Statuses update authentication failure


I am rolling my own coldfusion code for sending out a statuses update tweet (in order to understand everything better and not rely on a 3rd party package). I want to tweet from my website as another twitter user who has given me permission.

I got through all of the oauth steps in order to get my oauthtoken and oauthtokensecret for the user I want to twitter update as. I am able to do a statuses user_timeline api call with no problem for this user using the received tokens in my oauth header. I can also see when logged in as this user on twitter that he has approved my access.

However when I then try and use the same oauth header to send a tweet as this person I get a “could not authenticate you” error message. If I remove any reference to the “status” variable, it of course tells me I am missing a required parameter.

So somehow I am building my oauth header incorrectly for this OR making the call to twitter incorrectly. What parameters do I need exactly in the header that I then create my signature string from? After that, what parameters do I need to actually put in my header when I make the call (using the calculated signature string above in here)? And then how do I call the api with my POST or GET to make it happen?

Something in there is not working for the statuses update correctly. Perhaps even a dump showing me exactly what a valid request looks like getting to twitter (with keys obfuscated of course). I’m doing something wrong here and figured this should be the EASY step after going through all the oauth calls to get my oauth tokens to use!


Some more info here.

Here is my parameterString that I am signing (keys changed to hide them)


My signing key is:

I then pass the following in the Authorization header:

OAuth oauth_consumer_key="MY_CONSUMER_KEY",

I then call
with the authorization header set to the above as a POST

What other info can I supply? I verified that the target URL above (by changing it to a URL of my own and dumping everything) is getting all of this correctly. Header correct, posted, no content. And then I get the unable to authorize error.

Again, the exact same encoding above (changing POST to GET and the URL of course) to get the user_timeline works perfectly well. I am simply changing the variables (well and removing the ‘status’ from the parameter string).


And one last quick note, I also am able to get the proper result back from account verify_credentials using my consumer key, consumer secret, the returned oauth token and oauth token secret as well.

So the authorization is good here also! Gotta be something wrong I am doing in building these for the update status or the way I am posting it to twitter somehow still I’d say. I guess this really isn’t a CF question, but more a generic what do I put in to get update status to work. I can’t seem to find any example that isn’t a library or framework of some sort.


Great! Create those unique websites to tweet from, it’s nice to customize what you want … everyone tweets different!

Are any of the users on your system able to tweet? Your issue is not with the code but with your application permissions. Go to and click on the app that you’re using. Goto Permissions > Read and Write OR Permissions > Read, Write and Access direct messages. After this you will have to purge current tokens and generate new ones for the new permissions to take effect. The old ones will still work but will be on the old permissions.


My settings were set at Read and Write. I changed them to Read, Write and Access direct messages. I then regenerated all the tokens and my apps show that the person I am going to twitter as gave that permission. I still get the same error. So this isn’t the problem.

I still think I am missing something in the generation of the parameters or in the call to do the tweet update. Any examples of exactly what I need to build into the string I get the signature for, then the actual oath string I put in the header, and finally how I call the actual statuses update API method via a URL? I’ve got something wrong here that I can’t figure out.