Status updates from our XAuth authorized app fail if a url is included in the update. Char limits are not exceeded


We have a few different apps that run on the Xbox console. Each of our apps has its own XAuth approval from you. The boiler plate code we use for the Twitter REST api is the same across all of our apps. In one app, status updates with a url work fine. In another app, we’ve just discovered that the same type of status update with a url does not work.

For example:

“hello world” returns with a 401 and an error message about the OAuth authentication.

“hello world” posts successfully.

This behavior is not consistent across our apps. The first app we received XAuth approval for (back in the Spring) works fine. Our latest app, which only recently was approved for XAuth, exhibits the problem described above.

Any thoughts?


Hi David,

xAuth won’t have anything to do with API calls you make after getting the access token. xAuth only has to do with obtaining access tokens.

Are you certain that the code and framework is the same between accounts/applications? Can you verify the full URL you’re executing and the POST body you’re sending when this goes wrong? Can you share the consumer key (not the secret) for one of the applications exhibiting this behavior?



Thanks for the reply Taylor. The behavior is more erratic than we first observed, as including url’s does appear to work. I am doing more investigation, but here are two examples - one update that did work, and one that did not.

Our consumer key for this product is: AKJT6hJYxttdXW9r8JBXA

This status update worked:

Content-type: application/x-www-form-urlencoded
Authorization: OAuth oauth_consumer_key=“AKJT6hJYxttdXW9r8JBXA”, oauth_nonce=“32ebda8766072b65e173”, oauth_signature=“HJ4KISooJr68A2Kzl80rgadYtC0%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1348162846”, oauth_token=“493579259-7VlJTEpuStGnOBoqg8Lyo0FRo42yEn1cmwDCsioC”, oauth_version=“1.0”

POST body:

This status update did not work:

Content-type: application/x-www-form-urlencoded
Authorization: OAuth oauth_consumer_key=“AKJT6hJYxttdXW9r8JBXA”, oauth_nonce=“e53aa7fc795ed22ff93a”, oauth_signature=“oyDOKK2zemnR6%2FvhqqMVZpYVRCg%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1348163401”, oauth_token=“493579259-7VlJTEpuStGnOBoqg8Lyo0FRo42yEn1cmwDCsioC”, oauth_version=“1.0”

POST body:


(I replaced the actual text with x’s)

The data we get back from the 401 response is:

“{”“error”":"“Could not authenticate with OAuth.”","“request”":""/1/statuses/update.json?include_entities=true""}"


Thanks for the additional details. It looks like you’re URL encoding a non-reserved characters in there, %21 (!) – I would look at your OAuth and HTTP-level code and make sure the encoding here is coming out right. I would recommend leaving %21 unencoded and otherwise verifying that anything in your POST body that has been URL escaped is also escaped properly (perhaps again) in your OAuth signature base string. Let me know if it doesn’t appear to be a character encoding issue.


Thanks Taylor! I’ll take a look at our url encoding.