This is a common error that indicates that the OAuth signature that was sent with your request does not match the signature expected by the Toopher API. Because OAuth is a relatively complex protocol, there are several reasons why this can happen. The error is intentionally vague as to what is wrong with the request in order to prevent the attacker from using the error message to gain knowledge that could be used to gain unauthorized access to the API.
Since it can be difficult to build OAuth requests correctly, Toopher provides the provided API libraries for many common languages to help developers easily make valid requests against the API. If you are not using one of these libraries, you should try this first.
If you are already using one of the libraries provided by Toopher, then the next task is to make sure that your API (Key and Secret) credentials are valid. You can verify your credentials on the My Inquiries page of the Toopher Developer Portal.
If you still have problems with OAuth, your system clock is probably inaccurate - OAuth includes the current system time in the request so that the receiving server can guarantee that the request is not too old. If the problem goes away when you synchronize your system clock with a well-known time source, for example, one of the NIST Network Time Servers , then this is almost certainly a problem.
If your system time is distorted again and requests start to fail (for example, if you are working inside a virtual machine that does not synchronize the system time with the hypervisor system), you may need to set up a scheduled task to re-synchronize the system time with the network time server at a regular interval.
Full disclosure: I'm a developer at Toopher