Twitter Direct Messaging Chatbot Development/ Integration




I have an virtual private assistant (VPA) web application. This app has few agents available. Each agent has a set of conversations and FAQs configured inside it.
Now I am planning to integrate one of the agents from VPA app with Twitter Direct Messaging (DM). So when a user sends a DM to my twitter handle (or app handle), the message (or query) should be redirected to my application at backend.

In short, my application should act as backend service (webhook) for all queries posted onto my twitetr handle and respond automatically based on the conversations/ FAQs built inside my app.

Could you please guide me on the steps I need to follow to achieve this? I have crated a bot app using my twitter app as a first step.



We have a tutorial on the developer site which describes how to go about this, with links to sample code (in Node). You may also want to take a look at this alternative example (in Ruby), or explore some of the examples on Glitch.


Do we have any Java project that has used this twitter app as chatbot?


I’m not currently aware of an example in Java, but I believe that several Twitter partners use these APIs from Java environments. We’d love to hear about developers interacting with the API in different languages, so please share if you hear of any.


The main problem I am facing is to connect my application (VPA) to twitter via a webhook (OR service URL whatever we call it as in Twitter). I see a long process mentioned in this link -

Not sure whether I am referring the correct doc for this.

Any suggestions are welcome!


What specific problem are you facing, or what error(s) are you seeing? The process outlined there is correct in order to have webhook events sent to your application.


Well, I am getting 401 authorization required error !

I tried my application URL as webhook. Also tried one ofthe test url generated on -

I double checked and also regenerated my access token and access secret token. But still 401 error persists.

Few quick questions -

  1. Do we need to get our app verified or something before using it as webhook?
  2. I am not clear with the CRC token generation and verification part.


You need to have access to the Account Activity API. You can apply via the form on this page (Apply for access to the Account Activity API - Direct Messages). Make sure you include your app ID and to explain what you are building.

The CRC generation is described here.

A GET request with a parameter named crc_token will be sent to your webhook URL. Your endpoint must return a JSON response with a response_token that is a base64 encoded HMAC SHA-256 hash created from the crc_token and your app Consumer Secret.

This means that your application will need to respond with an encoded hash of the incoming crc_token + your consumer secret when called with the crc_token parameter. If that parameter is not present, you can assume you’re receiving a standard Direct Message event.


Thanks Andy! I have applied for access to the Account Activity API - Direct Messages and All Activities both(on 10th and 9th Jan 2018 respectively)!
Please help me with below queries -

  1. Can you please let me know how much time will it take to get this access?
  2. Considering my DM chatbot described above, only Account Activity API - Direct Messages is sufficient?
  3. Is the CRC token and response_token generation mandatory step for this integration?
  4. What is app ID ? I have applied for access usign my consumer key. Is that fine?
  5. You mentioned - “If that parameter is not present, you can assume you’re receiving a standard Direct Message event” - Can you please elaborate ?

Last - important question -
6. Can we achieve this integration by subscribing to event (something like onDirectMessage) without having the need for webhook? So when a DM is received by my twitter handle, it will automatically trigger some function with the subscribed event ?


The team is reviewing requests for access and we’re not able to provide estimates at this time.

Yes, this should be fine since you’re just looking for Direct Message events, not others.

Yes, the webhook security is based on the receiving app correctly responding to CRC token exchanges.

It may be possible to find your app ID based on consumer key, the team will have to let you know when they get to your application. The app ID is the numerical string in the URL when you’re looking at your app on

Yes, sure.

If your app receives a call on its regular callback URL without a crc_token parameter, it will be a Direct Message JSON object. If the call has a crc_token request parameter, your app is expected to reply with a valid CRC response.

That is exactly what webhooks are - effectively, an “onDirectMessage” callback event that your app needs to respond to.

The alternative to this integration would be a non-realtime polling application that periodically calls direct_messages/events/list to check for new messages, and then responding.


Thanks Andy for your detailed response!

I have been waiting for Account API access for DM since last many days now.
Could you please check the status and confirm when may I get the access ?

App Id - 14656976

How do we get to know about whether it’s approved or rejected.? Email is
the only option to track it?

Thanks in advance!


I’m unable to look up the status of an application unfortunately, we appreciate your patience while we work through the applications. You should receive an email when we have approved or rejected the use case.