Twitter (X) OAuth
Service Name: Twitter (X)
Service Description: Twitter (now X) is a social media platform that allows users to post and interact with messages known as tweets. The platform provides APIs for developers to integrate Twitter functionality into their applications.
Service Address: https://twitter.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Twitter API endpoints based on the permissions granted during OAuth authorization.
Secret Revokement URL: https://twitter.com/settings/applications
Secret Example: oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI
Suspicious Activity Investigation Instructions:
- Review Twitter Developer Portal for unusual API usage patterns.
- Check for unauthorized applications connected to your Twitter account.
- Monitor for unexpected tweets, follows, or direct messages sent from your account.
- Review API usage logs for unexpected geographic access patterns.
Mitigation Instructions:
- Immediately revoke the compromised OAuth token in the Twitter Developer Portal.
- Generate a new OAuth token with appropriate permissions.
- Rotate any associated consumer keys and secrets.
- Review and update application permissions to enforce the Principle of Least Privilege.
- Enable enhanced security features like login verification if available.