The OAuth values should be in HTTP headers, not in the postData (body) - the only values that belong in the URL parameters from your post are include_entities, status and trim_user.
More generally, I’d strongly recommend using an API library that handles OAuth for you, as this can be complicated and confusing. What coding language are you targeting?
