Twitter oauth with SSL using cURL in PHP

Question

I'm a bit of a beginner to this. But I am trying to use cURL to perform a GET request to pull back users tweets.

I've been able to authenticate OK. But I cannot work out how to GET the data. I'm working from my localhost.

I've tried adding a basic certificate but it does not work.

Do I have to buy an SSL certificate for my site? I've seen twitter feeds on other sites that haven't purchased SSL certificates so I don't know how they do it?

I've seen this in the Twitter documentation. The file that is mentioned, is that the one I can purchase?

curl_setopt($connection, CURLOPT_SSL_VERIFYPEER, True);
curl_setopt($connection, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($connection, CURLOPT_CAINFO, "path:/ca-bundle.crt");

This is my cURL code, it worked before I put the CURLOPT_URL section in and got a positive response from the server:

$url = "https://api.twitter.com/oauth2/token";
    $headers = array( 
        "POST /oauth2/token HTTP/1.1", 
        "Host: api.twitter.com", 
        "User-Agent: my Twitter App v.1",
        "Authorization: Basic ".$encoded."",
        "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
    ); 
$ch = curl_init();
curl_setopt ($ch, CURLOPT_CAINFO, "cacert.pem");
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
curl_setopt($ch, CURLOPT_URL, "http://twitter.com/statuses/user_timeline/".$username.".json?count=".$num_tweets); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
$header = curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output = curl_exec($ch); 
curl_close($ch);

Edit: there are problems with the code above, I'm aware I'm doing something wrong but not sure what. Anyway, here is the original code I had which did work OK and got the expected result back from the server. So the next step is to request the user's tweets from their timeline.

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
$header = curl_setopt($ch, CURLOPT_HEADER, 1);
$result = curl_exec($ch);
curl_close($ch);
echo $result;

Answer 1

You may use curl_getinfo to know what's going on.

You may also post the url of the Twitter documentation so we can have a look.

$headers indicates a host as api.twitter.com but CURLOPT_URL uses twitter.com, is this a typo ?

Answer 2

Your code is schizophrenic:

curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_URL, "http://twitter.com/statuses/user_timeline/".$username.".json?count=".$num_tweets); 

You're setting the URL twice, to different URLs. Only the LAST url set will have any effect, so you're not posting to the API, you're posting to something else on the main twitter site.

And no, you don't need an SSL cert on your own machine to do any of this. The ca-cert.pem is a list of cert issuer's public certs, which will be used to validate/authenticate Twitter's own certificate. It's basically the same thing built into your browser(s) that allow them to validate any other SSL cert out there. eg you don't have to buy a personal SSL cert to go shopping on amazon.com, you just need the CA certs in your browsers to authenticate amazon's servers.