Are you using an OAuth 1.0A library or are you using application-only auth to connect? It sounds like you’re using OAuth 1.0A, which has some special rules about the ordering of parameters when constructing the signature for a request. Are you adding your parameters early enough in your code that whatever OAuth library you’re using understands that they’re there?
