Receiving 400 Client Error from Google Reader API (specifically, user authorized edits/deletes)

I've been trying to fix a google reader client for the iphone I wrote more than half a year ago, which broke after Google changed its authentication scheme for google reader in June. I've currently hit a roadblock with edit/delete functionality for items, feeds and folders...

www.google.com/reader/api/0/subscription/edit

www.google.com/reader/api/0/edit-tag

www.google.com/reader/api/0/mark-all-as-read

www.google.com/reader/api/0/disable-tag

www.go开发者_运维知识库ogle.com/reader/api/0/item/edit

www.google.com/reader/api/0/item/delete

Requests made to the above interfaces all result in 400 Bad Request errors. Checking the response heads for my requests, I see that the reason is a bad token.

"Cache-Control" = "no-cache, no-store, max-age=0, must-revalidate"; "Content-Length" = 1334; "Content-Type" = "text/html; charset=UTF-8"; Date = "Thu, 25 Nov 2010 09:51:08 GMT"; Expires = "Fri, 01 Jan 1990 00:00:00 GMT"; Pragma = "no-cache"; Server = GSE; "X-Content-Type-Options" = nosniff; "X-Frame-Options" = SAMEORIGIN; "X-Reader-Google-Bad-Token" = true; "X-Reader-Google-Version" = "521-000"; "X-Reader-User" = 05659401224324679732; "X-Xss-Protection" = "1; mode=block";

This makes sense, as the above API are the only ones that require the token you get from www.google.com/reader/api/0/token

Here's a sample of one of the tokens I'm using: tpMLOEjtCjn2zzb6Gg2IYw

Now, prior to June the above functionality was working, so the my token acquirement must have been correct. I'm currently using the same endpoint and getting a response, so it seems to be ok, although the token I'm getting back seems suspiciously short, given how long the SID and auth tokens are (I can't recall whether the token was this short prior to June). Expiry is not a possibility, since I get the same error even when I log-in again and reacquire a new token. I've made sure that aren't any whitespaces in my token string, so it can't be that either.

Does anyone have any idea what I could be doing wrong? I haven't been able to find any other info elsewhere online regarding, except for an unanswered post on the same topic that speculated that an HSID string might be required along with the SID in the cookie.

Google no longer accepts the SID cookie. You now need to pass the Auth as an http header.
This answer from another question might help, Google Reader API?