POST oauth/request_token

This is the first step in the OAuth 1.0a 3-legged OAuth flow, which can be used to generate a set of user Access Tokens. It is also the first step for Sign in with Twitter.

A successful request to this endpoint allows an App to obtain an OAuth Request Token to request user authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication flow.

We require you use HTTPS for all OAuth authorization steps

Endpoint URL¶

https://api.twitter.com/oauth/request_token

Authentication¶

Authentication

Required - See the example request for more details.

Query parameters¶

Name Required Description Example

oauth_callback

required

Name	Required	Description	Example
oauth_callback	required	Once a user authorizes or authenticates your App, they will be redirected to the URL that is specified as the value to this parameter. Make sure to HTTP encode this value. If you are using pin-based authorization, you will need to set this to `oob`. We require that you add any callback URL used with this endpoint into your App’s settings within the developer portal. Learn more about callback URLs.	`http://examplecallbackurl.local/auth.php` `twitterclient://callback`
x_auth_access_type	optional	Overrides the access level an application requests to a user's account. Supported values are `read` or `write`. This parameter is intended to allow a developer to register a read/write App, but also request read-only access when appropriate.

Once a user authorizes or authenticates your App, they will be redirected to the URL that is specified as the value to this parameter. Make sure to HTTP encode this value.

If you are using pin-based authorization, you will need to set this to oob.

We require that you add any callback URL used with this endpoint into your App’s settings within the developer portal.

Learn more about callback URLs.

http://examplecallbackurl.local/auth.php

twitterclient://callback

x_auth_access_type optional Overrides the access level an application requests to a user's account. Supported values are read or write. This parameter is intended to allow a developer to register a read/write App, but also request read-only access when appropriate.

Example request¶

This endpoint requires you to authorize your request, but does not require any Access Tokens. You will need to replace any value that starts with a $ to make a succesful request.

Please note that there are tools and libraries out there that can automatically handle the oauth_nonce, oauth_timestamp, and oauth_signature authorization header parameters. The oauth_consumer_key will be your App's API key, oauth_signature_method will be HMAC-SHA1, and oauth_version will be 1.0.

      curl --request POST \
  --url 'https://api.twitter.com/oauth/request_token?oauth_callback=$HTTP_ENCODED_CALLBACK_URL' \
  --header 'Authorization: OAuth oauth_consumer_key="$oauth_consumer_key", oauth_nonce="$oauth_nonce", oauth_signature="oauth_signature", oauth_signature_method="HMAC-SHA1", oauth_timestamp="$timestamp", oauth_version="1.0"'

Example response

You will pass the oauth_token from this response along with the GET oauth/authorize or GET oauth/authenticate endpoints to continue the process of having users authenticate or authorize your App.

      oauth_token=zlgW3QAAAAAA2_NZAAABfxxxxxxk&oauth_token_secret=pBYEQzdbyMqIcyDzyn0X7LDxxxxxxxxx&oauth_callback_confirmed=true