how to create authentication string for each twitter API call

Created by Jerry Wang on Aug 16, 2014

The following information must be available to populate authentication string for current twitter API call:

Step1

generate the intermediate authentication string by concatenate the technical name of each field and its value into single line by “%3D”, then concatenate each single line into the intermediate string by “%26”.

Step2

generate the base authentication string via the following logic:

The string populated in this step should be:

&&

1

A sample base authentication string looks like as below:

GET&http%3A%2F%2Fapi.twitter.com%2F1.1%2Fstatuses%2Fmentions_timeline.json&oauth_consumer_key%3DdbsDIeSbFjl7J5UuXXBb8g%26oauth_nonce%3D3DC99B81145ED0726C20207FB8B6A0A8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1365573543%26oauth_token%3D1322278441-fhsyXxAY3yRLCgJxxQwN7IoRWr73CiJ2ogA08s9%26oauth_version%3D1.0

Step3

Generate authentication string for field “oauth_signature” using HMAC-SHA1 algorithm.

The input parameters for the generation in this step are:

Encryption key: consists of consumer secret and token secret combined with “&”.

Base authentication string generated from step2.

For detail how to use HMAC-SHA1 algorithm to generate authentication string, please refer to attached sample code.

Step4

During this step value for all seven fields listed in table1 should be available.

Then the following steps must be done to generate the final authentication string:

Concatenate field name with field value by “=”.

Surround field value with “.

Concatenate each name-value pair with “, “.

Add header “OAuth “ into the beginning of string.

You can use the following sample authentication string as a reference.

OAuth oauth_consumer_key=“ajaTgSs6QlXni558PjNg”, oauth_token=“1003016971-gRDT3Db0fcnaEvnldIGqrRH6P1Bsu6qXAUfs19b”, oauth_timestamp=“1365576176”, oauth_nonce=“C505BDC4FF6B4804A5A0F17EDD5D48EF”, oauth_version=“1.0”, oauth_signature_method=“HMAC-SHA1”, oauth_signature=“Yj%2BA3IrvgzWpNImngMV1gvnnbiU%3D”

For more detail information about OAuth protocol please refer to following links: