I am trying to develop a simple application to interact with Tumblr using API v2. I can go through every step in the oAuth stream (thanks to the documentation found on Twitter) and get an authorized and authenticated token and secret. But when it comes to publishing, I get a 401 unauthorized error. This is the corresponding code snippet:
private void post_Click(object sender, System.Windows.RoutedEventArgs e) { url = new Uri("http://api.tumblr.com/v2/blog/*myblog*.tumblr.com/post"); Random random = new Random(); nonce = random.Next(1234000, 9999999).ToString(); TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0); timestamp = Convert.ToInt64(ts.TotalSeconds).ToString(); string method = "POST"; StringBuilder sb = new StringBuilder(); sb.AppendFormat("{0}&", method); sb.AppendFormat("{0}&", upperCaseUrl(HttpUtility.UrlEncode(url.ToString()))); sb.AppendFormat("body%3D{0}%26", upperCaseUrl(HttpUtility.UrlEncode(textBox.Text))); sb.AppendFormat("oauth_consumer_key%3D{0}%26", consumerKey); sb.AppendFormat("oauth_nonce%3D{0}%26", nonce); sb.AppendFormat("oauth_signature_method%3D{0}%26", "HMAC-SHA1"); sb.AppendFormat("oauth_timestamp%3D{0}%26", timestamp); sb.AppendFormat("oauth_token%3D{0}%26", token); sb.AppendFormat("oauth_version%3D{0}%26", "1.0"); sb.AppendFormat("type%3D{0}", "text"); System.Diagnostics.Debug.WriteLine(sb.ToString()); string signingKey = consumerSecret + '&' + secret; HMACSHA1 signing = new HMACSHA1(Encoding.ASCII.GetBytes(signingKey)); byte[] bytearray = Encoding.ASCII.GetBytes(sb.ToString()); MemoryStream stream = new MemoryStream(bytearray); signature = Convert.ToBase64String(signing.ComputeHash(stream)); ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3; StringBuilder header = new StringBuilder(); header.Append("OAuth "); header.AppendFormat("oauth_consumer_key=\"{0}\", ", consumerKey); header.AppendFormat("oauth_token=\"{0}\", ", token); header.AppendFormat("oauth_nonce=\"{0}\", ", nonce); header.AppendFormat("oauth_timestamp=\"{0}\", ", timestamp); header.AppendFormat("oauth_signature_method=\"{0}\", ", "HMAC-SHA1"); header.AppendFormat("oauth_version=\"{0}\", ", "1.0"); header.AppendFormat("oauth_signature=\"{0}\"", upperCaseUrl(HttpUtility.UrlEncode(signature))); System.Diagnostics.Debug.WriteLine(header.ToString()); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url); request.Method = WebRequestMethods.Http.Post; request.Headers.Add("Authorization", header.ToString()); try { HttpWebResponse response = request.GetResponse() as HttpWebResponse; StreamReader reader = new StreamReader(response.GetResponseStream()); if (reader.ReadToEnd() == "201: Created") { control.Invoke((MethodInvoker)delegate { statusText.Text = "Post successfully sent!"; }); } } catch (Exception ex) { System.Diagnostics.Debug.WriteLine(ex.Message); } }
The function is called by pressing the button and gets the body text from the text field. The signature is correct because it has been tested with other services (Twitter, etc.), and it still provides valid signatures for Tumblr itself. The authorization header is almost the same as I used to request the token and its authorization, and the base line contains only the content type (text in this case) and body, except for the standard oauth_ * parameters. I also checked the code with the tools available on hueniverse.com, but still nothing.
I may be missing the HTTP header, or I'm sending the wrong request. Any ideas? Thanks.