I can successfully get the request token and access token using the following two URLs.
/oauth/request_token
/oauth/access_token
But when I try to call verify_credentials, it responds with “Could not authenticate you”. I am using the following URL.
/1.1/account/verify_credentials.json
I use exactly the same function to create the signature string for verify_credentials as I use for request_token and access_token, so I doubt it could be my signature. I suspect the problem could be something to do with the fact that the first two calls are POST requests and the verify_credentials call is a GET request. Do I have to send any special headers for GET requests? The only header I am sending is the Authorization header. The verify_credentials request is not supposed to take any parameters.
Here is an example of my signed Authorization header:
Authorization: OAuth oauth_consumer_key=“CONSUMER_KEY”,
oauth_nonce=“7ObO54PTJ%2F%7BbaaErp3UJ%2AMGHHB_liujg”,
oauth_signature=“83%252BMpbWwHB1Bj1brUuwg1xqbFAE%253D”,
oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1417442885”,
oauth_token=“OAUTH_TOKEN_FOR_AUTHORIZED_ACCOUNT”,
oauth_version=“1.0”
Response headers:
HTTP/1.1 401 Authorization Required
content-length: 63
content-type: application/json;charset=utf-8
date: Mon, 01 Dec 2014 13:29:31 UTC
server: tsa_b
set-cookie: XXXXXXXXXXXXXX; Domain=.twitter.com; Path=/; Expires=Wed, 30-Nov-2016 13:29:31 UTC
strict-transport-security: max-age=631138519
x-connection-hash: d539667cd22a94515094ebd22b36eec5
Response body:
{“errors”:[{“message”:“Could not authenticate you”,“code”:32}]}
There only other possibility I can think of is that the signature creation process is different for request_token and access_token than it is for other calls, but I can’t find anything in the documentation about that. Also, the call to access_token returns the correct oauth_token, which is the one I see when I use the signature generator. (There is a link to the signature generator at https://dev.twitter.com/rest/reference/get/account/verify_credentials.) So I would assume that my signature creation process is correct or else I would not be able authorize successfully.
