For how long does the RequestToken remain valid?


What is the duration , after which the RequestToken obtained gets expired ?


The request tokens are short lived. I don’t have an exact expiration in mind but I would recommend they are used with the /authorize endpoint call within a couple of minutes of being received.

The access tokens you will get back are permanent. They will only stop working if the user removes your application from their account or if you regenerate your keys and don’t update your Twitter application.


“… but I would recommend they are used with the /authorize endpoint call within a couple of minutes of being received…” I didn’t understand you.


Sorry if this was not clear enough.

First, you have request tokens. You get a request token by asking Twitter to issue a token, the goal being to exchange it for an access token. In order to do so, you must obtain approval from the user by redirecting to Twitter, and finally retrieve an access token once the user has authorized your app. This is why request tokens are short lived. They are meant to be used within a couple minutes maximum, just while the user is signing in and granting access to your app.

Second, you have access tokens. The access token retrieved at the end of the sign in flow is meant to be used with all OAuth-signed API endpoints. These access tokens do not expire. Your access token will be invalid only if a user explicitly rejects your application from their settings or if a Twitter admin suspends your application.

I hope this helps clarify the difference between the two and their expected lifetime. You can read more about the OAuth flow on [node:2867].


I appreciate your help. Thank you.
I have been stuck for several days. A new request token will have to be generated every time a new user makes request. While I have found no way do this,every time I make a new request I get an exception. I am using twitter4j (a java library) as the library to make a twitter client.

How can I refresh/generate a new Request Token ?