🔑 [New Plugin] OAuth 1.0a Request Signing Handler

Hi Bubblers !

With this plugin, you can generate OAuth 1.0a Authorization header as a way to authenticate the client to the OAuth Provider itself using Bubble API Connector.

Providing an App (a.k.a Consumer, Client) key/secret pair, and optionally token key/secret pair, this plugin action generates the Authorization header to re-use in an API GET or POST signed call.

This Authorization header is required to use, for instance but not limited to, to Twitter (OAuth 1.0a | Docs | Twitter Developer Platform) or the Noun Project APIs.

Sample Authorisation header returned by the plugin:

Authorization: OAuth oauth_consumer_key = "CONSUMER_API_KEY", oauth_nonce = "OAUTH_NONCE", oauth_signature = "OAUTH_SIGNATURE", oauth_signature_method = "HMAC-SHA1", oauth_timestamp = "OAUTH_TIMESTAMP", oauth_token = "ACCESS_TOKEN", oauth_version = "1.0".

You can test out our OAuth 1.0a Request Signing Handler Plugin with the live demo.

Enjoy !
Made with :black_heart: by wise:able
Discover our Artificial Intelligence-based Plugins


This works! Thank you thank you!

The instructions… for future users… please add screenshots. Especially instep 3 where your “Instructions” talk about adding an API call action but are non-specific. It took me 45 minutes to realize that API calls designated as “Action” (instead of Data), create a new action called " ". I know you provide other links, but providing screen shots would help others who maybe haven’t used API Actions to get results faster.

Otherwise… this plugin saved me hours and hours.

1 Like

Did you use it to send tweets from bubble?

Thanks for this plugin :slight_smile: really helpful!

It works well with your example but when I try to send a Twitter direct messages (post method) in my app, I get a 401 Unauthorized (Could not authenticate you, code 32).

  • I tried the same request with my API keys/tokens on Postman and it works.
  • I tried to copy/paste the “Authorization” header generated by Postman in the Bubble API connector, and it works!

BUT when I try to programmatically set (in the workflow) the header generated by your plugin I get that error (401 Unauthorized) mentioned above.

I double-checked consumer key/secret, token key/secret and base URL that I set in your plugin action, all correct.

Do you know what can it be?
Can you provide an example in your demo/editor that shows how to use this plugin to send Twitter direct messages?


Hey @matteo !

Thanks for your message!

According to the documentation to send direct messages on Twitter, this API requires a user context.
User Context requires a User Access Token, available only using a 3-legged OAuth authentification, which is unfortunately not supported by this plugin, supporting only OAuth1.0 single-legged authentification.

Could it be that it works on Postman because you have configured it to use the 3-legged OAuth Authentification ?

1 Like

Thanks a lot! Now all makes sense :pray:t3:

1 Like

@redvivi so essentially what I need to do:

❶ Use 3-legged OAuth authentication to get “User Access Token” and “User Access Token Secret” with user context. Can I use your plugin to authorize the request of Step 1? User Access Tokens (3-legged OAuth flow) | Docs | Twitter Developer Platform

❷ Use your plugin to generate “oauth_nonce”, “oauth_signature”, “oauth_timestamp” (giving in input the two params I got at Step 1 + Consumer App and Consumer Key that I find on the developer portal)

❸ Make the request as defined here POST direct_messages/events/new (message_create) | Docs | Twitter Developer Platform


Hey @matteo,

From steps point of view this is correct.
However, this plugin does not support 3-legged OAuth authentication. More specifically, the first step is missing.

Thanks @redvivi
Do you confirm that I can use your plugin to authorize the request of Step 1? (which I’m performing with the API connector by myself)
I mean to generate the Authorization header as explained here → POST oauth/request_token | Docs | Twitter Developer Platform

Becuase I’m getting a 401.
3-legged and 1-legged oauth flows have the same algorithms to create the header signature?

I do not confirm. This plugin does not support 3-legged OAuth authentification, only single-legged (OAuth 1.0a Request signing only).

Do you provide private consultancy @redvivi ?
I need to implement the flow and I would be happy pay 1/2 hours of pair bubbling.

Good news! :slight_smile:
I managed to get the User Access Token (with user context).

But still, when I use the Authentication header generated with your plugin and call the POST API to send the message, I get 401 Unauthorized, error code 32.

Your plugin should be good to be used in this scenario right?
Any idea on why I get the error?

Here the Post API in the Api connector:

Thanks a lot for the support.

Hello @redvivi! Have you had the chance to review my last message? Thanks a lot :pray:t3:

Hey @Matteo !
Thanks for your follow-up and apologies for the lead-time to answer.

Unfortunately, we are unable to support you on this scenario, which is outside the plugin scope.

Hey matteo! Would you mind sharing how you did the OAuth 1.0a with user context (3-leg authentication)? I’m trying to get Twitter metrics which requires that authentication but could not authenticate no matter how hard I tried. Willing to pay for this to be setup in my app.

I used this Advanced Twitter API Plugin | Bubble

And you’re able to view the token generated? I’m trying to get the metrics and don’t see that action listed so will need the token.

Yes you can

I’m stuck on step 3 of the instructions.

As far as I understand, you must “initialize call” in API connector setting before you can use the API call in the workflow. I found this to be true when the API call I created for this did not show up when setting up an action to add this API call like mentioned in step 3 of the instructions.

So, I tried initializing it first, but when I tried to “initialize call” by inputting the “Generate OAuth1.0a Header” output as the authorization key value (copied and pasted it there), I am unable to initialize it and get the following error:

There was an issue setting up your call.

Raw response for the API
Status code 401
{“errors”:[{“message”:“Could not authenticate you”,“code”:32}]}

What am I doing wrong here? Any help will be greatly appreciated!

The error code is referring to invalid or wrong credentials.

What’s the target API documentation?