Status: 401 Unauthorized


I am integrating Twitter in one of the Oracle’s Product Siebel. I am using OAuth Authentication. I have successfully integrated the friends, followers and the direct message in Siebel. Now I am trying to post Tweets from my application but I am constantly getting 401 Unauthorized. I have done the following things to rectify the problem but no success:

  1. I have deleted and recreated the application with read-write-directmessage access
  2. I have verified all the steps of OAutho Authentication
  3. My clock is in sync with the Twitter Clock
  4. I am using POST method for posting the tweets and was using the GET method for Friends, Followers and Direct Messages
    Below is my HTTP Request Header and the Response Header. Please help me out with my issue.


HTTP Transport Parameters:

Request URL =
Request Method = POST
Sending Request
** HTTP request Headers for Data Send Request:
User-Agent: Mozilla/4.0
Accept: text/*
Content-Type: text/xml; charset=UTF-8
Authorization: OAuth oauth_consumer_key=“BEYuQ4YmXpy5nwwVIxYwOg”,oauth_nonce=“qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq”,oauth_signature_method=“HMAC-SHA1”,oauth_signature=“TS3otUVrbDleFSVnO2pWdJhoLaw”,oauth_timestamp=“1341261370”,oauth_token=“361729128-RAeksAvpDa6ipd7WCRxSS5rKFnYzHHoeW2Ni2zqP”,oauth_version=“1.0”

*** HTTP response Headers from Data Send request:
HTTP/1.1 401 Unauthorized
Date: Mon, 02 Jul 2012 20:39:13 GMT
Status: 401 Unauthorized
WWW-Authenticate: OAuth realm=""
X-Runtime: 0.00822
Cache-Control: no-cache, max-age=1800
Content-Type: application/xml; charset=utf-8
Content-Length: 150
Set-Cookie: k=; path=/; expires=Mon, 09-Jul-12 20:39:13 GMT;
Set-Cookie: guest_id=v1%3A134126155337777055;; path=/; expires=Thu, 03-Jul-2014 08:39:13 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCOgea0k4AToHaWQiJTg5YWQ2M2I5ZWY4NTE2%250AZjNlNTc2ZDI2NTg5ZjUzZjJhIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA–0ff5a751cc4881995b178f46aed03e7ab1b14eeb;; path=/; HttpOnly
Expires: Mon, 02 Jul 2012 21:09:13 GMT
Vary: Accept-Encoding
Server: tfe


Hi @ruchinksinha,

At a cursory glance everything here looks close to correct but a few questions:

I don’t see a POST body included in this snippet – are you setting one, and if so, what are the values?

It’d be very useful to see a OAuth signature base string to compare the encoding of the status parameter that I assume you’re sending with the POST body – are you able to access that for comparison?

Have you tried a call to statuses/update using the same tokens but a different library or tool such as the OAuth tool on this site?



Hi Taylor,

Thanks for a quick response.
Yes I am setting the POST body in the HTTP Request Body and it is given below:

I have able to post Tweets using the Tools provided on Twitter like the one provided by apigee. Below is the request that I see from the apigee tool.

POST /1/statuses/update.xml?status=SiebelTweet1 HTTP/1.1
OAuth oauth_consumer_key=“1U0pI4MFrf5mWe4GWDVwdA”,oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1341260900”,oauth_nonce=“394354140”,oauth_version=“1.0”,oauth_token=“361729128-3S1FpI8U7BsUlHw8mR7rNHepyGRh3YHU2bRKeRhc”,oauth_signature="PzJbLkJqOSa%2FMmTeLyvfk0xRF5M%3D"

I have compared the same to my HTTP Request and I don’t see any issue. It will be really great if you can help me out with the debugging of this.

OAuth Signature BaseString is given below:




Your signature basestring doesn’t look to be percent-encoded – I would expect to see something closer to this:



Hi Taylor,

I have built the Header Authorization as given below:

var sTimestamp = timecode(); var sNonce = SiebelNonce(sTimestamp); var sSignMethod = "HMAC-SHA1"; var sAuthVersion = "1.0";

var sBaseParamString = “oauth_consumer_key=” + sConsumerKey + “&oauth_nonce=” + sNonce + “&oauth_signature_method=” + sSignMethod + “&oauth_timestamp=” + sTimestamp + “&oauth_token=” + oauth_token + “&oauth_version=” + sAuthVersion + “&status=TestSiebel”;

var sEncodedParamString = PercentEncodeString(sBaseParamString);

var sEncodedTargetString = PercentEncodeString(“”);

var oauth_signature = b64_hmac_sha1(PercentEncodeString(sConsumerSecret + “&” + oauth_token_secret), PercentEncodeString(“POST&” + sEncodedTargetString + “&” + sEncodedParamString));

var sAuthorizationHeader = “OAuth oauth_consumer_key=”"+sConsumerKey+"",oauth_signature_method=""+sSignMethod+"",oauth_timestamp=""+sTimestamp+"",oauth_nonce=""+sNonce+"",oauth_version=""+sAuthVersion+"",oauth_token=""+oauth_token+"",oauth_signature=""+sEncSignature+""";

where the sConsumerKey, sConsumerSecret, oauth_token_secret, oauth_token and oauth_signature are Percent Encoded.

