Troubleshooting OAuth 1.0A

@episod Taylor Singletary

I've been helping developers understand OAuth 1.0a for a number of years and have come away with a few tips that I hope will help you while debugging OAuth issues.

Make liberal use of the OAuth Tool linked to from each piece of REST API documentation and from your application record on this site. The OAuth Tool allows you create ideal OAuth signature base strings, executable curl commands, and a level of verbosity to the entire process that will help you to identify problems in your own code or environment.
Use header-based OAuth whenever possible. It separates concerns and brings clarity to the spec -- oauth_* aren't placed in the POST body or querystring, which often alleviates common encoding issues.
Know how to access the signature base string in the OAuth library you are using. Many libraries make this intermediate signing step difficult to access or locked within private methods. Most issues with OAuth signing can be tracked back to an invalidly formatted signature base string.
If you're using header-based OAuth, make sure that your HTTP Authorization header is being properly setup and formatted. This will be language-specific. Also make sure that you aren't repeating any of the oauth_* parameters in the POST body or URL of your actual executed request. Only parameters that don't begin with oauth_* should appear in the POST body or query string. (In other words, don't present double authentication)
Make sure that your HTTP verbs are in agreement
- If you're sending a POST, make sure your HTTP client is actually sending a POST and that your OAuth signature base string's method component matched
Check you are using the right HTTP request method. Most methods on the Twitter API require a POST or GET request.
Ensure that your system's timestamp is in sync with Twitter's. We return the current time in the "Date" HTTP header with every request. If your request fails due to a timestamp mismatch, use this time to determine the delta between the system clock and our server clock and adjust your oauth_timestamps for subsequent requests accordingly.
Use a well-supported OAuth library. The various encoding steps of the protocol are difficult to get right -- your programming language's URL encoding methods, for example, may not be of the adequate flavor that OAuth 1.0A is expecting.
Try alternate tools. When you run into issues with OAuth, try to replicate the request in another library or tool. Compare and contrast the differences between a successful request and a failed request. The OAuth Tool on this site is particularly helpful for this.
Learn how to override the oauth_timestamp and oauth_nonce values in your OAuth library. Use this capability to replay signature generation scenarios for comparative analysis.
Use auth on all REST API methods that support it. All Twitter REST API methods (except Search) support authentication and using auth means the requests are evaluated within the context of your current user.
If you think you're not being rate limited in the proper context (150 requests per hour instead of 300), check for an X-Warning HTTP header in the response to your request. Some API methods that can be satisfied in a unauthenticated context will be served as such despite invalid authorization credentials and the X-Warning HTTP header will indicate whether an invalid signature was detected.
Don't include oauth_* parameters not pertinent to the request. oauth_callback should only be sent to the request_token method, for example.
Use valid endpoints. REST API requires api.twitter.com as the subdomain, and /1/ preceding the path to indicate the version. api.twitter.com/1/statuses/home_timeline.json not twitter.com/statuses/home_timeline.json
Associate access token credentials with user ids, not screen names.
oauth_token and oauth_token_secret strings change when a user's access moves between permission levels, or if a user denies your application access and then re-grants it access. Never assume that the strings will remain constants.

Many find these documents especially useful while learning OAuth.

Moving from Basic Auth to OAuth - Explores the differences between Basic Auth and OAuth with newcomers in mind.
Authentication & Authorization - Twitter offers a few flavors of OAuth and this helps you choose the right path for your application
node/115 - A more in depth look at the OAuth 1.0A protocol

What tips do you have for developers running into issues with OAuth?

1 year 44 weeks ago

Replies

@tlikarish tlikarish

I found the 'Using OAuth 1.0a' [1] very useful for getting my OAuth client correct. Thank you! I did notice an error in the documentation.

In the "Making a resource request on a user's behalf", the signature is incorrect.

Currently the signature is
yOahq5m0YjDDjfjxHaXEsW9D+X0=

but the correct value is actually
LFcYchQEwoMiyBs/x7jO+69CxKo=

That could trip up folks. Thanks again.

[1] https://dev.twitter.com/docs/auth/oauth

1 year 36 weeks ago

@tmnt9001 João Portela

I believe the signature is correct. On my machine I did

printf '%s' "POST&http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fupdate.json&oauth_consumer_key%3DGDdmIQH6jhtmLUypg82g%26oauth_nonce%3DoElnnMTQIZvqvlfXM56aBLAf5noGD0AQR3Fmi7Q6Y%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1272325550%26oauth_token%3D819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw%26oauth_version%3D1.0%26status%3Dsetting%2520up%2520my%2520twitter%2520%25E7%25A7%2581%25E3%2581%25AE%25E3%2581%2595%25E3%2581%2588%25E3%2581%259A%25E3%2582%258A%25E3%2582%2592%25E8%25A8%25AD%25E5%25AE%259A%25E3%2581%2599%25E3%2582%258B" | openssl dgst -sha1 -hmac "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98&J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA" -binary | openssl base64

and got yOahq5m0YjDDjfjxHaXEsW9D+X0= as expected.

Hope this helps.

1 year 36 weeks ago

@sudhir3445 sudhir pingale

I have my application with correct consumer key and secret but still showing me exception as..

09-22 20:15:09.112: ERROR/in Main.OAuthLogin(509): 401:Authentication credentials (https://dev.twitter.com/docs/auth) were missing or incorrect. Ensure that you have set valid conumer key/secret, access token/secret, and the system clock in in sync.
09-22 20:15:09.112: ERROR/in Main.OAuthLogin(509): <?xml version="1.0" encoding="UTF-8"?>
09-22 20:15:09.112: ERROR/in Main.OAuthLogin(509):
09-22 20:15:09.112: ERROR/in Main.OAuthLogin(509): Desktop applications only support the oauth_callback value 'oob'
09-22 20:15:09.112: ERROR/in Main.OAuthLogin(509): /oauth/request_token
09-22 20:15:09.112: ERROR/in Main.OAuthLogin(509):

the code snippet is as follow..

void OAuthLogin() {
try {
twitter = new TwitterFactory().getInstance();
twitter.setOAuthConsumer(consumerKey, consumerSecret);
requestToken = twitter.getOAuthRequestToken(CALLBACKURL);
String authUrl = requestToken.getAuthenticationURL();
this.startActivity(new Intent(Intent.ACTION_VIEW, Uri
.parse(authUrl)));
} catch (TwitterException ex) {
Toast.makeText(this, ex.getMessage(), Toast.LENGTH_LONG).show();
Log.e("in Main.OAuthLogin", ex.getMessage());
}
}

please help me.

