update_with_media v1.1 Unauthorized(HTTP 401, Code 32)


I am currently trying to implement the update_with_media feature so a user can attach an image to a new tweet. Since my request takes its time, I guess that uploading the image itself is not the problem, but authenticating seems to be, here’s the JSON data I get back:

{"errors":[{"message":"Could not authenticate you","code":32}]

Since it works with various other requests(including 1.1/statuses/update), I suppose update_with_media is a little special here, and https://dev.twitter.com/discussions/1059 states the same. However, it also uses upload.twitter.com and not api.twitter.com as I do, and since https://dev.twitter.com/docs/api/1.1/post/statuses/update_with_media does not say anything about that, I’m not quite sure if theses differences still exist.

  1. Are there any differences in OAuth authrozation between update_with_media and all other api functions? If so, what’s different?
  2. Regarding my problem, is a wrong Authorization header the only thing which could cause such an error message or can there also be other problems(such as corrupt image data, …)?
  3. Or am I doing something else wrong and I’m just blind?

Hope you can enlighten me, thanks in advance.


Hi there,

Yes there is a difference when doing image uploads with OAuth. OAuth’s signing rules are made with URL-encoded POST bodies in mind. When you use multi-part POST as you must for image uploads, you need to do OAuth in a slightly different way. Not all OAuth libraries are savvy about this. Your error is likely due to failing OAuth.


Thank you, that makes it much more clear. However, I was not able to find out what the exact difference is. I guess I just have the wrong search terms here, but could you link me to some site explaining it?


I can just explain the difference very simply for you! :slight_smile:

Parameters being sent to the API that are not the oauth_* named parameters do not become part of the OAuth signature base string when the HTTP method being used is POST but the post body is not of the “Content-Type: x-www-form-urlencoded” variety.

Since you’re using multipart POST, you’re not sending a POST body with the Content-Type set as x-www-form-urlencoded and it’s therefore erroneous to include parameters like “status” or “media[]” in the OAuth signature base string.

Some implementations of OAuth do not account for this gotcha.


I’m currently implementing this and what you explained sounds actually rather easy(just don’t use the query parameters for signature calculation, only the oauth parameters). However when I try to make a request, I get the following response:
{“errors”:[{“message”:“Error creating status”,“code”:189}]}
and HTTP status code 403. This seeme weird because I can’t find code 189 in the api documentation and google only shows totally unrelated results. What does that message indicate? Did the authentication work?


This error can be kind of mysterious. It’s kind of like a HTTP 500, but arises because an underlying system rejected the request in some way… I’m pretty confident your OAuth is correct and you’ve passed beyond that hurdle.

It’s likely having to do something with the image data you’re providing. Maybe it’s not being understood as an image in some way? What kind of image are you sending?


Hah. Thinking about that now, it sounds rather stupid but I wanted to send raw(as in ‘not compressed in any way’) image data(because https://dev.twitter.com/docs/api/1.1/post/statuses/update_with_media mentions raw multipart data), and that was of course wrong. But it works now :slight_smile:
So, thanks for your great support, very much appreciated.


Hi @episode. I’m having the same issue here, and I have double checked that I am NOT including url parameters like status or media[] in the OAuth signature. I have verified that I am properly percent escaping my signature hash, but still running into this.

I had the multi-part upload code working for http://twipic.com, but something must be different in this case that I can’t figure out. Any ideas?


Doh! As soon as I post that, I found out where I was including them in the signature!


What was the problem exactly? How did you fix this?


I was sending uncompressed image data while the API wants you to send compressed image data(that’s why it makes sense that only certain file formats are allowed).
I’m now just sending png-compressed image data and it works.



I’m sending PNG compressed data, making sure that only oauth* parameters are included in the signature and using a multipart message but still fail this call with 401(error 32) while posting simple text works…

I’ll appreciate it if you could take a look at my Fiddler output here (minus the secret keys, of-course) and assist.


POST https://api.twitter.com/1.1/statuses/update_with_media.json HTTP/1.1 Authorization: OAuth oauth_consumer_key="...", oauth_nonce="698577894", oauth_signature="T42yUTyYU4to3d%2BZxSXryJOPbLc%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1373487889", oauth_token="...", oauth_version="1.0" Content-Type: multipart/form-data; boundary=---------------POQWEOEOEBOUNDARYPOQWEOEOE Host: api.twitter.com Content-Length: 8786 Connection: Keep-Alive

Content-Type: application/x-www-form-urlencoded
Content-Disposition: form-data; name=“status”

Working on Twitter library for Windows 8
Content-Disposition: form-data; name=“media[]”; filename="logo.png"
Content-Type: application/octet-stream



Anyone please?


@episod I really need your help here please…

I will appreciate it if you could try and make something out of the above.

Thank you,


@baedert Thanks so much! I was working on this for a day and a half, looking through my POST requests, OAuth signing e.t.c. and very nearly pulling out my hair before I saw this post. They really should update the documentation for upload_with_media to sort out the ambiguity with the statement ‘raw multipart data’ to prevent a lot more devs going down the wrong way


Getting same error for status update with media api, please anyone could update the sample code for building auth_signature.


Sorry to reply to old posts, but I’m also getting the same error. I’m pretty sure my authorisation part is all correct, and I can post a standard tweet no problem. However whenever I try to send an image, I get the “Error creating status”,“code”:189 error message.
I’ve tried sending jpg and png, and I’m using a Lua multipart form library that has been used for other things in the past.
Did you ever solve this problem?