X

the x connector provides integration with a social media platform, enabling the retrieval and analysis of user generated content and profiles x is a powerful social media platform that offers comprehensive search capabilities across its full archive, recent posts, and detailed user profiles the x connector for swimlane turbine enables users to perform full archive searches, recent searches, and user lookups directly within the swimlane platform by integrating with x, security teams can harness social media intelligence to enhance threat detection, investigation, and response workflows, leveraging rich social data for security automation and actionable insights limitations application only authentication doesn't include any user context and is a form of authentication where an application makes api requests on its own behalf when accessing the rest api, the application uses the app only access token to authenticate with application only authentication, you can perform actions such as pull user timelines access friends and followers of any account access lists resources search tweets supported version the x connector supports the following versions of the x api oauth 2 0 bearer token in x api v2 fully supported for app only authentication used for requests where user authentication is not required (accessing public information) oauth 2 0 bearer token in x api v1 1 supported for specific app only requests (public data) does not replace oauth 1 0a for user specific requests configuration prerequisites to effectively utilize the x connector within the swimlane turbine platform, ensure you have the following prerequisites custom authentication with the following parameters url the endpoint for the x api service api key your unique consumer api key provided by x api secret key your consumer secret key associated with the api key for secure access authentication methods oauth 2 0 bearer token authentication setup instructions you will need to sign up for a developer account and to have created a twitter app once you have those, you'll also need to obtain the api keys found in the developer portal follow the steps below login to your x account on developer twitter com navigate to the twitter app dashboard and open the twitter app for which you would like to generate access tokens navigate to the "keys and tokens" page you'll find the api keys, user access tokens on this page you can find the bearer token for your app with the rest of your "keys and tokens" copy the following curl request into your command line after making changes to the following consumer api keys previously obtained from your twitter app note that the consumer api keys used on this page have been decommissioned and will not work for real requests api key \<api key> e g xvz1evfs4weeptgefphbog api secret key \<api secret key> e g l8qq9pzyrg6iekgekhzolgc0vjwlw8iej88drdyog curl u "$api key $api secret key" \\ \ data 'grant type=client credentials' \\ 'https //api x com/oauth2/token' document references https //developer x com/en/docs/authentication/oauth 2 0/bearer tokens https //developer x com/en/docs/authentication/oauth 2 0/application only troubleshoot tips note that one app only access token is valid for an application at a time issuing another request with the same credentials to /oauth2/token will return the same token until it is invalidated capabilities full archive search recent search users lookup full archive search the full archive search endpoint returns the complete history of public tweets matching a search query; since the first tweet was created march 26, 2006 the tweets returned by this endpoint count towards the project level https //developer x com/en/docs/twitter api/tweet caps only available to those with pro and enterprise access more details can be find https //developer x com/en/docs/x api/tweets/search/api reference/get tweets search all#tab1 recent search the recent search endpoint returns tweets from the last seven days that match a search query the tweets returned by this endpoint count towards the project level https //developer x com/en/docs/twitter api/tweet caps oauth 2 0 scopes required by this endpoint tweet read , users read more details can be find https //developer x com/en/docs/x api/tweets/search/api reference/get tweets search recent#tab0 users lookup returns a variety of information about one or more users specified by their usernames oauth 2 0 scopes required by this endpoint tweet read , users read more details can be find https //developer x com/en/docs/x api/users/lookup/api reference/get users by#tab1 configurations x oauth 2 0 bearer token authentication authenticates using consumer api key and consumer secret key configuration parameters parameter description type required url a url to the target host string required api key consumer key string required api secret key consumer secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions full archive search executes a comprehensive search within x's full archive using the 'query' parameter to retrieve relevant posts endpoint url /2/tweets/search/all method get input argument name type required description parameters query string required one query/rule/filter for matching posts refer to https //t co/rulelength to identify the max query length the string length should be between 1 and 4096 characters parameters start time string optional yyyy mm ddthh\ mm \ ssz the oldest utc timestamp from which the posts will be provided timestamp is in second granularity and is inclusive (i e 12 00 01 includes the first second of the minute) parameters end time string optional yyyy mm ddthh\ mm \ ssz the newest, most recent utc timestamp to which the posts will be provided timestamp is in second granularity and is exclusive (i e 12 00 01 excludes the first second of the minute) parameters since id string optional returns results with a post id greater than (that is, more recent than) the specified id parameters until id string optional returns results with a post id less than (that is, older than) the specified id parameters max results number optional the maximum number of search results to be returned by a request required range 10 < x < 500 parameters next token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 parameters pagination token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 parameters sort order string optional this order in which to return results parameters tweet fields string optional a