Getting 401 on Twitter OAuth POST requests

12,769

Solution 1

Make sure your app access type is read & write. On your app settings page (ex. http://twitter.com/apps/edit/12345) there's a radio button field like this:

Default Access type: Read & Write / Read-only

If you check 'Read-only' then status update API will return 401.

Solution 2

I second the answer by Jrgns. I has exactly the same issue. When reading the example Twitter provides, it's actually clear. However their pseudo code is misleading. In Python this worked for me :

def encodekeyval(key, val):
    key = urllib.quote(key, '')
    val = urllib.quote(val, '')
    return urllib.quote(key + '=' + val, '')

def signature_base_string(urlstr, oauthdata):
    sigstr = 'POST&' + urllib.quote(urlstr,'') + '&'
    # retrieve "post" data as dictionary of name value pairs
    pdata = oauthdata.getpdata()
    # need to sort parameters
    pstr = '%26'.join([encodekeyval(key, pdata[key]) for key in sorted(pdata.keys())])
    return sigstr + pstr

Solution 3

I had the same issues, until I realised that the parameters need to be encoded twice for the base string. My GET requests all worked fine, but my POSTs, particularly status updates, failed. On a hunch I tried a POST without spaces in the status parameter, and it worked.

In PHP:

function encode($input) {
    return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode($input)));
}

$query = array();
foreach($parameters as $name => $value) {
    $query[] = encode($name) . '=' .encode($value);
}
$base = encode(strtoupper($method)) . '&' .encode($norm_url) . '&' . 
encode(implode('&', $query));

Notice the encode function around the names and values of the parameters, and then around the whole query string. A Space should end up as %2520, not just %20.

12,769

Baishampayan Ghose

Humble Jedi Master from the Galactic Programmers' Empire. Co-founder/CTO @ Helpshift Blog: freegeek.in/blog Code: github.com/ghoseb Twitter: twitter.com/ghoseb Flickr: flickr.com/photos/ghoseb Work: Helpshift

Updated on June 04, 2022

Comments

Baishampayan Ghose almost 2 years
I am trying to use Twitter OAuth and my POST requests are failing with a 401 (Invalid OAuth Request) error.

For example, if I want to post a new status update, I am sending a HTTP POST request to https://twitter.com/statuses/update.json with the following parameters -
```
status=Testing&oauth_version=1.0&oauth_token=xxx&
oauth_nonce=xxx&oauth_timestamp=xxx&oauth_signature=xxx&
oauth_consumer_key=xxx&in_reply_to=xxx&oauth_signature_method=HMAC-SHA1`
```
My GET requests are all working fine. I can see on the mailing lists that a lot of people have had identical problems but I could not find a solution anywhere.

I am using the oauth.py Python library.
- Jeff Standen almost 13 years
  
  I had the same issue and it turned out that the 'Callback URL' section of my app's configuration on Twitter was blanked out somehow. When it's empty it goes into desktop mode and blocks the ability to use dynamic callbacks. You can put any placeholder text in the setting you want, as long as it's not blank.
selfawaresoup about 14 years

Maybe this just saved my day. I'm having the exact same problem, only in JavaScript. GET works, POST not so much ...