Twitter Authorization

Question

For 2 days I've tried to do a request with unirest (I have to use it) to Twitter but I'm not getting good feedback from rest of what I'm doing wrong.

This is my request:

    HttpResponse request = Unirest.post( "https://api.twitter.com/1.1/account/settings.json" )
            .header( "Authorization",
                    "oauth_consumer_key=\"XXX\"," +
                            "oauth_token=\"XXX\"," +
                            "oauth_signature=\"XXX\"" +
                            "oauth_nonce=\"XXX\"," +
                            "oauth_signature_method=\"HMAC-SHA1\"," +
                            "oauth_timestamp=\"1467448738\"," +
                            "oauth_version=\"1.0\","
            )
            .header( "Content-Type", "application/json" )
            .header( "accept", "application/json" )
            .header( "X-Target-URI", "https://api.twitter.com" )
            .header( "Host", "api.twitter.com" )
            .header( "Connection", "Keep-Alive" ).asJson();

And I'm getting

{"errors":[{"code":215,"message":"Bad Authentication data."}]}

With this page it's easy to do https :// apigee.com/console/twitter but I see oauth_timestamp, oauth_nonce, oauth_signature are random generated every time. (Do I have to generate them somehow?)

http :// quonos.nl/oauthTester/ - this site was helping me to check oauth signature

And this https :// dev.twitter.com/oauth/tools/signature-generator/<+my id> generated for me Signature base string, Authorization header, cURL command

I have also keys from https :// apps.twitter.com/app/ Consumer Key (API Key) Consumer Secret (API Secret) Access Token Access Token Secret (And Access Read, write, and direct messages)

But every time I'm getting an error.

So whats wrong with my code? Do I missing something?

Thanks!

Yuri Schimke · Accepted Answer · 2019-11-20T20:23:59.057

1

oauth_timestamp isn't randomly generated, it is the current time. e.g. your example above is (verify with http://www.onlineconversion.com/unix_time.htm)

Sat, 02 Jul 2016 08:38:58 GMT

oauth_nonce is random as described in the help page below, e.g. "base64 encoding 32 bytes of random data".

oauth_signature is calculated based on your request parameters, sometimes post body, the client token/secret etc.

https://dev.twitter.com/oauth/overview/authorizing-requests https://dev.twitter.com/oauth/overview/creating-signatures

This is some example code for signing requests https://github.com/yschimke/okurl/blob/release/1.4/src/main/java/com/baulsupp/oksocial/services/twitter/Signature.java

edited Nov 20 '19 at 20:23

answered Jul 02 '16 at 13:38

Yuri Schimke

12,435
3
35
69

The last link is not avaialble ! – Santanu Sur Nov 18 '19 at 13:44
i followed the process https://dev.twitter.com/oauth/overview/creating-signatures still the api is throwing "BAD authentication data. " – Santanu Sur Nov 18 '19 at 13:48
@SantanuSur You can check an example of complete code at https://stackoverflow.com/a/59765764/1776132 – Smile Jan 17 '20 at 09:18

Twitter Authorization

1 Answers1