comma separated list of tweet fields to display possible values are article, attachments, author id, card uri, community id, context annotations, conversation id, created at, display text range, edit controls, edit history tweet ids, entities, geo, id, in reply to user id, lang, media metadata, non public metrics, note tweet, organic metrics, possibly sensitive, promoted metrics, public metrics, referenced tweets, reply settings, scopes, source, text, withheld parameters expansions string optional a comma separated list of fields to expand possible values are article cover media, article media entities, attachments media keys, attachments media source tweet, attachments poll ids, author id, edit history tweet ids, entities mentions username, geo place id, in reply to user id, entities note mentions username, referenced tweets id, referenced tweets id author id parameters media fields string optional a comma separated list of media fields to display possible values are alt text, duration ms, height, media key, non public metrics, organic metrics, preview image url, promoted metrics, public metrics, type, url, variants, width parameters poll fields string optional a comma separated list of poll fields to display possible values are duration minutes, end datetime, id, options, voting status parameters user fields string optional a comma separated list of user fields to display possible values are affiliation, connection status, created at, description, entities, id, is identity verified, location, most recent tweet id, name, parody, pinned tweet id, profile banner url, profile image url, protected, public metrics, receives your dm, subscription, subscription type, url, username, verified, verified followers count, verified type, withheld parameters place fields string optional a comma separated list of place fields to display possible values are contained within, country, country code, full name, geo, id, name, place type input example {"parameters" {"query" "","start time" "2023 11 07t05 31 56z","end time" "2023 11 07t05 31 56z","since id" "","until id" "","max results" 10,"next token" "","pagination token" "","sort order" "recency","tweet fields" "author id, created at, id","expansions" "author id, edit history tweet ids","media fields" "height, promoted metrics, duration ms","poll fields" "duration minutes, end datetime","user fields" "entities, created at","place fields" "country, full name"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data author id string response data data created at string response data data id string response data data edit history tweet ids array response data data text string response data data username string response data data attachments object response data data attachments media keys array response data data attachments media source tweet id array response data data attachments poll ids array response data data community id string response data data context annotations array response data data context annotations domain object response data data context annotations domain id string response data data context annotations domain description string response data data context annotations domain name string response data data context annotations entity object response data data context annotations entity id string response data data context annotations entity description string response data data context annotations entity name string response data data conversation id string response data data edit controls object response data output example {"data" \[{"author id" "string","created at" "string","id" "12345678 1234 1234 1234 123456789abc","edit history tweet ids" \[],"text" "string","username" "example name","attachments" {},"community id" "string","context annotations" \[],"conversation id" "string","edit controls" {},"entities" {},"geo" {},"in reply to user id" "string","lang" "string"}],"errors" \[{"title" "string","type" "string","detail" "string","status" 123}],"includes" {"media" \[{}],"places" \[{}],"polls" \[{}],"topics" \[{}],"tweet recent search retrieves tweets from the past week that match a specified 'query' parameter, contributing to the project level tweet cap endpoint url /2/tweets/search/recent method get input argument name type required description parameters query string required one query/rule/filter for matching posts refer to https //t co/rulelength to identify the max query length the string length should be between 1 and 4096 characters parameters start time string optional yyyy mm ddthh\ mm \ ssz the oldest utc timestamp from which the posts will be provided timestamp is in second granularity and is inclusive (i e 12 00 01 includes the first second of the minute) parameters end time string optional yyyy mm ddthh\ mm \ ssz the newest, most recent utc timestamp to which the posts will be provided timestamp is in second granularity and is exclusive (i e 12 00 01 excludes the first second of the minute) parameters since id string optional returns results with a post id greater than (that is, more recent than) the specified id parameters until id string optional returns results with a post id less than (that is, older than) the specified id parameters max results number optional the maximum number of search results to be returned by a request required range 10 < x < 100 parameters next token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 parameters pagination token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 parameters sort order string optional this order in which to return results parameters tweet fields string optional a comma separated list of tweet fields to display possible values are article, attachments, author id, card uri, community id, context annotations, conversation id, created at, display text range, edit controls, edit history tweet ids, entities, geo, id, in reply to user id, lang, media metadata, non public metrics, note tweet, organic metrics, possibly sensitive, promoted metrics, public metrics, referenced tweets, reply settings, scopes, source, text, withheld parameters expansions string optional a comma separated list of fields to expand possible values are article cover media, article media entities, attachments media keys, attachments media source tweet, attachments poll ids, author id, edit history tweet ids, entities mentions username, geo place id, in reply to user id, entities note mentions username, referenced tweets id, referenced tweets id author id parameters