1 year 33 weeks ago

@yusukey Yusuke Yamamoto

Hi,

It's because your app is registered as a desktop client.
To overwrite callback URL, your app need to be registered as a browser client.

Try configuring a dummy callback URL (http://example.com/ or whatever you want) at
https://dev.twitter.com/apps/[appid]/settings > Callback URL
and your app will be recognized as a browser client.

Best,

1 year 33 weeks ago

@DeepikaLalra Deepika Lalra

Yes It worked for me.

Thanks

40 weeks 1 day ago

@n1colius Nikolius

hi..i also have the same problem..
i too already insert the correct consumerKey and consumerSecret
i also filled the callback URL with dummy url but just could not get it work

here is my code

<?php
/*
author : n1colius (nikolius@gamatechno.com)
web : www.nikolius-luiso.web.id
*/
require("twitteroauth/twitteroauth.php");
session_start();

// The TwitterOAuth instance
$twitteroauth = new TwitterOAuth('JU7odvwZ08KqJIcXXXXX', 'vaZjICA9h1L7CvWkK7G8XXXXXX');
// Requesting authentication tokens, the parameter is the URL we will be redirected to
$request_token = $twitteroauth->getRequestToken('http://twit.nikolius-luiso.web.id/twitter_oauth.php');

// Saving them into the session
$_SESSION['oauth_token'] = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];

// If everything goes well..
if($twitteroauth->http_code==200){
// Let's generate the URL and redirect
$url = $twitteroauth->getAuthorizeURL($request_token['oauth_token']);
header('Location: '. $url);
} else {
// It's a bad idea to kill the script, but we've got to know when there's an error.
die('Something wrong happened.');
}

the $twitteroauth->http_code just keep returning '401' value not '200'
anyone have a solution?

1 year 31 weeks ago

@ChumaAgogbua Chuma Agogbua

Hi - I will like to say thank you a lot for the post. It was very helpful. After reading thoroughly the links you provided I finally realized the mistake I have been struggling with for 3 days now. Everything worked fine, except I need to single encode the request postBody and double encode the postBody within my base string. So now finally my signature is correct.

1 year 15 weeks ago

@jorge_toriz Jorge Toriz

Weird problem, when I try to twitt some message with spaces, a 401 error raises, but if I twitt only letters (without spaces) the post success.

We are using the .NET function Uri.EscapeDataString(messageToPost)

1 year 15 weeks ago

@VinceJohnson4 Vince Johnson

Please verify whether the device DATE and TIME are up to date. If not, then it might cause problems with the access token.

1 year 13 weeks ago

@dskanth Sasi kanth Dhulipala

I keep getting the "Something wrong happened" message, when i login with Twitter. This is because the time on server, where my application is running has a past time. (approx. 1 hour less than the usual timezone time).
Is there a way to overcome this issue? I don't have privileges to change time on server.

10 weeks 1 day ago

@jojomooo Jo Blow

I have an app, it works with my account, but i register it with anouther user it gives a 401. with the other user it will read but not write, yet it is registered as read write.
The account that does not work is this one, JoJoMooo
Any ideas?

1 year 10 weeks ago

@jojomooo Jo Blow

OK sorted, i began to think it must be something simple, I had set to read write, but did not recrearte token, Now i am getting a 403 error

1 year 10 weeks ago

@fragmagnet chad royal

I have an iOS app (with a couple of well-established libraries) that fails a call to request_token - and have been chasing this for days. Always a "401 Unauthorized" error. I also tried to create a new twitter app, use the OAuth Tool with it, and test the curl example from the tool. That fails. So the tool isn't much help if its own output fails.

1 year 9 weeks ago

@constexpr Bad Design

I encounter the same problems as you. I can't use the OAuth tool for getting a Request Token, by calling the URL specified at https://dev.twitter.com/docs/api/1/post/oauth/request_token.

I'm also trying to build my own Twitter API in C++ and I get the following error "Failed to validate oauth signature and token" when I try to make an HTTP GET request with the oauth_* parameters in the query string to https://api.twitter.com/oauth/request_token.

Here is my base signature string:

GET&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fwww.google.com%26oauth_consumer_key%3DB4TLzqGFHCMyHcBEsQnhQ%26oauth_nonce%3D134563948633%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1345639486%26oauth_version%3D1.0

And I make a GET request to the following URL after the oauth_signature is generated:

https://api.twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Fwww.google.com&oauth_consumer_key=B4TLzqGFHCMyHcBEsQnhQ&oauth_nonce=134563948633&oauth_signature=vhczF1AhtAphlAzw333kQiJquAE%253D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1345639486&oauth_version=1.0

After following some of the troubleshooting tips at the top of this page and debugging my oauth_* params value generation code I can't find where the problem is I still get "Failed to validate oauth signature and token" and "401 Unauthorized" HTTP response code. and reason phrase.

Have you found a solution for making HTTP requests from the OAuth tool to the URL https://api.twitter.com/oauth/request_token that return "200 OK" and a valid request token?

37 weeks 3 days ago

@episod Taylor Singletary

The OAuth tool isn't capable of generating sample requests to oauth/request_token as the OAuth tool is for accessing API resource methods while utilizing a user context. oauth/request_token has no user context and you can't include an oauth_token as part of the request.

I encourage you to utilize Authorization-header based OAuth instead of querystring; querystring can complicate your encoding quite a bit.

By passing a URL-escaped URL on the query string, you are required to escape the value again in the signature basestring. (As above, so below).

37 weeks 3 days ago

@constexpr Bad Design

My issue was as follows:

I've done an base64 encoding to the strDigest received from the HMAC-SHA1 algorithm, as described by section 3.4.2 of RFC 5849, https://tools.ietf.org/html/rfc5849#section-3.4.2:

string base64Str = base64_encode(strDigest);

But I also did an URL encoding to the base64Str by mistake, which was the second problem. This is what I did wrong, i.e.URL encoded the base64 string:

```
oAuthSignature = UrlEncode(base64Str);
```

Removing the line above and replacing it with "OAuthSignature = base64Str;" solved my problem with doing an HTTP GET request by passing the oauth_* parameters by query string.

