It seems as though a lot of you have a similar problem to the one I had, whereby oauth works fine, until you try to do a PUT request with xml data, or sometimes if you include semicolons in your URL for arguments. Both of these sometimes mess up the API server's ability to read what you posted.

So, here is what I found. When obtaining registration credentials, I found it problematic to try to send my OAuth signature in the header. This was particularly a problem for the step where you either send the verifier, or when refreshing an expired token, and you have to send the oauth_session_handle. The reason here is, that a lot of standard OAuth libraries don't have a standard way to accept those two items. So, it's easier to send them in the body of the request. But, if you do that, then you need to send the rest of the OAuth credentials in the body of the request.

HOWEVER, when you are simply making a request to the API to GET data, or to PUT data, things go much more smoothly if you send the OAuth signature in the header. Most libraries allow you to specify this via a boolean paramater like 'header_auth' or 'headerauth'.

For what it's worth, I make my HTTP requests in Python using a library called Requests, available here: http://docs.python-requests.org/en/latest/

Instead of using Request's built in OAuth, I found it easiest to use this plugin: https://github.com/maraujop/requests-oauth

Hope this helps, Matt