Callback URLs

Sign in with Twitter allows developers to access Twitter content in order to make it easy for their users to sign in with just a few clicks. Developers use callback URLs as part of this integration in order to provide directions on where a user should go after signing in with their Twitter credentials.

As part of our continued effort to ensure safety and security on the Twitter developer platform, any developer using Sign in with Twitter must explicitly declare their callback URLs in a whitelist in the Twitter apps settings which can be accessed in the apps dashboard when logged into your Twitter account on developer.twitter.com. This means that if the callback_url parameter used with the oauth/request_token endpoint isn't whitelisted, you will receive an error.
 

Best Practices

When you are setting up your callback URLs, there are a few things that you should keep in mind:

Need more than 10 callback URLs?
There is a hard limit of 10 callback URLs in the Twitter apps dashboard. Please make sure to combine your callback URLs into a single address and use query strings in your oauth/request_token request.

Do not add query strings to your callback URLs in your Twitter app’s configuration
Twitter will allow you to pass any standard query strings along with your callback URL in your oauth/request_token request. Therefore, we do not allow you to add query strings to the end of the callback URL that you list in the Twitter apps dashboard.
Example:

• You want to use https://yourdomain.com?source=twitter as your callback URL
  • Add this to the Twitter app dashboard: https://yourdomain.com
  • Use this in your call to oauth/request_token: https://yourdomain.com?source=twitter
     

Don’t use localhost as a callback URL
Instead of using localhost, please use a custom host locally or http(s)://127.0.0.1.

Mobile apps with app-specific protocols must use just the protocol
Example:

• You want to use example://authorize as your callback URL
  • Add this to both your Twitter app dashboard and your call to oauth/request_token: example://
     

Error Example

If you use a callback URL that hasn't been whitelisted, you will receive the following error message:

HTTP 403 - Forbidden

{
  "errors":
    [
      {"code":415,"message":"Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings."}
    ]
  }

OR

<?xml version="1.0" encoding="UTF-8"?>
<hash>
<error>Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings</error>
<request>/oauth/request_token</request>
</hash>

If you do receive this error message, please check the URL that you are using with the callback_url parameter in your oauth/request_token call and make sure that this URL has been whitelisted in your Twitter app settings.
 

Next Steps

• Apply for a developer account
• Learn more about 3-legged oAuth
• Have a question? Review our FAQ section