Reputation: 198
Twitter Oauth possible cause for 400 Bad Request response using a simple REST client
I've generated Access Tokens in the Settings/..../ Keys and Access Tokens page and now have a
- Consumer Key
- Consumer Secret Key
- Owner ID (even though this was probably already generated)
- Access Token
- Access Token Secret
and am using a rest client to test being able to pull the latest 3 statuses using this api end point
https://api.twitter.com/1.1/statuses/user_timeline.json?user_id=userIdHere&count=3
as well as the following headers
- Accept: /
- Connection: close
- User-Agent: OAuth gem v0.4.4
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 76
- Host: api.twitter.com
- Authorization: OAuth
- oauth_consumer_key=
- oauth_signature=
- oauth_signature_method=
- oauth_timestamp=
- oauth_token=
- oauth_version=
obviously the 'userIdHere' in the end point address (above) is substituted with my username (i know i can also use my user_id, but that's beside the point) as well as the 'Authorization' values being substituted for real values. That's where my question lies...
What is the mapping for each of the 'oauth...' authorization parameters to their associated Twitter generated and provided Token or key(s) (which were mention near the top of the post)?
I keep getting a '400 Bad Request' response and feel that it is the authorization that is failing in that the permutations of key placements is incorrect. I do not know which value goes to which 'oauth...' value
finally, the structure of the 'Authorization' parameter header is as follows (as per instruction here from the Twitter EXAMPLE) as one line string value
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318622958", oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", oauth_version="1.0" )
I am just trying to use a GET to get the last 3 statuses and have not been able to. Also, i plan to switch the values to Environmental Variables, but that doesn't matter yet..
UPDATE using Postman now, and it's better at mapping, but now am getting
{
"errors": [ { "code": 32, "message": "Could not authenticate you." } ] }
Upvotes: 1
Views: 1675
Answers (1)
Reputation: 8963
For the Postman part make sure that you leave Timestamp and nonce empty and hit "update request" before you hit send. That will generate timestamp and nonce - otherwise you will get authorization failures every time. I just tried it with my twitter API credentials and it works.
For Oauth gem code, I find it strange that you have a Content-Type and a Content-Length header for a GET request. Looks like the 400 Bad request could be because you are attempting to do a POST to an endpoint that only supports GET. Indeed when I try to do a POST to that endpoint it tells me.
{
"errors": [
{
"code": 86,
"message": "This method requires a GET or HEAD."
}
]
}
So the 400 is actually good news - it means that authorization works, you are just calling the API in the wrong way.
Upvotes: 2
Related Questions
- oAuth 1.0, Advanced Rest Client, Twitter API, Not Working
- REST API, regarding 403 error code?
- Twitter API always saying 400 Bad Request
- Why are POST requests to get a bearer token for application-only auth for Twitter's API returning a 400 Bad request?
- twitter - request token failing
- twitter request_token endpoint always returns "couldn't authenticate you"
- Why I get a 400 bad request with an auth request to Twitter?
- Twitter api returns status 400 when using tmhOAuth
- Why does my Twitter OAuth API call to update status fail, but other calls work?
- Twitter API Issue: OAuth Request Token using GET works, POST fails