Your app will need to build an authorize URL to Twitter, indicating the scopes your app needs to authorize. The URL will also contain the response type, client id, redirect URI, code challenge, code challenge method and state parameters.
Example scopes to request from user:
tweet.read%20users.read%20account.follows.read%20account.follows.write
Have the user authenticate, and send the application an authorization code. Example URL to redirect user to:
For offline access, you will have to pass in the required scope:
Upon successful authentication, your redirect_uri would receive a request containing the auth_code parameter. Your application should verify the state parameter. Example request from client’s redirect:
Convert the authorization code into a usable access token and refresh token.
Example Token Request:
curl --location --request POST 'https://api.twitter.com/2/oauth2/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'code=VGNibzFWSWREZm01bjN1N3dicWlNUG1oa2xRRVNNdmVHelJGY2hPWGxNd2dxOjE2MjIxNjA4MjU4MjU6MToxOmFjOjE' \--data-urlencode 'grant_type=authorization_code' \--data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ \--data-urlencode 'redirect_uri=https://www.example.com' \--data-urlencode 'code_verifier=challenge'
Example Token Response:
{ "token_type": "bearer", "expires_in": 7200, "access_token": "Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE", "scope": "tweet.moderate.write account.follows.write users.read account.follows.read tweet.read", "refresh_token": "bWRWa3gzdnk3WHRGU1o0bmRRcTJ5VUxWX1lZTDdJSUtmaWcxbTVxdEFXcW5tOjE2MjIxNDc3NDM5MTQ6MToxOnJ0OjE" }
Use the access token to hit Twitter APIs.
curl --location --request GET 'https://api.twitter.com/2/tweets?ids=1261326399320715264,1278347468690915330' \--header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
curl --location --request GET 'https://api.twitter.com/2/tweets/1261326399320715264' \--header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
curl --location --request GET 'https://api.twitter.com/2/users?ids=2244994945,6253282' \--header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
curl --location --request GET 'https://api.twitter.com/2/users/2244994945' \--header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
curl --location --request GET 'https://api.twitter.com/2/users/by?usernames=TwitterDev,Twitter' \--header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
curl --header 'Content-Type: application/json' \ --header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE' \ --request POST \ --data '{"target_user_id": "2244994945"}' \ https://api.twitter.com/2/users/2750565428/following
curl --location --request GET 'https://api.twitter.com/2/users/1176196242566574085/following' \ --header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
curl --location --request DELETE 'https://api.twitter.com/2/users/1176196242566574085/following/2244994945' \--data-raw '' \--header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE'
Convert the refresh token into a new pair of access token and refresh token.Example Token Request:curl --location --request.
POST 'https://api.twitter.com/2/oauth2/token' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'refresh_token=bWRWa3gzdnk3WHRGU1o0bmRRcTJ5VUxWX1lZTDdJSUtmaWcxbTVxdEFXcW5tOjE2MjIxNDc3NDM5MTQ6MToxOnJ0OjE \--data-urlencode 'grant_type=refresh_token' \--data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ'
Revoke Access Token and Refresh Token.
Example Revoke Token Request:
curl --location --request POST 'https://api.twitter.com/2/oauth2/revoke' \--header 'Content-Type: application/x-www-form-urlencoded' \--data-urlencode 'token=Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE' \--data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ \--data-urlencode 'token_type_hint=access_token'
Nice!