For now I can't use:
1) The HTTP "Authorization" header field
nor
2) The HTTP request entity-body
Because my HTTP client doesn't allow me to provide headers for the HTTP request, I can only see the HTTP response headers.

I hope the less preferred method - the HTTP request URI query - will work for my use cases, at least for the moment.

Thanks for the help.

30 weeks 6 days ago

@IngJuanRojas Ing. Juan J. Rojas R

Please!!! Help me!!! I have that error:

Undefined index: oauth_token
Error Type: E_NOTICE

Rendered Page: Click here to view contents able to be rendered

Source File: C:\wamp\www\Venetuits\www\twitteroauth\twitteroauth.php Line: 82

Line 77: if (!empty($oauth_callback)) {
Line 78: $parameters['oauth_callback'] = $oauth_callback;
Line 79: }
Line 80: $request = $this->oAuthRequest($this->requestTokenURL(), 'POST', $parameters);
Line 81: $token = OAuthUtil::parse_parameters($request);
Line 82: $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
Line 83: return $token;
Line 84: }
Line 85:
Line 86: /**
Line 87: * Get the authorize URL

Please!!! really!! I'm Venezuelan! and i want create an app for twitter!

Sorry i dont speak english very much!!! i try!!!

Please Again!!!

1 year 9 weeks ago

@kirtipatel4 Kirti Patel

Please help!
I'm a newbie at this and this might seem like a silly question but how can I check the X-Warning HTTP header in the response to my request?

Thanks in advance!

1 year 7 weeks ago

@episod Taylor Singletary

It varies language-to-language and framework-to-framework. Most languages allow you to get at a response object representing the response -- that response object would include a hash of the HTTP headers sent back to you.

1 year 7 weeks ago

@ProfileGroupDev ProfileGroupDev

I'm struggling with OAuth. Anyone knows why it could work for UPDATE (to create tweets), but not for USER_TIMELINE. Returns 401 : Unathorized

I've used a C# code sample (http://www.codeproject.com/Articles/247336/Twitter-OAuth-authentication-using-Net) to post a tweet to my account using OAuth authentication AND IT WORKED.
Then I tried to reuse code to get user timeline and it keeps returning 401 error.
I've used your OAuth tool to compare signature created in my code and it was matched when I used same timestamp. Also, I don't have any X-Warning headers in my response.

I don't see anything wrong in my code, which makes me wonder if it's a problem in API?
Could you please have a look and let me know what's the problem.

Below is a final code for fetching timeline:

```
var oauth_token = "XXX";
```
```
var oauth_token_secret = "XXX";
```
```
var oauth_consumer_key = "XXX";
```
```
var oauth_consumer_secret = "XXX";
```
```
 
```
```
// oauth implementation details
```
```
var oauth_version = "1.0";
```

var oauth_signature_method = "HMAC-SHA1";

```
 
```
```
// unique request details
```

var oauth_nonce = Convert.ToBase64String(

new ASCIIEncoding().GetBytes(DateTime.Now.Ticks.ToString()));

```
var timeSpan = DateTime.UtcNow
```

- new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);

var oauth_timestamp = Convert.ToInt64(timeSpan.TotalSeconds).ToString();

```
 
```
```
// message api details
```

//var status = "Updating status via REST API if this works. " + oauth_timestamp;

//var resource_url = "http://api.twitter.com/1/statuses/update.json";

```
 
```
```
var screenName = "ProfileGroupDev";
```

var resource_url = "http://api.twitter.com/1/statuses/user_timeline.xml";

```
 
```
```
// create oauth signature
```

var baseFormat = "oauth_consumer_key={0}&oauth_nonce={1}&oauth_signature_method={2}" +

"&oauth_timestamp={3}&oauth_token={4}&oauth_version={5}&screen_name={6}";

```
 
```

var baseString = string.Format(baseFormat,

```
oauth_consumer_key,
```
```
oauth_nonce,
```
```
oauth_signature_method,
```
```
oauth_timestamp,
```
```
oauth_token,
```
```
oauth_version,
```
```
Uri.EscapeDataString(screenName)
```
```
);
```
```
 
```

baseString = string.Concat("GET&", Uri.EscapeDataString(resource_url), "&", Uri.EscapeDataString(baseString));

```
 
```

var compositeKey = string.Concat(Uri.EscapeDataString(oauth_consumer_secret),

"&", Uri.EscapeDataString(oauth_token_secret));

```
 
```
```
string oauth_signature;
```

using (HMACSHA1 hasher = new HMACSHA1(ASCIIEncoding.ASCII.GetBytes(compositeKey)))

```
{
```

oauth_signature = Convert.ToBase64String(

hasher.ComputeHash(ASCIIEncoding.ASCII.GetBytes(baseString)));

```
}
```
```
 
```
```
// create the request header
```

var headerFormat = "OAuth oauth_consumer_key=\"{0}\", oauth_nonce=\"{1}\", oauth_signature=\"{2}\"," +

" oauth_signature_method=\"{3}\", oauth_timestamp=\"{4}\", oauth_token=\"{5}\", oauth_version=\"{6}\"";

```
 
```

var authHeader = string.Format(headerFormat,

Uri.EscapeDataString(oauth_consumer_key),

```
Uri.EscapeDataString(oauth_nonce),
```
```
Uri.EscapeDataString(oauth_signature),
```

Uri.EscapeDataString(oauth_signature_method),

```
Uri.EscapeDataString(oauth_timestamp),
```
```
Uri.EscapeDataString(oauth_token),
```
```
Uri.EscapeDataString(oauth_version)
```
```
);
```
```
 
```

ServicePointManager.Expect100Continue = false;

```
 
```

HttpWebRequest request = (HttpWebRequest)WebRequest.Create(resource_url);

request.Headers.Add("Authorization", authHeader);

```
request.Method = "GET";
```

request.ContentType = "application/x-www-form-urlencoded";

WebResponse response = request.GetResponse();

1 year 1 week ago

@episod Taylor Singletary

Have you considered using an OAuth library instead of trying to roll this yourself? OAuth can get pretty complicated, and an implementation like this can be a bit fragile. When you're building your signature base string, you need to URL encode the parameters and values separately while building the basestring, not all at the same time -- when you used the OAuth tool, were you able to compare the basestring you got from that tool with the basestring you're generating with this code?

