Using Reverse Auth


My app with id 2999109 was recently authorized to use Reverse Auth by the API Policy team. I’ve tried posting to the endpoint

This is my signature base string, with the consumer key removed: POST&

Which is converted into the following OAuth authorization header:
OAuth oauth_timestamp=“1346353204”, oauth_version=“1.0”, oauth_consumer_key=“PERCENT_ENCODED_CONSUMER_KEY”, oauth_signature=“8valMeh0ZV1twGC%2Bq8uHrvTqUSE%3D”, x_auth_mode=“reverse_auth”, oauth_nonce=“75AEC3ED-BC6C-40E7-957C-E9C603129A1B”, oauth_signature_method=“HMAC-SHA1”

The response string is “Failed to validate oauth signature and token”, so it doesn’t appear to be a problem related to my app not belong allowed to use Reverse Auth.

My signature base string matches the Using Reverse Auth example string very closely:

From the docs: POST&

My own:


One thing I’d like to note is that if I do not include the x_auth_mode=reverse_auth parameter, I can obtain a oauth token & secret, although those I cannot use to authenticate as the user (invalid credentials).

Note: the app in question resides under my employer’s Twitter account.