POST oauth/access_token

Allows a Consumer application to exchange the OAuth Request Token for an OAuth Access Token. This method fulfills Section 6.3 of the OAuth 1.0 authentication flow.

The OAuth access token may also be used for xAuth operations.

Please use HTTPS for this method, and all other OAuth token negotiation steps.

Resource URL

Resource Information

Requires authentication?
Rate limited?


Please note that the parameters listed below are additional parameters we allow on this method for xAuth — there are OAuth-specific parameters not listed here. Learn OAuth for more information.

x_auth_password optional

The password of the user for which to obtain a token for. Required when using xAuth

x_auth_username optional

The username of the user to obtain a token for. Required when using xAuth

x_auth_mode optional

Set this value to client_auth, without the quotes. Required when using xAuth

oauth_verifier optional

If using the OAuth web-flow, set this parameter to the value of the oauth_verifier returned in the callback URL. If you are using out-of-band OAuth, set this value to the pin-code. When using xAuth, this value should not be included.

For OAuth 1.0a compliance this parameter is required unless you are using xAuth. Currently Twitter supports both OAuth 1.0 and OAuth 1.0a which means we do not error if this value isn’t included. OAuth 1.0a is now strictly enforced and applications not using the oauth_verifier will fail to complete the OAuth flow. If you’re not receiving an oauth_verifier in your callback, verify that you’re explicitly setting your oauth_callback on POST oauth/request_token.

OAuth Signature Generator

Sign in to see a list of your registered applications.

Example Result

Response to a successful request