Using and generating a Bearer Token

A bearer token allows developers to have a more secure point of entry for using the Twitter APIs, and are one of the core features of OAuth 2.0. 

Authentication, which uses a Bearer Token, is also known as application-only authentication. A Bearer Token is a byte array of unspecified format that you generate using a script like a curl command. You can also obtain a Bearer Token from the developer portal inside the keys and tokens section of your App's settings. More information about this feature can be found on OAuth's official documentation.

 

When are they used?

The products that require the use of a Bearer Token are as follows:

Prerequisites

You will need an approved developer account and to have created a Twitter App. Once you have those, you'll also need to obtain the consumer API keys from found in the developer portal. Follow the steps below:

  1. Login to your Twitter account on developer.twitter.com.
  2. Navigate to the Twitter App dashboard and open the Twitter App for which you would like to generate access tokens.
  3. Navigate to the "keys and tokens" page.
  4. You'll find the "consumer API keys" and "bearer token" on this page.

 

How to generate a Bearer Token

You can find the Bearer Token for your App with the rest of your "Keys and Tokens".

Copy the following cURL request into your command line after making changes to the following consumer API keys previously obtained from your Twitter App. Note that the consumer API keys used on this page have been decommissioned and will not work for real requests.

  • API key <API key> e.g.xvz1evFS4wEEPTGEFPHBog
  • API secret key <API secret key> e.g. L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg
      curl -u "$API_KEY:$API_SECRET_KEY" \
  --data 'grant_type=client_credentials' \
  'https://api.twitter.com/oauth2/token'
    

 

Here's an example of how the curl request should look with your API keys entered:

      curl -u 'xvz1evFS4wEEPTGEFPHBog:L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg' \
  --data 'grant_type=client_credentials' \
  'https://api.twitter.com/oauth2/token'
    

 

Here is what the response would look like. Note that this is a decommissioned Bearer Token:

{"token_type":"bearer","access_token":"AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"}


Our Bearer Token used to authenticate to resources with OAuth 2.0 would be:

AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F

Was this document helpful?
Thank you

Thank you for the feedback. We’re really glad we could help!

Thank you for the feedback. How could we improve this document?
Thank you for the feedback. Your comments will help us improve our documents in the future.