1 year 1 week ago

@MalibuMarathon Malibu Int' Marathon

@episod, can you please clarify the method of "URL encode the parameters and values separately while building the basestring".

Do you mean to Uri.EscapeDataString("key=value&") and concatenate
or Uri.EscapeDataString("key=value") + "&" and concatenate?

Thank you.

3 weeks 14 hours ago

@rivan_ipai Rivan Perdana Putra

please help me.. i think my application not false but if i run my application there is an error message containing "couldn't find OAuth token from response" ..
my application is Mobile Twitter Client using J2ME-Based..

my code is

```
package com.sourcecode.twitter;
```
```
 
```
```
import com.sourcecode.utils.Base64;
```
```
import com.sourcecode.utils.HttpUtil;
```

import com.sourcecode.utils.ResultParser;

```
import com.sourcecode.utils.StringUtil;
```

import java.io.UnsupportedEncodingException;

```
import java.util.Date;
```
```
import java.util.Enumeration;
```
```
import java.util.Random;
```
```
import java.util.Vector;
```

import org.bouncycastle.crypto.digests.SHA1Digest;

import org.bouncycastle.crypto.macs.HMac;

import org.bouncycastle.crypto.params.KeyParameter;

```
/**
```
```
 
```
```
 * @author rivan
```
```
 */
```
```
public class XAuth {
```
```
 
```
```
    private String xauthUsername;
```
```
    private String xauthPassword;
```
```
    private String token;
```
```
    private String tokenSecret;
```
```
    private String verifier;
```
```
 
```

    private static final String OAuthVersion = "1.0";

    private static final String OAuthParameterPrefix = "oauth_";

```
 
```

    private static final String OAuthConsumerKeyKey = "oauth_consumer_key";

    private static final String OAuthCallbackKey = "oauth_callback";

    private static final String OAuthVersionKey = "oauth_version";

    private static final String OAuthSignatureMethodKey = "oauth_signature_method";

    private static final String OAuthSignatureKey = "oauth_signature";

    private static final String OAuthTimestampKey = "oauth_timestamp";

    private static final String OAuthNonceKey = "oauth_nonce";

    private static final String OAuthTokenKey = "oauth_token";

    private static final String OAuthTokenSecretKey = "oauth_token_secret";

    private static final String OAuthVerifier = "oauth_verifier";

    private static final String XAuthUsername = "x_auth_username";

    private static final String XAuthPassword = "x_auth_password";

    private static final String XAuthMode = "x_auth_mode";

```
 
```

    private static final String OAUTH_CONSUMER_TOKEN = "xxxxxxxxx";

    private static final String OAUTH_CONSUMER_SECRET = "xxxxxxxxxxxxxxx";

```
 
```

    private static final String HMACSHA1SignatureType = "HMAC-SHA1";

```
 
```
```
    private String normalizedUrl = "";
```

    private String normalizedRequestParameters = "";

```
 
```

    public XAuth(String username, String password) {

```
        this.xauthUsername = username;
```
```
        this.xauthPassword = password;
```
```
    }
```
```
 
```

    public void setTokenAndSecret(String token, String secret) {

```
        this.token = token;
```
```
        this.tokenSecret = secret;
```
```
    }
```
```
 
```
```
    public String xAuthWebRequest(
```
```
            boolean isPost,
```
```
            String url,
```

            QueryParameter[] parameters,

            ResultParser parser) throws Exception {

```
        String outUrl = "";
```
```
        String querystring = "";
```
```
        String ret = "";
```
```
        String postData = "";
```
```
        String method = "GET";
```
```
 
```
```
        //Setup postData for signing.
```

        //Add the postData to the querystring.

```
        if (isPost)
```
```
        {
```
```
            method = "POST";
```

            if (parameters!=null && parameters.length > 0)

```
            {
```

                //Decode the parameters and re-encode using the oAuth UrlEncode method.

                for(int i=0; i<parameters.length; i++) {

                    QueryParameter q = parameters[i];

                    if(postData.length()>0) {

                        postData += "&";

```
                    }
```

                    postData += q.getName() + "=" + encode(q.getValue());

```
                }
```

                if (url.indexOf("?") > 0)

```
                {
```
```
                    url += "&";
```
```
                }
```
```
                else
```
```
                {
```
```
                    url += "?";
```
```
                }
```
```
                url += postData;
```
```
            }
```
```
        }
```

        String nonce = this.generateNonce();

        String timeStamp = this.generateTimeStamp();

```
 
```
```
        //Generate Signature
```

        String sig = this.generateSignature(

```
            url,
```
```
            OAUTH_CONSUMER_TOKEN,
```
```
            OAUTH_CONSUMER_SECRET,
```
```
            this.token,
```
```
            this.tokenSecret,
```
```
            this.verifier,
```
```
            this.xauthUsername,
```
```
            this.xauthPassword,
```
```
            method,
```
```
            timeStamp,
```
```
            nonce);
```
```
 
```
```
        outUrl = normalizedUrl;
```

        querystring = normalizedRequestParameters;

```
 
```

        System.out.println("Signature: " + sig);

```
 
```
```
        if(querystring.length()>0) {
```
```
            querystring += "&";
```
```
        }
```

        querystring += "oauth_signature=" + encode(sig);

```
 
```

        //Convert the querystring to postData

```
        /if (isPost)
```
```
        {
```
```
            postData = querystring;
```
```
            querystring = "";
```
```
        }/
```
```
        if (querystring.length() > 0)
```
```
        {
```
```
            outUrl += "?";
```
```
        }
```
```
 
```

        ret = webRequest(method, outUrl +  querystring, postData, parser);

```
 
```
```
        return ret;
```
```
    }
```
```
 
```
```
    private String webRequest(
```
```
            String method,
```
```
            String url,
```
```
            String postData,
```

            ResultParser parser) throws Exception {

```
        String result = "";
```

        System.out.println("web request URL: " + url);

```
        if (method.equals("POST")) {
```
```
            if(parser!=null) {
```

                result = HttpUtil.doPost(url,parser);

```
            } else {
```

                result = HttpUtil.doPost(url);

```
            }
```
```
        } else {
```
```
            if(parser!=null) {
```

                result = HttpUtil.doGet(url,parser);

```
            } else {
```

                result = HttpUtil.doGet(url);

```
            }
```
```
        }
```
```
        return result;
```
```
    }
```
```
 
