Skip to content

X Consumer Key

Service Name: X (formerly Twitter)

Service Description: X (formerly Twitter) is a social media platform where users post and interact with messages known as "tweets". The platform provides APIs for developers to build applications that integrate with X's features.

Service Address: https://twitter.com/ or https://x.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to X API resources based on the permissions associated with the application. Used as part of OAuth authentication flow.

Secret Revokement URL: https://developer.twitter.com/en/portal/dashboard

Secret Example: A1b2C3d4E5f6G7h8I9j0K1l2M3n4O5

Suspicious Activity Investigation Instructions:

  • Review X Developer Portal for unusual application activity
  • Check application usage metrics for unexpected spikes in API calls
  • Review application permissions and access levels
  • Check for unauthorized changes to application settings
  • Monitor for tweets or actions not initiated by authorized users

Mitigation Instructions:

  • Log in to the X Developer Portal at https://developer.twitter.com/
  • Navigate to the Projects & Apps section
  • Select the affected application
  • Click on "Keys and tokens"
  • Regenerate the Consumer Key (API Key)
  • Update the key in all legitimate applications
  • Review and potentially revoke application permissions