Some more info here.
Here is my parameterString that I am signing (keys changed to hide them)
oauth_consumer_key=MY_CONSUMER_KEY&
oauth_nonce=mubpvjczks5ndmno992b3915bm4kni1b&
oauth_signature_method=HMAC-SHA1&
oauth_timestamp=1437338873&
oauth_token=TARGET_AUTH_TOKEN_FROM_OAUTH_SETUP&
oauth_version=1.0&
status=Here%20is%20a%20tweet%20from%20me%21
My signing key is:
MY_CONSUMER_SECRET & TARGET_OAUTH_TOKEN_SECRET
I then pass the following in the Authorization header:
OAuth oauth_consumer_key="MY_CONSUMER_KEY",
oauth_nonce="mubpvjczks5ndmno992b3915bm4kni1b",
oauth_signature="SIGNATURE_CREATED_ABOVE",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1437338873",
oauth_token="TARGET_OAUTH_TOKEN",
oauth_version="1.0"
I then call https://api.twitter.com/1.1/statuses/update.json
with the authorization header set to the above as a POST
What other info can I supply? I verified that the target URL above (by changing it to a URL of my own and dumping everything) is getting all of this correctly. Header correct, posted, no content. And then I get the unable to authorize error.
Again, the exact same encoding above (changing POST to GET and the URL of course) to get the user_timeline works perfectly well. I am simply changing the variables (well and removing the ‘status’ from the parameter string).