```

    private Vector getQueryParameters(String url)

```
    {
```

        int questionMarkIndex = url.indexOf("?");

```
        if(questionMarkIndex<0) {
```
```
            return new Vector();
```
```
        }
```
```
 
```

        String parameters = url.substring(questionMarkIndex+1);

```
        Vector params = new Vector();
```

        String[] para = StringUtil.split(parameters, "&");

        for(int i=0; i<para.length; i++) {

            if(para[i].startsWith(OAuthParameterPrefix)==false) {

                String[] nameValue = StringUtil.split(para[i], "=");

                QueryParameter q = new QueryParameter(nameValue[0], nameValue[1]);

```
                params.addElement(q);
```
```
            }
```
```
        }
```
```
        return params;
```
```
    }
```
```
 
```

    public String generateSignatureBase(

```
            String url,
```
```
            String consumerKey,
```
```
            String token,
```
```
            String tokenSecret,
```
```
            String verifier,
```
```
            String xAuthUsername,
```
```
            String xAuthPassword,
```
```
            String httpMethod,
```
```
            String timeStamp,
```
```
            String nonce,
```
```
            String signatureType) {
```
```
        if (token == null)
```
```
        {
```
```
            token = "";
```
```
        }
```
```
 
```
```
        if (tokenSecret == null)
```
```
        {
```
```
            tokenSecret = "";
```
```
        }
```
```
 
```
```
        //normalizedUrl = null;
```

        //normalizedRequestParameters = null;

```
 
```

        Vector parameters = getQueryParameters(url);

        parameters.addElement(new QueryParameter(OAuthVersionKey, OAuthVersion));

        parameters.addElement(new QueryParameter(OAuthNonceKey, nonce));

        parameters.addElement(new QueryParameter(OAuthTimestampKey, timeStamp));

        parameters.addElement(new QueryParameter(OAuthSignatureMethodKey, signatureType));

        parameters.addElement(new QueryParameter(OAuthConsumerKeyKey, consumerKey));

```
 
```

        if (token!=null && token.length()!=0)

```
        {
```

            parameters.addElement(new QueryParameter(OAuthTokenKey, token));

```
        } else {
```

            if ( xAuthUsername!=null && xAuthUsername.length()!=0)

```
            {
```

                parameters.addElement(new QueryParameter(XAuthUsername, xAuthUsername));

```
            }
```
```
 
```

            if ( xAuthPassword!=null && xAuthPassword.length()!=0)

```
            {
```

                parameters.addElement(new QueryParameter(XAuthPassword, xAuthPassword));

                parameters.addElement(new QueryParameter(XAuthMode, "client_auth"));

```
            }
```
```
        }
```
```
 
```

        if (verifier!=null && verifier.length()!=0)

```
        {
```

            parameters.addElement(new QueryParameter(OAuthVerifier, verifier));

```
        }
```
```
 
```
```
        sortParameters( parameters );
```
```
 
```

        normalizedUrl = getSchemeAndHost(url);

        normalizedUrl += getAbsolutePath(url);

        System.out.println("Normalized url: " + normalizedUrl);

        normalizedRequestParameters = normalizeRequestParameters(parameters);

        System.out.println("Normalized params: " + normalizedRequestParameters);

```
 
```

        StringBuffer signatureBase = new StringBuffer();

        signatureBase.append(httpMethod + "&");

        signatureBase.append(encode(normalizedUrl) + "&");

        signatureBase.append(encode(normalizedRequestParameters));

```
 
```

        String sigBase = signatureBase.toString();

        System.out.println("Signature base: " + sigBase);

```
        return sigBase;
```
```
    }
```
```
 
```

    private static String getSchemeAndHost(String url) {

        int startIndex = url.indexOf("//")+2;

        int endIndex = url.indexOf("/", startIndex);

        return url.substring(0,endIndex);

```
    }
```
```
 
```

    private static String getAbsolutePath(String url) {

        int startIndex = url.indexOf("//")+2;

        int endIndex = url.indexOf("/", startIndex);

        int questionMark = url.indexOf("?");

```
        if(questionMark>0) {
```

            return url.substring(endIndex, questionMark);

```
        } else {
```

            return url.substring(endIndex);

```
        }
```
```
    }
```
```
 
```

    private static void sortParameters(Vector items) {

```
        boolean unsorted = true;
```

        System.out.println("Mengurutkan...");

```
        while(unsorted) {
```
```
            unsorted = false;
```

            for(int i=items.size()-1; i>0; i--) {

                System.out.println("Membandingkan...");

                QueryParameter item1 = (QueryParameter)items.elementAt(i);

                QueryParameter item2 = (QueryParameter)items.elementAt(i-1);

                if(item1.getName().compareTo(item2.getName())<0) {

                    System.out.println("Mengganti...");

                    items.setElementAt(item1, i-1);

                    items.setElementAt(item2, i);

```
                    unsorted = true;
```
```
                }
```
```
            }
```
```
        }
```
```
    }
```
```
 
```
```
    private String generateSignature(
```
```
            String url,
```
```
            String consumerKey,
```
```
            String consumerSecret,
```
```
            String token,
```
```
            String tokenSecret,
```
```
            String verifier,
```
```
            String xAuthUsername,
```
```
            String xAuthPassword,
```
```
            String httpMethod,
```
```
            String timeStamp,
```
```
            String nonce) {
```

        String signatureBase = generateSignatureBase(

```
                url,
```
```
                consumerKey,
```
```
                token,
```
```
                tokenSecret,
```
```
                verifier,
```
```
                xAuthUsername,
```
```
                xAuthPassword,
```
```
                httpMethod,
```
```
                timeStamp,
```
```
                nonce,
```
```
                HMACSHA1SignatureType);
```
```
 
```
```
        String tokenSec = "";
```
```
        if(tokenSecret!=null) {
```
```
            tokenSec = tokenSecret;
```
```
        }
```

