I’m trying to get an access token using xAuth (my application has already been approved for xAuth), but I keep getting 401 Not Authorized response from server. I have some questions about the oauth/access_token request using xAuth:
What should be my request url ? I tried https://api.twitter.com/oauth/access_token and https://api.twitter.com/oauth/access_token?x_auth_username=xxxxxxxx&x_auth_password=xxxxxxxxxxxx&x_auth_mode=client_auth. None of these requests worked. For the first request, the server asked for the request token and secret, which I don’t use in the xAuth authentication. The second request also returned a 401 Not Authorized response, and a message saying that the oauth signature could not be validated. However, I tried the values in the documentation (https://dev.twitter.com/docs/oauth/xauth) and I could generate the same signature, so the algorithm seems to be right.
Second question, what should be the POST body ? I tried the one in the documentation page ( something like “x_auth_username=xxxxxxx&x_auth_password=xxxxxxxxx&x_auth_mode=client_auth” ) , but it didn’t work either.
Third question, about the POST header. Should it include the x_auth_username, x_auth_password, and x_auth_mode parameters ? I tried all the combination of the above, but with no success.
Also, the error messages change depending on the combination of url + header + body. Sometimes I don’t even receive an error message at all, sometimes I receive a “could not validate oauth signature”.
Can someone help me ? I’m running out of ideas on how to make this work.