You might need to add quotation marks around the values but it has to be part of the headers as it is an authorization string.
If you want it to be part of the parameters block then you need to add in the header Content-Type=application/x-ww-form-urlencoded so you can pass the authentication as part of the parameters block or the body block.
did you realize that the curl-command says “…oauth_signature_method=HMAC-SHA1” but your first screenshot shows only “MAC-SHA1” (without “H”)? I don’t know if it makes a difference, just trying to help.
Generating the OAuth 1.0 string is straight forward but involves a lot of steps.
First you need to create what is referred to as Base String which is comprised of the method (GET or POST) in uppercase then & the URL in lowercase then & this should be followed with all parameters in alphabetical order in the form of parameter name then = then parameter value then &
The timestamp should be unix time in seconds only
The nonce is any arbitrary text and can be the timestamp but in milliseconds
All this should be in URL ENCODED format
The next required parameter is the Base secret which is the Customer Key then & then customer secret and converted to URL ENCODED.
The last step is to create the Signature by hashing both the base string and the base secret. The result of the hashing should be in Base64.
Note that OAuth 1.0 only supports a single hashing method which is HMAC-SHA1.