<br _rte_temp_br="brEOB">

POST oauth/request_token

 

This is the first step in the OAuth 1.0a 3-legged OAuth flow, which can be used to generate a set of user Access Tokens. It is also the first step for Sign in with Twitter.

A successful request to this endpoint allows an App to obtain an OAuth Request Token to request user authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication flow.

We require you use HTTPS for all OAuth authorization steps
 

Endpoint URL

https://api.twitter.com/oauth/request_token


Authentication

Authentication Required - See the example request for more details.


Query parameters

Name Required Description Example
oauth_callback required

Once a user authorizes or authenticates your App, they will be redirected to the URL that is specified as the value to this parameter. Make sure to HTTP encode this value.

If you are using pin-based authorization, you will need to set this to oob

We require that you add any callback URL used with this endpoint into your App’s settings within the developer portal.

Learn more about callback URLs.

http://examplecallbackurl.local/auth.php

twitterclient://callback

x_auth_access_type optional Overrides the access level an application requests to a user's account. Supported values are read or write. This parameter is intended to allow a developer to register a read/write App, but also request read-only access when appropriate.  

 

Example request

This endpoint requires you to authorize your request, but does not require any Access Tokens. You will need to replace any value that starts with a $ to make a succesful request. 

Please note that there are tools and libraries out there that can automatically handle the oauth_nonce, oauth_timestamp, and oauth_signature authorization header parameters. The oauth_consumer_key will be your App's API key, oauth_signature_method will be HMAC-SHA1, and oauth_version will be 1.0.

      curl --request POST \
  --url 'https://api.twitter.com/oauth/request_token?oauth_callback=$HTTP_ENCODED_CALLBACK_URL' \
  --header 'Authorization: OAuth oauth_consumer_key="$oauth_consumer_key", oauth_nonce="$oauth_nonce", oauth_signature="oauth_signature", oauth_signature_method="HMAC-SHA1", oauth_timestamp="$timestamp", oauth_version="1.0"'
    

Example response

You will pass the oauth_token from this response along with the GET oauth/authorize or GET oauth/authenticate endpoints to continue the process of having users authenticate or authorize your App.

      oauth_token=zlgW3QAAAAAA2_NZAAABfxxxxxxk&oauth_token_secret=pBYEQzdbyMqIcyDzyn0X7LDxxxxxxxxx&oauth_callback_confirmed=true