Single-User Application - No Real Documentation?


I’m developing a twitter library, and I’m unable to even figure out the right documentation to use. I have the consumer key & secret and token key & secret stragiht from the Twitter’s app settings, I don’t need to get these values anymore. However, in the link above which is suggested for single-user applications, it actually provides no explanation on how to use all of these values so I don’t have to authenticate. I don’t see any REST 1.1 API call either that utilizies all 4 of
those values. I decided to look at the C# and PHP open source libraries they recommend I use but both projects recommend we look elsewhere because they’re out of date(presumably they only handle 1.0).

I’m stuck - I need to utilize all of these 4 values, I don’t need them returned to me in a response as most of the OAuth API calls do.


The single user use case is just a subset of a multi-user use case and assumes that you’re already familiar with OAuth 1.0A.

If you already have an access token and access token secret, you then have everything you need to sign and authenticate requests to the REST API – see [node:2927] for how that process works.

I recommend using an OAuth library. Find the area in the instructions for the library of your choice where it leverages a recently received access token to make calls on behalf of that user. Instead of using a recently negotiated access token, you’ll use the values you retrieved from instead.


Hey episod, thanks for the quick response. I’ve been doing exactly that. I even plugged in Twitter’s example values in to my Autorization header builder & signature generator, and the results are generated just fine–all hashed values match, exact ordering and etc. I even have used their examples to unit test my code. However, when I plugin my values, I keep getting a 401 error.

Wherever it says X, it means it was supplied to me through the dev app settings center.

For example, here is what I am sending

{Authorization: OAuth oauth_version=“1.0”, oauth_signature_method=“HMAC-SHA1”, oauth_consumer_key=“X”, oauth_token=“X”, oauth_nonce=“HPjNvUERs5v%2FU1MEKR7CLX3%2F%2BzI%3D”, oauth_timestamp=“1376959602”, oauth_signature=“js%2BSNFtVBdVSg%2BK7SnrkRHXTUAA%3D”}

OAuth parameters used to generate the authorization header
{[oauth_version, 1.0]}
{[oauth_signature_method, HMAC-SHA1]}
{[oauth_consumer_key, X]}
{[oauth_token, X]}
{[oauth_nonce, HPjNvUERs5v/U1MEKR7CLX3/+zI=]}
{[oauth_timestamp, 1376959602]}
{[oauth_signature, js+SNFtVBdVSg+K7SnrkRHXTUAA=]}

parameters used in signature generation
{[oauth_consumer_key, X]}
{[oauth_nonce, %2Fq5bhC205nD%2B90sWiv83m04bl%2Bw%3D]}
{[oauth_signature_method, HMAC-SHA1]}
{[oauth_timestamp, 1376961624]}
{[oauth_token, X]}
{[oauth_version, 1.0]}
{[status, hi]}
The keys were first sorted and then the string was generated. After all that, I get a 401. Is there any way to find out what was missing?

I’m getting desperate. Again, the examples in the docs work exactly as intended when I pass them through my code but I for some reason get a 401.

Any ideas on how to proceed from here?


Maybe the issue is with how you’re sending the status parameter – when you’re doing a POST, it’s really best to put it in the POST body instead of the querystring. Your querystring has the parameter tokenized with “&” before it but there are no other parameters to start the query string with the “?” character/token.

Make sure you’re also explicitly setting a Content-Type describing the contents of your POST body.


Yes, I needed to replace “&” with “?”. I’m not sure how I missed that. It seems the Content-Type isn’t necessary, it works without it or using the default that is provided. I haven’t looked at the actual packet that is being sent out.

Thanks for the help, episod.