        String key = encode(consumerSecret) + "&" + encode(tokenSec);

        return getSignature(signatureBase, key);

```
    }
```
```
 
```

    public String getSignature(String message, String key)  {

```
        try {
```

            HMac m=new HMac(new SHA1Digest());

            m.init(new KeyParameter(key.getBytes("UTF-8")));

            byte[] bytes=message.getBytes("UTF-8");

            m.update(bytes, 0, bytes.length);

            byte[] mac = new byte[m.getMacSize()];

```
            m.doFinal(mac, 0);
```

            String signature = new Base64().encode(mac);

```
            return signature;
```
```
        }
```

        catch (UnsupportedEncodingException ex) {

```
            ex.printStackTrace();
```
```
        }
```
```
        return null;
```
```
    }
```
```
 
```

    protected String normalizeRequestParameters(Vector parameters)

```
    {
```

        StringBuffer sb = new StringBuffer();

```
        QueryParameter p = null;
```

        Enumeration en = parameters.elements();

```
        while(en.hasMoreElements()) {
```

            p = (QueryParameter)en.nextElement();

            sb.append(p.getName()).append("=").append(p.getValue());

```
            if (en.hasMoreElements())
```
```
            {
```
```
                sb.append("&");
```
```
            }
```
```
        }
```
```
        return sb.toString();
```
```
    }
```
```
 
```
```
    public String generateTimeStamp() {
```
```
        Date d = new Date();
```

        String timestamp = Long.toString(d.getTime()/1000);

```
        return timestamp;
```
```
    }
```
```
 
```
```
    public String generateNonce() {
```
```
        Random random = new Random();
```

        String nonce = Long.toString(Math.abs(random.nextLong()), 60000);

```
        return nonce;
```
```
    }
```
```
 
```

    private String unreservedCharactersPattern = "[a-zA-Z0-9\-\.~]";

    private String unreservedCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-.~";

```
 
```
```
    private String encode(String s) {
```

        if (s == null || "".equals(s)) {

```
            return "";
```
```
        }
```

        StringBuffer sb = new StringBuffer(s.length()2);

        for (int i = 0; i < s.length(); i++) {

            if (unreservedCharacters.indexOf(s.charAt(i)) == -1) {

                // get byte values of the character

                // and turn them into percent encoding

                String t = String.valueOf(s.charAt(i));

                sb.append(StringUtil.urlEncode(t));

```
            } else {
```
```
                sb.append(s.charAt(i));
```
```
            }
```
```
        }
```
```
 
```
```
        return sb.toString();
```
```
    }
```
```
 
```
```
}
```

51 weeks 4 days ago

@episod Taylor Singletary

This code looks like it requires permissions for using xAuth -- does your application have those permissions?

51 weeks 3 days ago

@rivan_ipai Rivan Perdana Putra

how to get a permissions that? I've contacted the twitter in api@twitter.com can not help me .. I am tired of trying to send a request for permission to twitter .. Can you help me? please help me ..

51 weeks 3 days ago

@criacon cristian acon

thanks for you information

51 weeks 3 days ago

@rivan_ipai Rivan Perdana Putra

please help me.. how to get permission xauth for my application??i create my application for my thesis.. please help me..

51 weeks 2 days ago

@Mayank3872 Mayank

I created twitter application ,when click on Authenticate user ,always get Oauth_token null.Please help me

39 weeks 5 days ago

@ChadCorbitt Chad Corbitt

Hey it looks like my API has been soft blacklisted. How do I go about correcting this or discovering why this happened? Any help would be greatly appreciated.

37 weeks 5 days ago

@episod Taylor Singletary

If you suspect this to be the case (what signals are you reading?), consult this FAQ entry for next steps:

Is my IP banned or blacklisted?

Being banned or blacklisted means the Twitter APIs will not respond to requests you make to them. You know if you have been blacklisted because the APIs will not respond to you at all. If this happens to you the first thing to do is stop any requests your application is making. Then see if you can reach other URLs using a command line tool like curl. If you can access other URLs but not Twitter, you should login to Twitter.com and then file a ticket with our support team. The support team will then be in contact about next steps.

Twitter provides APIs for free and with no guarantees of service availability. This means we may take steps to ban or block any account, IP, or range of IPs that might be harming our ability to provide Twitter in a timely and reliable way.

The best way to avoid being blacklisted is to pay attention to the remaining API requests you are allowed to make, and to handle errors appropriately. Handling errors appropriately means reducing your request frequency (throttling) or stopping requests until you can identify why the request failed.

If you have sufficiently diagnosed your network connectivity and believe your IP may have been blacklisted, please post to the discussion forums.. Provide as much detail as possible about which steps you've taken to diagnose.

37 weeks 5 days ago

@Itz_LeeO Kurosaki Ichigo

I am developing an application for Java ME devices. I have the correct tokens/secrets, and I have a method for accurately generating signatures. I created the request headers using the setRequestProperty(String key, String value) method in the javax.microedition.io.HttpsConnection interface but when I try to perform an API call (like retrieving home_timeline.json), I get a HTTP 401 error with error code 135.
I tried adjusting my oauth_timestamps, but I still get the same error, only now the error code is 32.
I've tried everything but nothing changes.
Can someone help me out here????

33 weeks 2 days ago

@BrandonFuller Brandon Fuller

My app broke when I had to migrate from Twitter API 1.0 to 1.1. Ended up finding out that I was missing this header in my POSTs:

Content-Type: application/x-www-form-urlencoded

29 weeks 4 days ago

@jessethegame Jesse the Game

+1 This fixed my issues too!

16 weeks 6 days ago

@ACDTesting1 ACD Testing

Ok, I am able to execute the statuses/home_timeline GET request with my current IDs and tokens, so I know they are correct and I know that I am able to create the correct OAuth signature. Having said that, I am attempting to update my Twitter status and I am getting an "Could not authenticate you" error. I'm building this little app with ColdFusion and this is my code for the call:

<cfhttp url="https://api.twitter.com/1.1/statuses/update.json" method="POST">

 <cfhttpparam type="header" name="Authorization" value='OAuth oauth_consumer_key="#OStruct.oauth_consumer_key#", oauth_nonce="#OStruct.oauth_nonce#", oauth_signature="#OStruct.oauth_signature#", oauth_signature_method="#OStruct.oauth_signature_method#", oauth_timestamp="#OStruct.oauth_timestamp#", oauth_token="#OStruct.oauth_token#", oauth_version="#OStruct.oauth_version#"'>

        <cfhttpparam type="formfield" name="status" value="#status#">

```
</cfhttp>
```
```
 
```
```
Status = "This%20is%20a%20test%20tweet"
```

I tried including all the oauth variables as header elements in the cfhttp, no go. I tried the status param as a type "body", no go. I'm still getting the same authentication error, yet I know the above oauth variables work because if they didn't, I would not be able to grab the home_timeline which I can. Can anybody help me figure out why I'm still getting this "Could not authenticate you" error?

