Make sure you’re encoding your characters correctly. API v1.1 is stricter about OAuth 1.0A and HTTP alike. Commas are reserved characters that must first be encoded in a querystring or POST body and then must be encoded again in the signature base string.
