How to whitelist a twitter application



I have created an app in .I’m not knowing how to whitelist the app inorder to get the email of the user

"Requesting a user’s email address requires your application to be whitelisted by Twitter. To request access, please use this form."

There is no good topic but a staff member said somewhere here on the forum to use “I need access to special authentication privileges (e.g. xAuth)” and then in details write that you aren’t looking for xauth but rather the email permission whitelist. You might get a response that “xAuth is not for web”, then just reply to that e-mail and again say that you are looking to be whitelisted.

Good luck!


Yes,I got a mail and I requested for the app to be whitelisted. Do you know how long it will take to be whitelisted ? Thank you


Not sure. I think it depends on how many inquiries they have otherwise. Mine took 1-2 hours but some other have said a couple of days.


I am also trying to fetch the email address,i have followed the instructions from the link :
I also have regenerated the access token and secret but still not getting the email address…i also confirmed my email account.
What am i doing wrong


There is no longer any need to apply for whitelisting for access to a user’s email address. Your application MUST have a valid privacy policy and TOS URL specified before you may toggle on the option to request a user’s email address in the settings.

What API endpoint are you calling? Does the “will have access to your email address” permission appear in the auth dialog when your app is authenticating with Twitter? The instructions on how to request the user’s email address are here.


In the auth log , it is mentioned that it will not show email address. I am actually working on angular 2 in local environment using slim 3 framwork (PHP) for Twitter API calls and i am able to fetch all details except for email address.

As per your comment, i haven’t added valid privacy policy and TOS url. Would it reflect fast after adding valid url?

  • ensure you have specified privacy policy and TOS URLs
  • on the Permissions tab in, check the email setting (under additional permissions)
  • have the user re-authenticate with the app (i.e. fetch new user token and secret) and ensure that the email permission is shown on the auth dialog

At that point, you should be able to request the email address on the verify_credentials endpoint.


I have added the privacy policy and TOS urls and checked the email settings.
On calling oauth / request_token I am getting different oauth tokens on calling authorize API. I logged out and tried again to get the email permission.
But i am not getting the email permission in the auth dialog box. What do you mean by re-authenticate? is it to log out and then log in?


I am using angular 2 with php backend ( slim3 framework ) for API calls,on clicking the twitter button i call the auth api

require "twitteroauth/autoload.php";

use Abraham\TwitterOAuth\TwitterOAuth;

/* *
 * URL: http://localhost/kudosapi/auth
 * Parameters: token
 * Method: GET
 * */

$app->get('/auth', function ($request, $response, $args) {
    $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET);
    $request_token = $connection->oauth('oauth/request_token', ['oauth_callback' => '', 'x_auth_access_type' => 'write']);

    $_SESSION['twt_oauth_token'] = $request_token['oauth_token'];
    $_SESSION['twt_oauth_token_secret'] = $request_token['oauth_token_secret'];

    $url = $connection->url('oauth/authorize', array('oauth_token' => $request_token['oauth_token']));
	$auth = [];
	$auth['url'] = $url;
	$auth['oauth_token'] = $request_token['oauth_token'];
	$auth['oauth_token_secret'] = $request_token['oauth_token_secret'];

	 return $this->response->withJson($auth);

After this it goes to the callback url which i mentioned in the above code…the url would contain the oauth_token and verifier values. I also send the token and token secret values since the values were not getting stored in sessions ( i dont know why ). After getting these values from auth api, i trigger to call callback api passing the values: oauth_token, verifier,token and token secret. the callback api code is given below:

/* *
 * URL: http://localhost/kudosapi/auth/twitter/callback
 * Parameters: otoken, verifier, oatoken, oasecret
 * Method: PUT
 * */

$app->put('/auth/twitter/callback', function (Slim\Http\Request $request, Slim\Http\Response $response, $args) use($app) {
	$inputs = $request->getParsedBody();
	$request_token = [];
    $request_token['oauth_token'] = $inputs['oatoken'];
    $request_token['oauth_token_secret'] = $inputs['oasecret'];

    if ($request_token['oauth_token'] !== $inputs['otoken']) {
        die('something went wrong');

    $connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $request_token['oauth_token'], $request_token['oauth_token_secret']);
    $access_token = $connection->oauth("oauth/access_token", ["oauth_verifier" => $inputs['verifier']]);

    $_SESSION['twt_access_token'] = $access_token;
	$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
    $user = $connection->get("account/verify_credentials", ['include_email' => 'true', 'include_entities' => 'false', 'skip_status' => 'true']);
	return $this->response->withJson($user);

Doing these i get the user credentials except for email address, I have done all options mentioned before and it shows can request for email address in app details page. However it shows email address cannot be seen in the auth dialog box. Is there any mistake in the way i call the twitter api? Please do help me.


Hi ,

“Request email addresses from users” checbox in permission setting tabs is not selected for my application. Still it gives me the following error :

[TwitterKit] did encounter error with message “Error obtaining user auth token.”: Error Domain=TWTRLogInErrorDomain Code=-1 “<?xml version="1.0" encoding="UTF-8"?>Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings” UserInfo={NSLocalizedDescription=<?xml version="1.0" encoding="UTF-8"?>Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings}

Please help me out.


This is a different problem. You need to whitelist your Twitter Kit app’s callback method on (per the recent announcement).

For an iOS app, you should use twitterkit-CONSUMERKEY:// as the callback URL.


And for Android App? My Android application is also giving me same error.


Use twittersdk://for Android.