26 weeks 4 days ago

@episod Taylor Singletary

Performing HTTP GETs in OAuth is a bit different than POSTs. I would verify that the underlying OAuth code you're using is generating the signature base string correctly. I would make sure that when you send status with spaces as %20, that your HTTP and OAuth code are in coordination and not overly zealous about re-encoding it again.

26 weeks 3 days ago

@ACDTesting1 ACD Testing

I just redid my tokens, did a GET successfully, did a POST unsuccessfully (same error). This is my signature base string that was created during my one attempt:

POST&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fstatuses%2Fupdate.json&oauth_consumer_key%3DCONSUMERKEY%26oauth_nonce%3Dzed5ro2mwe9lc58aqd7zjen0sr7cxlp3%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1352328864%26oauth_token%3D***ACCESS_TOKEN%26oauth_version%3D1.0%26status%3DThis%2520is%2520a%2520test%2520tweet

Now I am assuming that the signature is generated correctly, because if it wasn't, I would not have been able to execute the GET successfully (it uses the same function and encoding mechanism). Is there something wrong in the base string?

26 weeks 3 days ago

@episod Taylor Singletary

How are you constructing your POST? Does it send the proper Content-Type and Content-Length headers that a POST should? Are you able to examine the request in transit and verify that your POST parameters are being sent correctly?

26 weeks 2 days ago

@ACDTesting1 ACD Testing

I can't recall if I sent you this response, but if I did again, I apologize.

Here's how I'm constructing my POST:

     <cfhttp url="#twitterURL#" method="POST" throwonerror="yes">

           <cfhttpparam type="header" name="Authorization" value='OAuth oauth_consumer_key="#OStruct.oauth_consumer_key#", oauth_nonce="#OStruct.oauth_nonce#", oauth_signature="#OStruct.oauth_signature#", oauth_signature_method="#OStruct.oauth_signature_method#", oauth_timestamp="#OStruct.oauth_timestamp#", oauth_token="#OStruct.oauth_token#", oauth_version="#OStruct.oauth_version#"'>

         <cfhttpparam type="header" name="Content-Type" value="application/x-www-form-urlencoded">

            <cfhttpparam type="formfield" name="status" value="#varStruct.status#">

```
 
```
```
        </cfhttp>
```

I'm not getting a throw on error, but I am returning a 401 Unauthorized error in the HTTP header response of mimetype application/json. I don't know what I need to consider in the content-length - just the status message I'm trying to update? I tried that, and I tried type "url" instead of "formfield" for the status message but to no avail. I'm honestly lost on where I need to go from here.

26 weeks 2 days ago

@episod Taylor Singletary

I'm more interested in how ColdFusion is performing the POST -- you could be telling it to do everything right as far as you know and it still could be doing something wrong. I'm not very familiar with this style of coding and it seems like a very brittle & indirect way to go about interacting with the API.

26 weeks 1 day ago

@ACDTesting1 ACD Testing

I figured out the issue. The status cfhttpparam needs to be of type="body" and the value is the URL-encoded query string of the data:

25 weeks 1 day ago

@episod Taylor Singletary

Glad to hear you figured this out!

25 weeks 1 day ago

@avantajtvm1 avantajtvm1

I have downloaded the latest api of twitter from git. When i login using the credentials of my twitter account. I am being redirected to my twitter homepage instead of redirecting to my return url.This is the Link

24 weeks 5 days ago

@quenotacom quenota com

Hi I dont know if it is the right place, but, I am having big problems to resolve one issue with the oauth verification of my application (it was running for more than a year), the point is since 1 week ago, i am having big problems to get the request token, i checked and after some 401 errors generated by some changes from your side, the process is getting a 200 code (ok) but instead of receiving the request token, i receive an strange string (i havent deciphered!), My app is ASP classic,i checked it with http (original) and (https the same result), GET and POST the same.
Attached the log of the run : (Because no percentage permited here I replace it with X)

MSL in use Msxml2.ServerXMLHTTP.6.0
Host https://api.twitter.com
Authorization OAuth oauth_callback="httpX3AX2FX2Fwww.quenota.comX2FauthX2Ftwitterqueno.asp", oauth_consumer_key="xxxxxx", oauth_nonce="hola251574", oauth_signature="yyyyyyyyyyy", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1355017844", oauth_token="", oauth_version="1.0"

Status 200

EncodeUri of ResponseText is X1FXEFXBFXBFX08X00X00X00X00X00X00X03EXEFXBFXBFX0EXEFXBFXBFX20X00X00XD0XBFXEFXBFXBF3X0FX1EZXEFXBFXBFFXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFQX22X08XC3XA0XEFXBFXBFXEFXBFXBFgXEFXBFXBFXEFXBFXBFXEFXBFXBFXDCX97XC9XA6XEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFFUX20XEFXBFXBFXEFXBFXBFIXEFXBFXBFXEFXBFXBFXEFXBFXBF6X07TgXEFXBFXBFXEFXBFXBFlXEFXBFXBF_XEFXBFXBFXEFXBFXBFXEFXBFXBF)XCFX9D_4X60XEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFwX3DXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFXEFXBFXBFX2FXC3X9BXEFXBFXBFXEFXBFXBFXEFXBFXBF)XEFXBFXBFXEFXBFXBFX60*ZXEFXBFXBFXD5X83XEFXBFXBFX03XEFXBFXBFXEFXBFXBFtXEFXBFXBFX2CX0FXEFXBFXBFXEFXBFXBFX00X00X00

if you want to watch the string just replace X by percentage and urldecode it.

THANKS for any help !!!

22 weeks 7 hours ago

@mnirmala777 mnirmala777

Hometimeline.json for version 1.0 with OAuth worked fine. But when I change to version 1.1 it does not work. Why?

