be:
- Tweetbot uses its access token + key for my Twitter account to sign a request to verify_credentials.
- Tweetbot sends image data to Twitpic along with that signed request.
- Twitpic calls verify_credentials and parses the response to verify which Twitter account it should associate the image with.
- Assuming Twitpic gets a valid response, it stores the image and indexes it under my Twitter account. Then it returns an URL pointing to the image to Tweetbot.
- Tweetbot takes that URL and generates a brand new signed request to post the URL and some text to Twitter.com.
From your request, I’m not sure whether you’re Tweetbot or Twitpic. It sounds like maybe you’re trying to be both.
