Skip to content

X Consumer Secret

Service Name: X (formerly Twitter)

Service Description: X (formerly Twitter) is a social media platform that allows users to post and interact with short messages called "tweets". The platform provides APIs for developers to build applications that can interact with X's services.

Service Address: https://twitter.com/ or https://x.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to X API resources when paired with a consumer key. Used for application authentication.

Secret Revokement URL: https://developer.twitter.com/en/portal/dashboard

Secret Example: uFYAWRmRIrGX8pLJ7h9EjUQxjNQE3vPOvCxKvgBvs8JYTnPzMk

Suspicious Activity Investigation Instructions:

  • Check X Developer Portal for unauthorized API usage
  • Review application logs for unusual API calls or access patterns
  • Monitor for unexpected tweet posting or account actions
  • Check for unusual geographic access patterns in your application logs
  • Review X Developer Portal for any changes to application settings

Mitigation Instructions:

  • Log in to the X Developer Portal at https://developer.twitter.com/en/portal/dashboard
  • Navigate to your project and application settings
  • Regenerate your consumer secret
  • Update the secret in all legitimate applications
  • Review and adjust application permissions if needed
  • Consider implementing IP restrictions for API access if possible
  • Monitor application activity for a period after regenerating credentials