Getting OAuth Keys and Tokens for Your Android Twitter App

The following instructions apply to the Twitter web pages for current developers. Twitter might change the design of its website at any time without notice.

1. Sign in to your Twitter user account (or register for an account if you don't already have one).
2. Visit Twitter’s Developer Page.

   If the stars are aligned harmoniously, you should see Twitter's Create an Application page.

3. On the Create an Application page, fill in all required fields along with the (misleadingly optional) Callback URL field.

   When you visit the page, you see the Name field, the Description field, the website field, and the Callback URL field. All but the Callback URL field are listed as being required. Typing your app's name in the Name field is a no-brainer. But what do you use for the other fields? After all, you aren’t creating an industrial-strength Android app. You’re creating only a test app — an app to help you see how to use Twitter4J. The good news is that you can type almost anything in the Description field. The same is true To communicate with Twitter via an Android app, you need a callback URL. In other words, the callback URL isn't optional. Neither the website field nor the Callback URL field has to point to a real web page. But you must fill in those two fields. The Callback URL field isn't marked as being required. Nevertheless, you must type a URL in the Callback URL field.

4. After agreeing to the terms, and doing the other stuff to prove that you're a good person, click the Create Your Twitter Application button.

   Doing so brings you to a page where you manage your new application. The page has four tabs, labeled Details, Settings, Keys and Access Tokens, and Permissions.

5. Near the top of the page, select the Permissions tab.
6. On the Permissions page, look for a choice of access types. Change your app's access from Read and Write (the default) to Read, Write and Access Direct Messages.

   For this toy application, you select Read, Write and Access Direct Messages — the most permissive access model that's available. This option prevents your app from hitting brick walls because of access problems. When you develop a real-life application, you do the opposite of what is suggested in this step. For a real-live app, you select the least permissive option that suits your application's requirements.

   First change your app's access level, and then create the app's access token. Don't create the access token before changing the access level. If you try to change the access level after you've created the access token, your app won't work. What's worse, Twitter's app setup page doesn't warn you about the problem.

7. Click the button that offers to update your application's settings.

   Doing so changes your app's access level to Read, Write and Access Direct Messages.

8. Near the top of the page, select the Keys and Access Tokens tab.

   You can find a few buttons on that page.

9. Click the button that offers to create your access token.

   After doing so, your app's Keys and Access Tokens tab displays your app’s access token and the access token secret, in addition to your app's access level, consumer key, and consumer secret.

10. Copy the four codes (Consumer Key, Consumer Secret, Access Token, and Access Token Secret) from your app's Details tab to the appropriate lines in your MainActivity class's code.

    Whew! You're done putting OAuth keys and tokens in your Java code.

In the OAuth world, an app whose code communicates with Twitter's servers is a consumer. To identify itself as a trustworthy consumer, an app must send passwords to Twitter's servers. In OAuth terminology, these passwords are called the consumer key and the consumer secret.