X Consumer Key
Service Name: X (formerly Twitter)
Service Description: X (formerly Twitter) is a social media platform where users post and interact with messages known as "tweets". The platform provides APIs for developers to build applications that integrate with X's features.
Service Address: https://twitter.com/ or https://x.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to X API resources based on the permissions associated with the application. Used as part of OAuth authentication flow.
Secret Revokement URL: https://developer.twitter.com/en/portal/dashboard
Secret Example: A1b2C3d4E5f6G7h8I9j0K1l2M3n4O5
Suspicious Activity Investigation Instructions:
- Review X Developer Portal for unusual application activity
- Check application usage metrics for unexpected spikes in API calls
- Review application permissions and access levels
- Check for unauthorized changes to application settings
- Monitor for tweets or actions not initiated by authorized users
Mitigation Instructions:
- Log in to the X Developer Portal at https://developer.twitter.com/
- Navigate to the Projects & Apps section
- Select the affected application
- Click on "Keys and tokens"
- Regenerate the Consumer Key (API Key)
- Update the key in all legitimate applications
- Review and potentially revoke application permissions