Introduction
The Twitter App dashboard allows developers to quickly and easily perform the following tasks:
- View your existing Apps and Projects and their associated App ID.
- Create a new Project or standalone App.
- Delete a Project, App, or standalone App.
- Open up a specific App's settings by clicking into the App’s settings. Within the settings, you can see the App details, keys and tokens, and permissions.
- Update your App's user authentication settings to use either OAuth 1.0a or OAuth 2.0.
Please note
All App keys and tokens are no longer viewable within the Developer Portal and must be saved securely once generated. We recommend using a password manager to store your keys and tokens.
You can reveal an API Key hint to help you match your credential to their corresponding App.
App Settings
App details
Here you can edit the App icon, App name, App description, your website URL, callback URLs/redirect URIs, terms of service URL, privacy policy URL, organization name, organization URL, and purpose or use case of the App.
OAuth 2.0 and OAuth 1.0a are authentication methods that allow users to sign in to your App with Twitter. They also allow your App to make specific requests on behalf of authenticated users. You can turn on one, or both methods for your App.
It is important to keep this information up to date. Your App name and website URL will be shown as the source within metadata for any Tweets created programmatically by your application. If you change the use case of a Twitter App, be sure to update the use case in these settings in order to ensure you are in compliance with the Developer Terms.
If your application has a tag showing 'suspended' this is because your app is in violation of one or more of Twitter's developer terms such as our automation rules. The developer platform policy team will communicate with developers through the email address set up on the App owner's Twitter account, to review this email address please review your Twitter account settings. Notification emails about suspensions will be sent to this email address with the title similar to "Application suspension notice" and will have specific information on what to do next. To work with the Twitter team to address suspensions, please check your email for specific instructions, or use our platform help form.
Keys and tokens
Inside of an App in a Project or via a standalone App you can view, regenerate, or revoke the following tokens:
- API Key (Consumer Key) and API Secret (Consumer Secret)
- App Access Token
- User Access Token and Access Token Secret -
The Access Token and Secret available within the developer portal relates to the user that owns the App.
Please note - If you would like to make requests on behalf of a different user (in other words, not the user that owns the App), you will have to use either the OAuth 1.0a 3-legged OAuth flow or OAuth 2.0 Authorization Code with PKCE flow to generate a set of user Access Tokens. You will then use these user-specific tokens in your request to the API.
User Authentication Settings
You can select your App’s authentication settings to be OAuth 1.0a or OAuth 2.0. OAuth 2.0 can be used with the Twitter API v2 only. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user. OAuth 1.0a can be used with Twitter API v1.1 and v2 and uses broad authorization with coarse scopes.
OAuth 1.0a Application-user Permissions
If you are the App owner, you can adjust the permissions of the App (read-only; read and write; or read, write and direct messages). This controls which resources and events you have access to via Twitter APIs (note: some resources require further permission from Twitter directly).
You can also toggle on and off your Apps' ability to ask for user email addresses on this page (this requires a Terms of Service URL and a Privacy Policy URL to be present on the "App details" page).
OAuth 2.0 Type of App
If you select OAuth 2.0 as your user authentication method you will need to select the type of App you are creating. Your options are Native App, Single page App, Web App, Automated App or bot. Native App and Single page Apps are public clients and Web App and Automated App or bots are confidential clients.
Confidential clients securely authenticate with the authorization server. They keep your client secret safe. Public clients are applications usually running in a browser or on a mobile device and are unable to use your client secrets. If you select a type of App that is a confidential client, you will be provided with a client secret.