Twitter OAuth / X Consumer Secret
Service Name: Twitter (X)
Service Description: Twitter (now known as X) is a social media platform that allows users to post and interact with messages known as "tweets". The platform provides APIs for developers to build applications that can interact with Twitter data and functionality.
Service Address: https://twitter.com/ (https://x.com/)
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the application level in the Twitter Developer Portal
Secret Access Scope: Grants programmatic access to Twitter's API for reading and writing tweets, managing user accounts, accessing direct messages, and other Twitter platform features depending on the permissions requested.
Secret Revokement URL: https://developer.twitter.com/en/portal/dashboard
Secret Example: xvz1evFS4wEEPTGEFPHBog2XL5SSQH2w32BXj7Fh37ZWR1dYoN
Suspicious Activity Investigation Instructions:
- Review the Twitter Developer Portal for any unauthorized API usage or unusual activity patterns
- Check application logs for unexpected API calls or authentication attempts
- Monitor for unusual tweet posting, following/unfollowing activity, or direct message access
- Review the list of authorized applications connected to your Twitter account
- Check for unexpected changes to application settings or permissions
Mitigation Instructions:
- Log in to the Twitter Developer Portal at
https://developer.twitter.com/en/portal/dashboard
- Navigate to your Projects and Apps section
- Select the affected application
- Click on "Keys and tokens" tab
- Click "Regenerate" for the affected Consumer API Keys
- Update your application with the new keys
- Consider implementing additional security measures such as IP restrictions
- Review and potentially reduce the permissions scope of your application
- Enable enhanced monitoring for your Twitter developer account