Retrieving media

Retrieving media

Media in direct messages must be retrieved via an authenticated app-user GET request.  It is advised that applications store user's access tokens to use for direct message media retrieval.

For media in direct messages, media_url is the same https URL as media_url_https and must be accessed by signing a request with the user’s access token using OAuth 1.0A.

You can no longer access media via an authenticated session. We cannot prescribe how you should update your integration if you are affected by this change. However, here is one implementation path to address this that we endorse:

  • Make sure you’re storing a user’s Twitter access token, if you’re not already
  • Set up an endpoint to make OAuth requests to Twitter to retrieve DM images on behalf of the user using the user’s Twitter access token:
    • The endpoint should be a GET endpoint
    • The endpoint must be authenticated
    • The endpoint must deny all cross-origin requests
    • The endpoint must only be used for making requests to retrieve DM images, and must deny requests to other Twitter APIs

Example request:

      curl --request GET \

  --url \

  --header 'authorization: OAuth 

If you display images in a web interface, the URL from the newly created endpoint could be used in a <img> tag to display to users of your products.


      <img src="fetch_dm_image?url=">