You cannot directly provide the API key to the oauth/authenticate endpoint. Instead, please read Implementing Sign in with Twitter to understand the basics of OAuth.
tl;dr:
- Sign a request to
oauth/request_token with your consumer key + secret. Set the oauth_callback parameter here.
- Store the received request token + secret in your session.
- Send the user to https://api.twitter.com/oauth/authenticate?oauth_token=REQUESTTOKEN.
- When the user returns, grab the
oauth_verifier from the query string.
- Obtain your access token + secret by sending a signed request to
oauth/access_token.
