Why does the Twitter API give me a code 32 (could not authencate) error?

Question

I'm trying to make a search request to the twitter REST api. Here is my request:

GET /1.1/users/search.json?q=%23PLLFinale HTTP/1.1 Host: api.twitter.com User-Agent: PostPirate v1.0 Accept: / Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth_consumer_key="(removed)", oauth_nonce="Ts3s7nlxSN6lfK9eqJOoujc8U3FmywOU", oauth_signature="(partially-removed)lmMzY4YzgwY2JhMzFlYTc4ZDEwNTMyYWM1MGU1MmYxMQ%3D%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1498607144", oauth_token="(removed)", oauth_version="1.0"

and here is the parameter string for my signature:

oauth_consumer_key=(removed)&oauth_nonce=Ts3s7nlxSN6lfK9eqJOoujc8U3FmywOU&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1498607144&oauth_token=(removed)&oauth_version=1.0&q=%23PLLFinale

and here is the signing key:

(removed)&(removed)

and here is the signature base string:

GET&https%3A%2F%2Fapi.twitter.com%2F1.1%2Fusers%2Fsearch.json&oauth_consumer_key%3D(removed)%26oauth_nonce%3DTs3s7nlxSN6lfK9eqJOoujc8U3FmywOU%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1498617068%26oauth_token%3D(removed)%26oauth_version%3D1.0%26q%3D%2523PLLFinale

Here is the response I'm receiving back:

{"errors":[{"code":32,"message":"Could not authenticate you."}]}

Gary S Gary S · Accepted Answer · 2017-07-02T06:19:44

Was calculating the signature wrong. I did not realize that the result of my HMAC-SHA1 calculation were a series of hexadecimal bytes. I treated them as a string and passed them directly into my base64 conversion function. I also recommend using this to check your signature base string: http://quonos.nl/oauthTester/

Why does the Twitter API give me a code 32 (could not authencate) error?

2 Answers