Skip to content

Twitter (X) OAuth

Service Name: Twitter (X)

Service Description: Twitter (now X) is a social media platform that allows users to post and interact with messages known as tweets. The platform provides APIs for developers to integrate Twitter functionality into their applications.

Service Address: https://twitter.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Twitter API endpoints based on the permissions granted during OAuth authorization.

Secret Revokement URL: https://twitter.com/settings/applications

Secret Example: oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI

Suspicious Activity Investigation Instructions:

  • Review Twitter Developer Portal for unusual API usage patterns.
  • Check for unauthorized applications connected to your Twitter account.
  • Monitor for unexpected tweets, follows, or direct messages sent from your account.
  • Review API usage logs for unexpected geographic access patterns.

Mitigation Instructions:

  • Immediately revoke the compromised OAuth token in the Twitter Developer Portal.
  • Generate a new OAuth token with appropriate permissions.
  • Rotate any associated consumer keys and secrets.
  • Review and update application permissions to enforce the Principle of Least Privilege.
  • Enable enhanced security features like login verification if available.