Consumer key | xvz1evFS4wEEPTGEFPHBog |
Consumer secret | L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg |
RFC 1738 encoded consumer key (does not change) | xvz1evFS4wEEPTGEFPHBog |
RFC 1738 encoded consumer secret (does not change) | L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg |
Bearer Token credentials | xvz1evFS4wEEPTGEFPHBog:L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg |
Base64 encoded Bearer Token credentials | :: eHZ6MWV2RlM0d0VFUFRHRUZQSEJvZzpMOHFxOVBaeVJnNmllS0dFS2hab2xHQzB2SldMdzhpRUo4OERSZHlPZw== |
Authorization
header with the value of Basic <base64 encoded value from step 1>.
Content-Type
header with the value of application/x-www-form-urlencoded;charset=UTF-8.
grant_type=client_credentials
.token_type
key of the returned object is bearer
. The value associated with the access_token
key is the App only Access Token (Bearer Token).
Note that one App only Access Token is valid for an application at a time. Issuing another request with the same credentials to /oauth2/token
will return the same token until it is invalidated.
Step 3: Authenticate API requests with the App only Access Token (Bearer Token)
The App only Access Token (Bearer Token) may be used to issue requests to API endpoints that support application-only auth. To use the App Access Token, construct a normal HTTPS request and include an Authorization
header with the value of Bearer <base64 bearer token value from step 2>. Signing is not required.
Example request (Authorization header has been wrapped):
grant_type=client_credentials
).statuses/home_timeline
) with a n App only Access Token (Bearer Token) will produce: