Authentication

OAuth 2.0 Bearer Token contents
  • Application-only authentication
  • Using bearer tokens

    • Using and generating a Bearer Token

    A bearer token allows developers to have a more secure point of entry for using the Twitter APIs, and are one of the core features of OAuth 2.0. 

    Authentication, which uses a Bearer Token, is also known as application-only authentication. A Bearer Token is a byte array of unspecified format that you generate using a script like a curl command. More information about this feature can be found on OAuth's official documentation.

     

    When are they used?

    The products that require the use of a Bearer Token are as follows:

    Prerequisites

    You will need an approved developer account and to have created a Twitter app. Once you have those, you'll also need to obtain the consumer API keys from the Twitter app detail pages found in the developer portal. Follow the steps below:

    1. Login to your Twitter account on developer.twitter.com.
    2. Navigate to the Twitter app dashboard and open the Twitter app for which you would like to generate access tokens.
    3. Navigate to the "Keys and Tokens" page.
    4. You'll find the "Consumer API keys" on this page.

     

    How to generate a Bearer Token

    Copy the following cURL request into your command line after making changes to the following consumer API keys previously obtained from your Twitter app. Note that the consumer API keys used on this page have been disabled and will not work for real requests.

    • API key <API key> e.g.xvz1evFS4wEEPTGEFPHBog
    • API secret key <API secret key> e.g. L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg
      curl -u '<API key>:<API secret key>' \
  --data 'grant_type=client_credentials' \
  'https://api.twitter.com/oauth2/token'

     

    Here's an example of how the curl request should look with your API keys entered:

      curl -u 'xvz1evFS4wEEPTGEFPHBog:L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg' \
  --data 'grant_type=client_credentials' \
  'https://api.twitter.com/oauth2/token'

     

    Here is what the response would look like. Note that this is a decommissioned Bearer Token:

    {"token_type":"bearer","access_token":"AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"}


    Our Bearer Token used to authenticate to resources with OAuth 2.0 would be:

    AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F