Twitter API Authorization

This is a walkthrough of how to authorize a Postman collection against the Twitter API by setting up your own application, and using the resulting access tokens in a Postman collection and environment. Providing the basis for authorization that can be used in different Postman collections.

Before you can make any call to the Twitter API you will need to have four application tokens you can only obtain via your own Twitter developer account. The first step of this process is to setup a Twitter developer account which is different than your regular account, and can be done via the Twitter developer portal.

Once you have a Twitter developer account you can visit the application listing page, and choose to create a new application in the top corner, and manage any existing application you have already added in the past. Allowing you to manage the details of your access to the Twitter API.

While creating an application there are a number of details you will need to consider, but to jumpstart your API Integration all you will need is the name, description, website URL, and tell Twitter how this app will be used. You can always edit these settings at any point in the future, so do not worry too much about them when getting started.

Once you have created your Twitter application you can visit the keys and tokens tab to obtain your consumer API keys as well as the access token and access token secret. Providing the four tokens you will need to actually authorize and make a successful call to the Twitter API using Postman.

Now that you have the four tokens you will need to include them in the Postman collection being defined—for this exercise we will use a basic Twitter Tweet search collection we already have defined. Just click on Run in Postman button in the top right corner of the Twitter Tweet Search collection, and load the collection into your Postman client.

Once the collection is loaded in your Postman application, you can click on the collection and choose to edit the settings for the entire collection, which is the first step in defining how you will authorize with the API.

Once the edit collection window pops up you can select the Authorization tab to choose OAuth 1.0 as the type of authorization, and Add auth data to Request Headers from both available dropdown. Then you can add four separate variables for your Consumer Key {{consumer_key}}, Consumer Secret {{consumer_secret}}, Access Token {{access_token}}, and Token Secret {{token_secret}}.

These variables will be applied across every request within the collection, but we will need to add a new environment that define these variables for us, and abstract away our tokens from the Postman Tweet Search collection, allowing us to use the same tokens across many different collections.

While editing our new environment we can give it a name, and add four separate variables for each of our tokens we used as part of our authorization, including {consumer_key}}, {{consumer_secret}}, {{access_token}}, and {{token_secret}}, adding the values from the Twitter applications we have already setup above.

Now we just need to make sure each API request we have in our collection inherits authorization from the collection, which will apply our Twitter environment variables to the authorization for each requestr I add to this collection.

Then you can go ahead and make the API request, searching for Tweets via the Twitter API, changing the query parameter to contain the search term or phrase you wish to search the API, and see the JSON response in the Postman browser.

That should provide you with everything you need to authorize with the Twitter API using OAuth 1.0 within a Postman collection, while also properly abstracting away the Twitter authorization tokens using a Postman environment. Keeping your secrets centralized and then applied across each collection, and each of the individual requests you are making.

2 Likes