media fields string optional a comma separated list of media fields to display possible values are alt text, duration ms, height, media key, non public metrics, organic metrics, preview image url, promoted metrics, public metrics, type, url, variants, width parameters poll fields string optional a comma separated list of poll fields to display possible values are duration minutes, end datetime, id, options, voting status parameters user fields string optional a comma separated list of user fields to display possible values are affiliation, connection status, created at, description, entities, id, is identity verified, location, most recent tweet id, name, parody, pinned tweet id, profile banner url, profile image url, protected, public metrics, receives your dm, subscription, subscription type, url, username, verified, verified followers count, verified type, withheld parameters place fields string optional a comma separated list of place fields to display possible values are contained within, country, country code, full name, geo, id, name, place type input example {"parameters" {"query" "","start time" "2020 01 01t00 00 00z","end time" "2020 01 01t00 00 00z","since id" "","until id" "","max results" 10,"next token" "","pagination token" "","sort order" "recency","tweet fields" "article, author id","expansions" "attachments poll ids, edit history tweet ids","media fields" "alt text, duration ms","poll fields" "duration minutes, end datetime","user fields" "affiliation, profile image url","place fields" "contained within, username"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data author id string response data data created at string response data data id string response data data edit history tweet ids array response data data text string response data data username string response data data attachments object response data data attachments media keys array response data data attachments media source tweet id array response data data attachments poll ids array response data data community id string response data data context annotations array response data data context annotations domain object response data data context annotations domain id string response data data context annotations domain description string response data data context annotations domain name string response data data context annotations entity object response data data context annotations entity id string response data data context annotations entity description string response data data context annotations entity name string response data data conversation id string response data data edit controls object response data output example {"data" \[{"author id" "string","created at" "string","id" "12345678 1234 1234 1234 123456789abc","edit history tweet ids" \[],"text" "string","username" "example name","attachments" {},"community id" "string","context annotations" \[],"conversation id" "string","edit controls" {},"entities" {},"geo" {},"in reply to user id" "string","lang" "string"}],"errors" \[{"title" "string","type" "string","detail" "string","status" 123}],"includes" {"media" \[{}],"places" \[{}],"polls" \[{}],"topics" \[{}],"tweet users lookup retrieves detailed profiles and settings for specified users using the 'usernames' parameter endpoint url /2/users/by method get input argument name type required description parameters usernames string required a list of usernames, comma separated parameters user fields string optional a comma separated list of user fields to display possible values are affiliation, connection status, created at, description, entities, id, is identity verified, location, most recent tweet id, name, parody, pinned tweet id, profile banner url, profile image url, protected, public metrics, receives your dm, subscription, subscription type, url, username, verified, verified followers count, verified type, withheld parameters expansions string optional a comma separated list of fields to expand possible values are affiliation user id, most recent tweet id, pinned tweet id parameters tweet fields string optional a comma separated list of tweet fields to display possible values are article, attachments, author id, card uri, community id, context annotations, conversation id, created at, display text range, edit controls, edit history tweet ids, entities, geo, id, in reply to user id, lang, media metadata, non public metrics, note tweet, organic metrics, possibly sensitive, promoted metrics, public metrics, referenced tweets, reply settings, scopes, source, text, withheld input example {"parameters" {"usernames" "example name","user fields" "string","expansions" "string","tweet fields" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data created at string response data data id string response data data name string response data data protected boolean response data data username string response data data affiliation object response data data affiliation badge url string response data data affiliation description string response data data affiliation url string response data data affiliation user id string response data data connection status array response data data description string response data data entities object response data data entities description object response data data entities description annotations array response data data entities description annotations end number response data data entities description annotations start number response data data entities description annotations normalized text string response data data entities description annotations probability number response data data entities description annotations type string response data data entities description cashtags array response data data entities description cashtags end number response data output example {"data" \[{"created at" "string","id" "12345678 1234 1234 1234 123456789abc","name" "example name","protected"\ true,"username" "example name","affiliation" {},"connection status" \[],"description" "string","entities" {},"location" "string","most recent tweet id" "string","pinned tweet id" "string","profile banner url" "string","public metrics" {},"receives your dm"\ true}],"errors" \[{"detail" "string","status" 123,"title" "string","type" "string"}],"includes" {"media" \[{}],"places" \[{}],"polls" \[{} response headers header description example content length the length of the response body in bytes content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt