Since Twitter API version 1.1 every request has to be authenticated and signed via OAuth 1.0a. In my PHP project I want to make use of the Twitter trends API, especially I want to use the GET trends/place call. So it's read-only. Now, to authorize a request there's an excellent Twitter API documentation here . We learn that we have to send an additional header in the HTTP request, called "Authorization" that contains a string starting with "OAuth " and including seven parameters:
Of those seven parameters the above mentioned third one, oauth_signature, is kind of special because to build its value you have to include all the other parameters plus more and then sign it. The process, again, is explained very well here .
I implemented all these steps after registering my app and getting consumer key & secret and access token & secret. Here's my PHP code (I crossed-out the secrets, of course):
$HTTPmethod = 'GET';
$twitterApiBaseUrl = 'https://api.twitter.com/1.1/trends/place.json';
$twitterApiParams = 'id=' . $WOEID;
$twitterApiCallUrl = $twitterApiBaseUrl . '?' . $twitterApiParams;
$OAuthConsumerKey = 'eV78fJOOiObfeytAwvWCg';
$OAuthAccessToken = '1116971396-6uc4xOLziLAdiqOfrtKfuRraa2GdCzas9aQX8ZB';
$OAConsumerSecret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$OATokenSecret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
// building the necessary (as of Twitter API v1.1) authorization header
// according to https://dev.twitter.com/docs/auth/authorizing-request
$DST = 'OAuth ';
// 1.: Consumer key
$oaConsumerKeyKey = rawurlencode("oauth_consumer_key");
$oaConsumerKeyVal = rawurlencode($OAuthConsumerKey);
$DST .= $oaConsumerKeyKey . '="' . $oaConsumerKeyVal . '", ';
// 2.: Nonce
$oaNonceKey = rawurlencode("oauth_nonce");
$oaNonceVal = rawurlencode(base64_encode(time()));
$DST .= $oaNonceKey . '="' . $oaNonceVal . '", ';
// 3.: Signature method
$oaSignatureMethodKey = rawurlencode("oauth_signature_method");
$oaSignatureMethodVal = rawurlencode('HMAC-SHA1');
$DST .= $oaSignatureMethodKey . '="' . $oaSignatureMethodVal . '", ';
// 4.: Timestamp
$oaTimestampKey = rawurlencode("oauth_timestamp");
$oaTimestampVal = rawurlencode(time());
$DST .= $oaTimestampKey . '="' . $oaTimestampVal . '", ';
// 5.: Token
$oaTokenKey = rawurlencode("oauth_token");
$oaTokenVal = rawurlencode($OAuthAccessToken);
$DST .= $oaTokenKey . '="' . $oaTokenVal . '", ';
// 6.: Version
$oaVersionKey = rawurlencode("oauth_version");
$oaVersionVal = rawurlencode('1.0');
$DST .= $oaVersionKey . '="' . $oaVersionVal . '", ';
// 7.: Signature
// according to https://dev.twitter.com/docs/auth/creating-signature
$preSignatureBaseString = $twitterApiParams;
$preSignatureBaseString .= '&';
$preSignatureBaseString .= $oaConsumerKeyKey . '=' . $oaConsumerKeyVal;
$preSignatureBaseString .= '&';
$preSignatureBaseString .= $oaNonceKey . '=' . $oaNonceVal;
$preSignatureBaseString .= '&';
$preSignatureBaseString .= $oaSignatureMethodKey . '=' . $oaSignatureMethodVal;
$preSignatureBaseString .= '&';
$preSignatureBaseString .= $oaTimestampKey . '=' . $oaTimestampVal;
$preSignatureBaseString .= '&';
$preSignatureBaseString .= $oaTokenKey . '=' . $oaTokenVal;
$preSignatureBaseString .= '&';
$preSignatureBaseString .= $oaVersionKey . '=' .$oaVersionVal;
print "<b>preSignatureBaseString:</b> $preSignatureBaseString<p/>\n";
$signatureBaseString = $HTTPmethod;
$signatureBaseString .= '&';
$signatureBaseString .= rawurlencode($twitterApiBaseUrl);
$signatureBaseString .= '&';
$signatureBaseString .= rawurlencode($preSignatureBaseString);
print "<b>signatureBaseString:</b> $signatureBaseString<p/>\n";
$signingKey = rawurlencode($OAConsumerSecret) . '&' . rawurlencode($OATokenSecret);
$oaSignatureKey = rawurlencode("oauth_signature");
$oaSignatureVal = base64_encode(hash_hmac('sha1', $signatureBaseString, $signingKey));
print "<b>oaSignatureVal:</b> $oaSignatureVal<p/>\n";
$DST .= $oaSignatureKey . '="' . rawurlencode($oaSignatureVal) . '"';
print "<b>DST:</b> $DST<p/>\n";
$header = "User-Agent: MyCoolTwitterTrendsApp\r\n" .
