Advanced Setup

Use Existing Twitter API Keys

You should use API keys from a Twitter app generated on

To use existing Twitter API Keys:

  1. Go to your Twitter application’s settings at Twitter’s developer site.
  2. Find your application and go to the permissions tab.
  3. Select the appropriate permissions for your needs (e.g. “Read and write”)
  4. If you are using login, add a placeholder URL in the Callback URL field (eg. “”).
  5. Click update settings.


Although the callback URL will not be requested by Twitter Kit in your app, it must be set to a valid URL for the app to work with the SDK.


Allow Log In with Twitter

If you wish to use Log In with Twitter, be sure that Allow this application to be used to Sign in to Twitter is checked:


Additional Permissions

If your app requires writing Tweets or accessing DM’s you will need to enable additional permissions for your app.

Changes to the application permission model will only take effect in access tokens obtained after the permission model change is saved. You will need to re-negotiate existing access tokens to alter the permission level associated with each of your application’s users.


Use OAuth Echo

OAuth Echo is a means to securely delegate OAuth authorization with a third party while interacting with an API. For example, you may wish to verify a user’s credentials from your app’s server (the third party) rather than your app.

Instantiate OAuthSigning

OAuthSigning relies on the TwitterAuthConfig as well as a TwitterAuthToken.

The TwitterAuthConfig class encapsulates the credentials to identify your Twitter application. You can get this object from the TwitterCore class.

The TwitterAuthToken class represents the user credentials of a Twitter user. You can get this object from a TwitterSession.

TwitterAuthConfig authConfig = TwitterCore.getInstance().getAuthConfig();
TwitterAuthToken authToken = session.getAuthToken();

OAuthSigning oauthSigning = new OAuthSigning(authConfig, authToken);

Create OAuth Echo Headers

The easiest way to use OAuth Echo is by requesting the headers to make a request to verify_credentials from outside the app.

Map<String, String> authHeaders = oauthSigning.getOAuthEchoHeadersForVerifyCredentials();

Once you have the headers, you can relay those to your backend to verify the credentials of the user session in your application.

URL url = new URL("");
HttpsURLConnection connection = (HttpsURLConnection)url.openConnection();

// Add OAuth Echo headers to request
for (Map.Entry<String, String> entry : authHeaders.entrySet()) {
  connection.setRequestProperty(entry.getKey(), entry.getValue());

// Perform request

The authHeaders map contains the x-auth-service-provider and x-verify-credentials-authorization keys. Your backend should take the value in x-verify-credentials-authorization, and use it to set the authorization header for a request to the URL in x-auth-service-provider.