Callback URL

Overview

Sign in with Twitter allows developers to access Twitter content in order to make it easy for their users to sign in with just a few clicks. Developers use callback URLs as part of this integration in order to provide directions on where a user should go after signing in with their Twitter credentials. This field can be set for each of your different apps on the apps.twitter.com website.

As part of our continued effort to ensure safety and security on the Twitter developer platform, any developer using Sign in with Twitter must explicitly declare their callback URLs in a whitelist on apps.twitter.com. Any callback URLs used with the oauth/request_token endpoint must be whitelisted within your app settings on apps.twitter.com. This means that if the callback_url parameter used with the oauth/request_token endpoint isn't whitelisted, you will receive an error.

Please note: Mobile apps with app-specific protocols must use just the protocol. For example, please use example:// as opposed to example://authorize. Any deep linking will result in the following error:

“The client application failed validation: Not a valid callback URL format.”

Error Example

If you use a callback URL that hasn't been whitelisted, you will receive the following error message:

HTTP 403 - Forbidden

{
  "errors":
    [
      {"code":415,"message":"Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings."}
    ]
  }

OR

<?xml version="1.0" encoding="UTF-8"?>
<hash>
<error>Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings</error>
<request>/oauth/request_token</request>
</hash>


If you do receive this error message, please check the URL that you are using with the callback_url parameter in your oauth/request_token call and make sure that this URL has been whitelisted in your app settings on apps.twitter.com.