The Encoded base string for signature is given below:


I am using the below function for PercentEncodeString.

function PercentEncodeString(InputString) { var sEncString = InputString; sEncString = sEncString.replace(/\#/g, "%23"); sEncString = sEncString.replace(/\$/g, "%24"); sEncString = sEncString.replace(/\%/g, "%25"); sEncString = sEncString.replace(/\&/g, "%26"); sEncString = sEncString.replace(/\@/g, "%40"); sEncString = sEncString.replace(/\//g, "%2F"); sEncString = sEncString.replace(/\^/g, "%5E"); sEncString = sEncString.replace(/\~/g, "%7E"); sEncString = sEncString.replace(/\{/g, "%7B"); sEncString = sEncString.replace(/\}/g, "%7D"); sEncString = sEncString.replace(/\[/g, "%5B"); sEncString = sEncString.replace(/\]/g, "%5D"); sEncString = sEncString.replace(/\=/g, "%3D"); sEncString = sEncString.replace(/\:/g, "%3A"); sEncString = sEncString.replace(/\,/g, "%2C"); sEncString = sEncString.replace(/\;/g, "%3B"); sEncString = sEncString.replace(/\?/g, "%3F"); sEncString = sEncString.replace(/\+/g, "%2B"); sEncString = sEncString.replace(/\\/g, "%5C"); sEncString = sEncString.replace(/\"/g, "%22"); sEncString = sEncString.replace(/\!/g, "%21"); sEncString = sEncString.replace(/\*/g, "%2A"); sEncString = sEncString.replace(/\'/g, "%27"); sEncString = sEncString.replace(/\(/g, "%28"); sEncString = sEncString.replace(/\)/g, "%29"); sEncString = sEncString.replace(/\ /g, "%20"); return sEncString; }

Final HTTP Call is as shown below:

HTTPRequestMethod = "POST"
HTTPRequestURLTemplate = ""
HDR.Authorization = sAuthorizationHeader
HTTPContentType = "application/x-www-form-urlencoded"
HTTPRequestBodyTemplate = “status=TestSiebel”

Below is the HTTP Request captured from the log files.

*** HTTP Transport Parameters:

Request URL =
Request Method = POST
Sending Request

*** HTTP request Headers for Data Send Request:
User-Agent: Mozilla/4.0
Accept: text/*
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_consumer_key=“BEYuQ4YmXpy5nwwVIxYwOg”,oauth_signature_method=“HMAC-SHA1”,oauth_timestamp=“1341410152”,oauth_nonce=“gmqK5x4HqTtciNOwqzmrvfPVZXCfcbuPLrIUQV9MWbAJegRNsmPuDuRgLmi9Fx2k1AB7uAJFSb2BpmiLMAisyXo2T963DJXqJD9p”,oauth_version=“1.0”,oauth_token=“361729128-RAeksAvpDa6ipd7WCRxSS5rKFnYzHHoeW2Ni2zqP”,oauth_signature=“RPcV2M3Eu72M3yzyeaa7NCynBj4”

*** HTTP response Headers from Data Send request:
HTTP/1.1 401 Unauthorized
Date: Wed, 04 Jul 2012 13:58:53 GMT
Status: 401 Unauthorized
WWW-Authenticate: OAuth realm=""
X-Runtime: 0.01033
Cache-Control: no-cache, max-age=1800
Content-Type: application/xml; charset=utf-8
Content-Length: 150
Set-Cookie: k=; path=/; expires=Wed, 11-Jul-12 13:58:53 GMT;
Set-Cookie: guest_id=v1%3A134141033394892564;; path=/; expires=Sat, 05-Jul-2014 01:58:53 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCAVVSVI4ASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTQx%250AOTg3ZWViNGVlMTY4ZGQ5OWExZDljMWE5YjRkYjcy–dbac981bce37c6a234f46610c4ea3e650371132b;; path=/; HttpOnly
Expires: Wed, 04 Jul 2012 14:28:53 GMT
Vary: Accept-Encoding
Server: tfe

Please help me understand the mistake that I am doing.



I know it’s an old post but same topic and since it appears unresolved I am having the same issue.

I am using tmhOAuth.

For signing in works perfect but when sending POST message to status update I get 401. Here is the call code and request array:

$postcode = $tmhOAuth->user_request(array(
‘method’ => ‘POST’,
‘url’ => $tmhOAuth->url(“1.1/statuses/update”),
‘params’ => array(
‘status’ => $twmessage

user_request is a method of tmhOAuth from tmhOAuth library here

[status] => )

[basestring_params] => oauth_consumer_key=XXXXXXXXXXXXXXXXXXXXXXX&oauth_nonce=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&oauth_signature_method=HMAC-SHA1&oauth_timestamp=XXXXXXXXXX&oauth_token=XXXXXXXXXXXXXXXXXXXXXXX&oauth_version=1.0&

[postfields] =>

[basestring] => POST&

[signing_key] => XXXXX…XXXXX


I am getting 401 Unauthorized while trying to post to twitter using windows 8 metro app.

OAuth oauth_consumer_key=“XTeBYxPpNHrwhckAgdSF1w”, oauth_nonce=“1139319711”, oauth_signature=“hxePYea2%2BIUa85U1p%2Fry20zpHi0%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1380823904”, oauth_token=“144096934-h4tCSOoTzAT9wR4Y0WiCE4UcjdEEta8IO5xgyg”, oauth_version=“1.0”


@episod Hi,
I have been facing the same issue as @ruchinksinha , and have followed the suggestions as mentioned above. But the error still persists. Is there any syntax that is incorrect/missing ?
Or is there an integration issue with Siebel?
Please help.