"Authorization: " . $DST . "\r\n";
$opts = array(
'http' => array(
'method' => $HTTPmethod,
'header' => $header
));
print "<b>header:</b> $header<p/>\n";
$context = stream_context_create($opts);
$twitterApiResponse = file_get_contents($twitterApiCallUrl, false, $context);
$decodedResponse = json_decode($twitterApiResponse);
echo $decodedResponse;
Problem is, the actual call to the API fails every time with an "HTTP/1.0 401 Unauthorized" error. Can anyone tell my why and what I'm doing wrong here? Thank you so much!
Not sure if it's the same problem i have but try to check the timestamp mine was off exactly by 1 hour, go figure what that is!! daylite saving time
Use this code
$oauth_hash = '';
$oauth_hash .= 'oauth_consumer_key=YOUR_CONSUMER_KEY&';
$oauth_hash .= 'oauth_nonce=' . time() . '&';
$oauth_hash .= 'oauth_signature_method=HMAC-SHA1&';
$oauth_hash .= 'oauth_timestamp=' . time() . '&';
$oauth_hash .= 'oauth_token=YOUR_ACCESS_TOKEN&';
$oauth_hash .= 'oauth_version=1.0';
$base = '';
$base .= 'GET';
$base .= '&';
$base .= rawurlencode('https://api.twitter.com/1.1/trends/place.json');
$base .= '&';
$base .= rawurlencode('id=23424848&'.$oauth_hash);
$key = '';
$key .= rawurlencode('YOUR_CONSUMER_SECRET');
$key .= '&';
$key .= rawurlencode('YOUR_ACCESS_TOKEN_SECRET');
$signature = base64_encode(hash_hmac('sha1', $base, $key, true));
$signature = rawurlencode($signature);
$oauth_header = '';
$oauth_header .= 'oauth_consumer_key="YOUR_CONSUMER_KEY", ';
$oauth_header .= 'oauth_nonce="' . time() . '", ';
$oauth_header .= 'oauth_signature="' . $signature . '", ';
$oauth_header .= 'oauth_signature_method="HMAC-SHA1", ';
$oauth_header .= 'oauth_timestamp="' . time() . '", ';
$oauth_header .= 'oauth_token="YOUR_ACCESS_TOKEN", ';
$oauth_header .= 'oauth_version="1.0", ';
$curl_header = array("Authorization: Oauth {$oauth_header}", 'Expect:');
$curl_request = curl_init();
curl_setopt($curl_request, CURLOPT_HTTPHEADER, $curl_header);
curl_setopt($curl_request, CURLOPT_HEADER, false);
curl_setopt($curl_request, CURLOPT_URL, 'https://api.twitter.com/1.1/trends/place.json?id=23424848');
curl_setopt($curl_request, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_request, CURLOPT_SSL_VERIFYPEER, false);
var_dump(curl_exec($curl_request));
curl_close($curl_request);
I have Modified the code to get user timeline from this blog
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.