Untangling X APIs to create an automated bot on X

November 2, 2024

The X developer documentation is all over the place currently. Transition from v1 to v2, update to plans and access levels and so on.

To create an automated bot on X we need to follow the steps below:

  1. you will need to register into the Developer Portal
  2. to access the new V2 API you will need to create a Project and an App
  3. after the App is created you will need to configure "user authentication" from the settings tab of the app. Make it read and write.
  4. fill in the Callback URI as it will be used to get the token as GET variables
  5. You will need a new account on X for the bot, go and register a new account on https://x.com
  6. after the account is set go to Settings and Privacy, Your account, Account Information, Automation and link the bot account to your X account that will be used with the API
  7. now we need to request an OAuth token, you can use Postman and send a POST request to this endpoint https://api.x.com/oauth/request_token . Use OAuth 1.0 and consumer key, consumer secret, access token and token secret from the developer portal. The response will contain oauth_token and oauth_token_secret
  8. open a new tab in the browser that is logged in with the bot account and open this link https://api.x.com/oauth/authenticate?oauth_token= use the oauth_token received in the previous step
  9. you will need to allow the app to access the bot account, after that the window will refresh to the callback URI with oauth_verifier and oauth_token appended as GET variables
  10. back to Postman and send another POST request, this time with no auth to the endpoint https://api.x.com/oauth/access_token?oauth_verifier=XXXXXXX&oauth_token=YYYYYYYY - use the values received in the previous step
  11. the response will contain the oauth_token and oauth_token_secret that you can use to interact with X API on behalf of your bot. Use the oauth_token as Access Token and oauth_token_secret as Access Token Secret

Time to test the API.

In Postman use this endpoint https://api.twitter.com/2/tweets OAuth 1.0 as Authorization and the tokens and secrets from above. The body should contain the JSON data:

{
    "text": "Hello World!"
}

A proper response will be:

{
    "data": {
        "id": "1852759774275707198",
        "edit_history_tweet_ids": [
            "1852759774275707198"
        ],
        "text": "Hello World!"
    }
}


Featured image created with Grok.

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.