Twitter API Key
Service Name: Twitter (X)
Service Description: Twitter (now known as X) is a social media platform that allows users to post and interact with messages known as "tweets". The Twitter API enables developers to access Twitter data and functionality programmatically.
Service Address: https://developer.twitter.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Twitter Developer Portal for API access.
Secret Access Scope: Grants programmatic access to Twitter's API endpoints for reading tweets, posting content, managing accounts, and accessing various Twitter features depending on the permissions granted.
Secret Revokement URL: https://developer.twitter.com/en/portal/dashboard
Secret Example: 1AbCdEfGhIjKlMnOpQrStUvWxYz2345678901234567
Suspicious Activity Investigation Instructions:
- Review the Twitter Developer Portal for unusual API usage patterns.
- Check for unexpected tweets, follows, or direct messages sent from connected accounts.
- Monitor API rate limit consumption for abnormal spikes.
- Review application settings to ensure no unauthorized changes were made.
- Check for unexpected changes in authentication settings or callback URLs.
Mitigation Instructions:
-
Log in to the Twitter Developer Portal at https://developer.twitter.com/en/portal/dashboard
-
Navigate to the Projects & Apps section.
- Select the affected project and application.
- Click on the "Keys and tokens" tab.
- Click "Regenerate" for the compromised API key.
- Update the API key in all legitimate applications using this credential.
- Review and adjust application permissions if necessary.
- Consider implementing additional security measures like IP restrictions.
- Audit any actions taken using the compromised key.