Callback URLs

You can make adjustments to your callback URL via the "Apps" page in the developer portal.

Sign in with Twitter allows developers to access Twitter content in order to make it easy for their users to sign in with just a few clicks. Developers use callback URLs as part of this integration in order to provide directions on where a user should go after signing in with their Twitter credentials.

As part of our continued effort to ensure safety and security on the Twitter developer platform, any developer using Sign in with Twitter must explicitly declare their callback URLs in a whitelist on the "Apps" page in the developer portal. This means that if the callback_url parameter used with the oauth/request_token endpoint isn't whitelisted, you will receive an error.

Query string arguments to the callback_url are preserved according to the oauth spec to save other developers from having to read the oauth spec to discover this feature.

Please note: If you use Twitter Kit for iOS or Android, you will have to use the following callback URLs:

  • Android - twittersdk://
  • iOS - twitterkit-CONSUMERKEY://
     

Please note: Mobile apps with app-specific protocols must use just the protocol. For example, please use example:// as opposed to example://authorize. Any deep linking will result in the following error:

“The client application failed validation: Not a valid callback URL format.”


Error Example

If you use a callback URL that hasn't been whitelisted, you will receive the following error message:

HTTP 403 - Forbidden

{
  "errors":
    [
      {"code":415,"message":"Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings."}
    ]
  }

OR

<?xml version="1.0" encoding="UTF-8"?>
<hash>
<error>Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings</error>
<request>/oauth/request_token</request>
</hash>


If you do receive this error message, please check the URL that you are using with the callback_url parameter in your oauth/request_token call and make sure that this URL has been whitelisted in your Twitter app settings in the developer portal.
 

Next Steps