Skip to main content

Twitter Access Keys

Description

General

  • Documentation: https://developer.twitter.com/en/docs/twitter-api
  • Summary: Twitter is a social network on which user post and interact with messages known as "tweets". Twitter exposes an API to programmatically interact with the platform. To access the API, the developer must apply for a developer account and generate a set of client_id and client_secret from its developer dashboard. This set of credentials must be passed with each request. This detector focuses on catching these credentials. Alongside application credentials, user access tokens are frequently found. They are a second set of credentials granting access to a Twitter user account. They can be used to send tweets or direct messages in the name of this user.

Revoke the secret

Each App's credentials can be managed from the developer's dashboard.

Details for Twitter/X Access Keys

  • Family: credentials

  • Category: social_network

  • Company: Twitter

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 8.92

  • Prefixed: False