18 weeks 1 day ago

@SeekVest SeekVest

I don't know where to ask this, so I thought this thread will be most appropriate.

I'm using the API to create an alternate form of creating user accounts for my website. I basically just need the API to convert a twitter user into a user on my website. That is all I require (apart from them interacting on my website once they are converted, but they will still always have to login using their twitter account). I've managed to create the application, got my consumer key, consumer secret, loaded it onto my site and when I click on the sign-in with twitter button, everything works (or so I assume). What I'm confused about is the need for an "access token" and "access token secret" , I don't understand what I need that for?

If somebody could explain it in layman's terms, because the documentation is very vague to me and I don't get what I need an access token and access token secret for.

Thanks

17 weeks 1 day ago

@potarbas potarbas

Hi, I´m working with VB.NET and I want to make authorized calls to Twitter's APIs. I obtained my access token like this https://dev.twitter.com/docs/auth/tokens-devtwittercom, because I just want to access the API from my own account. I allways obtain the same response, 401 error, not authorized. Can somebody help me?.
This is my code:

        ServicePointManager.Expect100Continue = False

```
 
```

        Dim oauth_consumer_key As String = System.Configuration.ConfigurationSettings.AppSettings("ConsumerKey")

        Dim oauth_consumer_secret As String = System.Configuration.ConfigurationSettings.AppSettings("ConsumerSecret")

        Dim oauth_token As String = System.Configuration.ConfigurationSettings.AppSettings("token")

        Dim oauth_token_secret As String = System.Configuration.ConfigurationSettings.AppSettings("tokenSecret")

        Dim oauth_version As String = "1.0"

        Dim oauth_signature_method = "HMAC-SHA1"

```
 
```

        Dim miOAuth As New OAuth.OAuthBase

```
 
```

        Dim oauth_nonce As String = miOAuth.GenerateNonce() 'create a nonce string

        Dim oauth_timestamp As String = miOAuth.GenerateTimeStamp() 'create the time in seconds

```
 
```

        Dim apiurl As New Uri("https://api.twitter.com/1.1/trends/place.json?id=1")

```
'generate my signature
```

        Dim oauth_signature As String = miOAuth.GenerateSignature(apiurl, _

                                                                oauth_consumer_key, _

                                                                oauth_consumer_secret, _

                                                                oauth_token, _

                                                                oauth_token_secret, _

                                                                "GET", _

                                                                oauth_timestamp, _

                                                                oauth_nonce, _

                                                                "", "")

```
 
```

        'configuro propiedades del objeto request

        request = CType(WebRequest.Create("https://api.twitter.com/1.1/trends/place.json?id=1"), HttpWebRequest)

        Dim headerFormat = "OAuth oauth_nonce=""{0}"", oauth_signature_method=""{1}"", oauth_timestamp=""{2}"", oauth_consumer_key=""{3}"", oauth_token=""{4}"", oauth_signature=""{5}"", oauth_version=""{6}"""

```
 
```

        Dim authHeader = String.Format(headerFormat,

                                        Uri.EscapeDataString(oauth_nonce),

                                        Uri.EscapeDataString(oauth_signature_method),

                                        Uri.EscapeDataString(oauth_timestamp),

                                        Uri.EscapeDataString(oauth_consumer_key),

                                        Uri.EscapeDataString(oauth_token),

                                        Uri.EscapeDataString(oauth_signature),

                                        Uri.EscapeDataString(oauth_version)

```
            )
```
```
 
```

        request.Headers.Add("Authorization", authHeader)

```
        request.Method = "GET"
```

        request.ContentType = "application/x-www-form-urlencoded"

```
 
```
```
        Try
```

            resp = CType(request.GetResponse, HttpWebResponse)

            txtRespuesta.Text = resp.StatusCode

```
        Catch ex As Exception
```

            txtRespuesta.Text = ex.Message

```
        End Try
```

And this is my request header:
Authorization: OAuth oauth_nonce="5552950", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1359535898", oauth_consumer_key="xxxxxxxxxxxxxxxxxxxxx", oauth_token="xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxx", oauth_signature="0uKDNswlUfs42XnUjxLuwkkmAW8%3D", oauth_version="1.0"
Content-Type: application/x-www-form-urlencoded

Thanks

14 weeks 4 days ago

@selah404 صالح سليمان المظيبري

التفويض: بروتوكول OAuth oauth_nonce = "5552950"، oauth_signature_method = "HMAC-SHA1"، oauth_timestamp = "1359535898"، oauth_consumer_key = "XXXXXXXXXXXXXXXXXXXXX"، oauth_token = "XXXXXXXXX-xxxxxxxxxxxxxxxxxxxxxxxx"، oauth_signature = "3D 0uKDNswlUfs42XnUjxLuwkkmAW8٪ "، oauth_version =" 1.0 "
نوع المحتوى: تطبيق / س-WWW-شكل urlencoded

شكرا

13 weeks 4 days ago

@karlschipul_it karl schipul

This works for a profile image:
http://api.twitter.com/1/users/profile_image/408669110?size=normal

This does not:
http://api.twitter.com/1.1/users/profile_image/408669110?size=normal

I am confused. Does this mean that someone did not yet turn it on yet for 1.1? Or does it mean http://api.twitter.com/1/users/profile_image/USERID?size=normal will continue to work?

Or does it mean that there is an entirely different URL for this?

9 weeks 5 days ago

@episod Taylor Singletary

There's no direct 1.1 equivalent of that method. You'll need to request the user object using user/show or users/lookup to obtain a profile image URL for a user.

9 weeks 4 days ago

@quenotacom quenota com

Hi,

Today i noticed this is having a strange behavior :

https://api.twitter.com/oauth/authenticate?oauth_token=xxxxx

And, in the screen it says i will have access to Direct Messages, and i understood it is the same as
authorize except the access to DM, could your clarify pls.

And another question:

I changed all my stuff to 1.1, and all the REST to https, but i dont use https in my site, so the questions is, currently everything is working with https (twitter resources), except when it return to my app after oauth authorize where i have a normal callback http://my site, is it going to work after your turn on the switch in the near future ?

6 weeks 11 hours ago

Apr	MAY	Jun
	12
2012	2013	2014

Replies

Is my IP banned or blacklisted?

Related content

Tags