API Key and Secret

API Key and Secret

The API Key and Secret (also known as Consumer Key and Secret) are the most fundamental credentials required to access the Twitter API. These credentials act as the username and password for your Twitter App, and are used by the Twitter API to understand which App requests are coming from. 

These credentials can be used by authentication endpoints to generate additional credentials, such as user Access Tokens and Secrets, and Bearer Tokens. You also need to use these credentials along with Access Tokens and other authorization parameters to authorize requests that require OAuth 1.0a User Context authentication. 

How to acquire an API Key and Secret

To acquire a Twitter API Key and Secret, please follow these steps:

  1. Sign up for a Twitter developer account
  2. Create a Twitter App within the developer portal. Note that if you would like to use Twitter API v2, you must add your Twitter App to a Project.

When you create your Twitter App, you will be presented with your API Key and Secret, along with a Bearer Token. Please note that we only display these credentials once, so make sure to save them in your password manager or somewhere secure.

We have more recommendations on how to handle your keys and tokens within our authentication best practices page, including details on what you should do if your credentials have been compromised.

How to find and regenerate your API Key and Secret after App creation

If you've already created an App and need to find or regenerate your API Key and Secret, please follow these steps:

  1. Navigate to the developer portal
  2. Expand the 'Projects and Apps' dropdown in the sidenav
  3. Open the App which is associated with the API Key and Secret that you would like to find or regenerate
  4. Navigate to the Keys and tokens tab

From there, you will find all of the credentials associated with your App. 

How to use your API Key and Secret

If you are just exploring the Twitter Developer Platform, we recommend that you use a tool or library to see what’s available on the platform. These tools handle authentication gracefully, and can save you a lot of time and frustration. We specifically recommend getting started with Postman or Insomnia for beginner developers. 

If you are interested in building a request from scratch, please read our guide on authorizing an OAuth 1.0a request.