Escaping an ampersand within an OAuth request
Regards ♨ – Minimul
When working with the Intuit's Quickbooks Online API I couldn't get an ampersand within a search filter to work. Using Ruby's CGI to escape the request to Quickbooks Online here is the original request:
# Example Request to find vendor with an ampersand in the name e.g.: Name :EQUALS: Dietz & Watson # CGI.escape yields CGI.escape 'Name :EQUALS: Dietz & Watson' => "Name+%3AEQUALS%3A+Dietz+%26+Watson"
You can see that the
& is converted to
%26 that is the standard and correct encoding but was not finding the record.
The answer is to replace the
%2526 for example.
Note: If you are using Ruby's CGI library you can pass this is string
"Dietz %26 Watson" into CGI.escape and it will convert it to
It might have to do with the filter being a part of a OAuth request. The best possible explanation I found was from Taylor Singletary here, which I quote below.
The best way to look at it is that yes, you'll need to encode & to %26 to include it within the status body of a message. In an OAuth signature base string, then already encoded "%26" would need to be "%25%26." The library or environment you are using might have some features to it that is trying to "do the right thing" for you -- but actually isn't. Perhaps when you use a raw "&" it converts it %26 for the POST body but fails to convert it to %2526 for the signature basestring. Perhaps when you send a %26 instead, it converts it to %2526 for your POST body and then %252526 for your signature base string, which would explain the encoding issue in the resultant tweet. Identifying when there's magic behavior going on should help you solve the problem.