Skip to main content

Twitter Access Keys

Description

General

  • Documentation: https://developer.twitter.com/en/docs/twitter-api
  • Summary: Twitter is a social network on which user post and interact with messages known as "tweets". Twitter exposes an API to programmatically interact with the platform. To access the API, the developer must apply for a developer account and generate a set of client_id and client_secret from its developer dashboard. This set of credentials must be passed with each request. This detector focuses on catching these credentials. Alongside application credentials, user access tokens are frequently found. They are a second set of credentials granting access to a Twitter user account. They can be used to send tweets or direct messages in the name of this user.
  • IPs allowlist: This feature is currently not supported.
  • Scopes: Each Twitter developer App has its own set of access permissions : read, read/write, read/write/direct messages.

Revoke the secret

Each App's credentials can be managed from the developer's dashboard.

Check for suspicious activity

Some usage metrics are displayed on the home page of the developer's dashboard. They could be used to detect suspicious activities. If user access tokens accompany the application credentials, the related account should be reviewed.

Details for Twitter/X Access Keys

  • Family: credentials

  • Category: social_network

  • Company: Twitter

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 8.92

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - secret
- type: ContentWhitelistPreValidator
  patterns:
    - consumer
    - twitter
- type: ContentWhitelistPreValidator
  patterns:
    - key

Examples

- text: |
    from tweepy.streaming import StreamListener

    consumer_key = 'qgmlPcoo2F3Ws6LWJLmuTgOVa'
    consumer_secret = 'sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa'

  client_id: qgmlPcoo2F3Ws6LWJLmuTgOVa
  client_secret: sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa

- text: |
    // Your Twitter App Consumer Key
     private $consumer_key = 'B3khhhiCGZl2tPnNcwBA';

     // Your Twitter App Consumer Secret
     private $consumer_secret = '5bDnGvuoR62Lv5VtVdZmRASE3n4SpvdnxiT45CXKvH';

  client_id: B3khhhiCGZl2tPnNcwBA
  client_secret: 5bDnGvuoR62Lv5VtVdZmRASE3n4SpvdnxiT45CXKvH

- text: |
    // Twitter creds
    consumer_api_key = '6TKONeTEZTLo9QWcUohTf6rhv'
    consumer_api_secret = 'LG4y1E2aexUNql425UcQ6ZEvoyHk1ZGKzHkhLofMV7qZhhGuRm'

  client_id: 6TKONeTEZTLo9QWcUohTf6rhv
  client_secret: LG4y1E2aexUNql425UcQ6ZEvoyHk1ZGKzHkhLofMV7qZhhGuRm

- text: |
    consumer_key = 'NciwXkL6Mn0Qc40NUCLO0UK5n'
    consumer_key_secret = 'UVfL5LybAVJmhi8r4rFF7qKLcjfm0Hj8QdCAQSWOeChstJpWnK'

  client_id: NciwXkL6Mn0Qc40NUCLO0UK5n
  client_secret: UVfL5LybAVJmhi8r4rFF7qKLcjfm0Hj8QdCAQSWOeChstJpWnK

- text: |
    twitter_consumer_key: PzODTWGMm9WbVipndYPFVlrF3
    twitter_consumer_secret: k6TUVIzdCEnPYrfEYPeazMmHLOp5bInKft9SRxwO7rUX3bXrs9

  client_id: PzODTWGMm9WbVipndYPFVlrF3
  client_secret: k6TUVIzdCEnPYrfEYPeazMmHLOp5bInKft9SRxwO7rUX3bXrs9

- text: |
    SOCIAL_AUTH_TWITTER_KEY = 'Zt4NxBbZuNYON111Wbsgy1RAp'
    SOCIAL_AUTH_TWITTER_SECRET = 'FPO5PfZLLLLxce55ubI1a5pcFEam9999z7bG8GCa8aXXnmbjgQ'

  client_id: Zt4NxBbZuNYON111Wbsgy1RAp
  client_secret: FPO5PfZLLLLxce55ubI1a5pcFEam9999z7bG8GCa8aXXnmbjgQ

- text: |
    var twitter_application_consumer_key = 'GBcpYu4bs6aYyAHskronTMpsu';  // API Key
    var twitter_application_secret = 'JNUbeTP2iP31qzFdfM4tUDvieSSopxyDRw35CWrfpiQDYwTTXV';  // API Secret

  client_id: GBcpYu4bs6aYyAHskronTMpsu
  client_secret: JNUbeTP2iP31qzFdfM4tUDvieSSopxyDRw35CWrfpiQDYwTTXV

- text: |
    "consumer_key = \"k0bMQjP8ChDxhVyT5XyYUJdIE\"\n",
    "consumer_secret = \"HczZWqoHIDn0Y7aBMAIsN8pHT93quwu2y5g9n5f9R8GxrtoIt4\"\n",

  client_id: k0bMQjP8ChDxhVyT5XyYUJdIE
  client_secret: HczZWqoHIDn0Y7aBMAIsN8pHT93quwu2y5g9n5f9R8GxrtoIt4

- text: |
    'consumerKey' 		: 'EqjtdUeioUB9a2w9E0AN1jH0v',
    'consumerSecret' 	: 'eravWvAwtyNkwSEeVKU5V9N8bxthyTK8Cf9kO43zdd7tcfErCz',

  client_id: EqjtdUeioUB9a2w9E0AN1jH0v
  client_secret: eravWvAwtyNkwSEeVKU5V9N8bxthyTK8Cf9kO43zdd7tcfErCz

- text: |
    #Twitter Production
    #TWITTER_CONSUMER_KEY = 'BvWr1TT7VdI9bVHORk0A0Z4dV'
    #TWITTER_CONSUMER_SECRET = 'rfOt4u5m21ktdkq5bFvHkov36og0v9CcI26vjhcJuho6dFus5g'

  client_id: BvWr1TT7VdI9bVHORk0A0Z4dV
  client_secret: rfOt4u5m21ktdkq5bFvHkov36og0v9CcI26vjhcJuho6dFus5g
- text: |
    from tweepy.streaming import StreamListener
    consumer_key = 'qgmlPcoo2F3Ws6LWJLmuTgOVa' 
    consumer_secret = 'sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa'

  client_id: qgmlPcoo2F3Ws6LWJLmuTgOVa
  client_secret: sME0sSMXOXHO3qG06tEwSyejzvlYlvLzx1ynKRBqGjbuYRIPZa
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status