Skip to Content
Author's profile photo Michael Beining

Unknown OAuth signature method trying to obtain a resource token

When trying to obtain a resource request token from Jam as described in I’m getting “Unknown OAuth signature method” with an error code of 400 is returned.

As webserver for the client app I’m using the Tornado python framework and for the POST request the requests library. The client app has been registered at and a consumer key and consumer secret have been obtained successfully. The signature method chosen is “HMAC-SHA1”. And the request is being made from the server registered in the callback URL.

The POST request is being made as follows:

url = “

key =  urllib.quote_plus(options.client_secret) + “&”

data = {

    ‘oauth_consumer_key’ : options.client_key,

    ‘oauth_nonce’ : str(uuid.uuid4()),

    ‘oauth_signature_method’ : ‘HMAC-SHA1’,

    ‘oauth_timestamp’ : str(int(time.time())),

    ‘oauth_version’ : ‘1.0’,

    ‘oauth_callback’ : ‘oob’


text = “POST&” + urllib.quote_plus(url) + “&” + urllib.quote_plus(“oauth_callback=” + data[“oauth_callback”] + “&oauth_consumer_key=” + data[“oauth_consumer_key”] + “&oauth_nonce=” + data[“oauth_nonce”]

+ “&oauth_signature_method=” + data[“oauth_signature_method”] + “&oauth_timestamp=” + data[“oauth_timestamp”] + “&oauth_version=” + data[“oauth_version”])

signature =, text, hashlib.sha1)

data[“oauth_signature”] = signature.digest().encode(“base64”).rstrip(‘\n’)

headers = {

    ‘Authorization’ : ‘Oauth’


response =, headers=headers, data=json.dumps(data))

The exact response text obtained is:

<?xml version=”1.0″ encoding=”UTF-8″?>


  <http_status>400 Bad Request</http_status>

  <message category=”invalid_oauth_request”>Unknown OAuth signature method.</message>


Alternatives tried:

•    PLAINTEXT as signature method (and changing the signature accordingly) has been tried without any change in the response.

•    Sending the parameters in the Authorization header instead of the body was also tried but the response was the same.

•    Encoding the parameters in the body with the encoding scheme used by the “application/x-www-form-urlencoded” content-type returns “OAuth authentication failed” with error code 401 instead.

Thanks in advance for any help you can provide me

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Adam Stone
      Adam Stone

      Hi Michael,

      You should really be posting this as a question and not a blog.  I would suggest looking at the following site that has a good python example of how to do this:

      If you are still stuck after looking there, please repost this as a question.


      Author's profile photo Robert Horne
      Robert Horne

      You may want to also try it with a tool like Postman for Chrome. I just tested it out last week and it works great with Postman. You can do this to test what you are sending in your code. Our service is a OAuth 1.0a compliant service.

      Author's profile photo Ingo Schulz
      Ingo Schulz

      Just an additional remark: Rob and Adam also ran an expert webinar about "mastering authentication for SAP Jam APIs". This webinar is available to enterprise support customers (all SAP Jam/Cloud customers) and partners (just need an SAP s user ID).

      You can find the recording at

      If you are also interested in other webinars about Jam around setup, integration, customization, as well as driving adoption, please sign up for the SAP Jam value map at

      Hope this helps,