Back to the Overview

>>>>> This document is Deprecated and will be replaced with current information soon <<<<

Signing requests

All requests are required to be signed. Without a valid signature, the API will return a 401 Unauthorized response.

This process is very similar to xAuth authentication. However it's a lot simpler since we don't involve back and forth to get an access token. It just involves your api key and your secret key. You can read more about signing request at the twitter xAuth documentation.

Required header

  • Authorization - contains the signed request with the secret_key.

Required parameters

  • Key - the api key used to identify your client.

The steps to sign the requests are described as follow:

Given this request:


1) Order all parameters alphabetically


2) Concat the verb, the url, and the sorted params together with &


3) Escape the string to get your signature

4) Encode the signature using HMAC-SHA1 with your secret key and then to Base64


5) Now set that signature to the Authorization header like this (be sure to escape it):

Authorization: signature="y7kwPr1S579frnzv9Ipg5CmP19U%3D"

Note that the above example uses a made up key and will not work. You'll have to use a live key to get a real response.

Code Examples