X

the x connector provides integration with a social media platform, enabling the retrieval and analysis of user generated content and profiles x is a powerful social media platform that offers comprehensive search capabilities across its full archive, recent posts, and detailed user profiles the x connector for swimlane turbine enables users to perform full archive searches, recent searches, and user lookups directly within the swimlane platform by integrating with x, security teams can harness social media intelligence to enhance threat detection, investigation, and response workflows, leveraging rich social data for security automation and actionable insights limitations application only authentication doesn't include any user context and is a form of authentication where an application makes api requests on its own behalf when accessing the rest api, the application uses the app only access token to authenticate with application only authentication, you can perform actions such as pull user timelines access friends and followers of any account access lists resources search tweets supported version the x connector supports the following versions of the x api oauth 2 0 bearer token in x api v2 fully supported for app only authentication used for requests where user authentication is not required (accessing public information) oauth 2 0 bearer token in x api v1 1 supported for specific app only requests (public data) does not replace oauth 1 0a for user specific requests configuration prerequisites to effectively utilize the x connector within the swimlane turbine platform, ensure you have the following prerequisites custom authentication with the following parameters url the endpoint for the x api service api key your unique consumer api key provided by x api secret key your consumer secret key associated with the api key for secure access authentication methods oauth 2 0 bearer token authentication setup instructions you will need to sign up for a developer account and to have created a twitter app once you have those, you'll also need to obtain the api keys found in the developer portal follow the steps below login to your x account on developer twitter com navigate to the twitter app dashboard and open the twitter app for which you would like to generate access tokens navigate to the "keys and tokens" page you'll find the api keys, user access tokens on this page you can find the bearer token for your app with the rest of your "keys and tokens" copy the following curl request into your command line after making changes to the following consumer api keys previously obtained from your twitter app note that the consumer api keys used on this page have been decommissioned and will not work for real requests api key \<api key> e g xvz1evfs4weeptgefphbog api secret key \<api secret key> e g l8qq9pzyrg6iekgekhzolgc0vjwlw8iej88drdyog curl u "$api key $api secret key" \\ \ data 'grant type=client credentials' \\ 'https //api x com/oauth2/token' document references https //developer x com/en/docs/authentication/oauth 2 0/bearer tokens https //developer x com/en/docs/authentication/oauth 2 0/bearer tokens https //developer x com/en/docs/authentication/oauth 2 0/application only https //developer x com/en/docs/authentication/oauth 2 0/application only troubleshoot tips note that one app only access token is valid for an application at a time issuing another request with the same credentials to /oauth2/token will return the same token until it is invalidated capabilities full archive search recent search users lookup full archive search the full archive search endpoint returns the complete history of public tweets matching a search query; since the first tweet was created march 26, 2006 the tweets returned by this endpoint count towards the project level tweet cap https //developer x com/en/docs/twitter api/tweet caps only available to those with pro and enterprise access more details can be find here https //developer x com/en/docs/x api/tweets/search/api reference/get tweets search all#tab1 recent search the recent search endpoint returns tweets from the last seven days that match a search query the tweets returned by this endpoint count towards the project level tweet cap https //developer x com/en/docs/twitter api/tweet caps oauth 2 0 scopes required by this endpoint tweet read , users read more details can be find here https //developer x com/en/docs/x api/tweets/search/api reference/get tweets search recent#tab0 users lookup returns a variety of information about one or more users specified by their usernames oauth 2 0 scopes required by this endpoint tweet read , users read more details can be find here https //developer x com/en/docs/x api/users/lookup/api reference/get users by#tab1 configurations x oauth 2 0 bearer token authentication authenticates using consumer api key and consumer secret key configuration parameters parameter description type required url a url to the target host string required api key consumer key string required api secret key consumer secret key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions full archive search executes a comprehensive search within x's full archive using the 'query' parameter to retrieve relevant posts endpoint url /2/tweets/search/all method get input argument name type required description query string required one query/rule/filter for matching posts refer to https //t co/rulelength https //t co/rulelength to identify the max query length the string length should be between 1 and 4096 characters start time string optional yyyy mm ddthh\ mm \ ssz the oldest utc timestamp from which the posts will be provided timestamp is in second granularity and is inclusive (i e 12 00 01 includes the first second of the minute) end time string optional yyyy mm ddthh\ mm \ ssz the newest, most recent utc timestamp to which the posts will be provided timestamp is in second granularity and is exclusive (i e 12 00 01 excludes the first second of the minute) since id string optional returns results with a post id greater than (that is, more recent than) the specified id until id string optional returns results with a post id less than (that is, older than) the specified id max results number optional the maximum number of search results to be returned by a request required range 10 < x < 500 next token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 pagination token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 sort order string optional this order in which to return results tweet fields string optional a comma separated list of tweet fields to display possible values are article, attachments, author id, card uri, community id, context annotations, conversation id, created at, display text range, edit controls, edit history tweet ids, entities, geo, id, in reply to user id, lang, media metadata, non public metrics, note tweet, organic metrics, possibly sensitive, promoted metrics, public metrics, referenced tweets, reply settings, scopes, source, text, withheld expansions string optional a comma separated list of fields to expand possible values are article cover media, article media entities, attachments media keys, attachments media source tweet, attachments poll ids, author id, edit history tweet ids, entities mentions username, geo place id, in reply to user id, entities note mentions username, referenced tweets id, referenced tweets id author id media fields string optional a comma separated list of media fields to display possible values are alt text, duration ms, height, media key, non public metrics, organic metrics, preview image url, promoted metrics, public metrics, type, url, variants, width poll fields string optional a comma separated list of poll fields to display possible values are duration minutes, end datetime, id, options, voting status user fields string optional a comma separated list of user fields to display possible values are affiliation, connection status, created at, description, entities, id, is identity verified, location, most recent tweet id, name, parody, pinned tweet id, profile banner url, profile image url, protected, public metrics, receives your dm, subscription, subscription type, url, username, verified, verified followers count, verified type, withheld place fields string optional a comma separated list of place fields to display possible values are contained within, country, country code, full name, geo, id, name, place type output parameter type description status code number http status code of the response reason string response reason phrase data array response data author id string unique identifier created at string output field created at id string unique identifier edit history tweet ids array unique identifier text string output field text username string name of the resource attachments object output field attachments media keys array output field media keys media source tweet id array unique identifier poll ids array unique identifier community id string unique identifier context annotations array output field context annotations domain object output field domain id string unique identifier description string output field description name string name of the resource entity object output field entity id string unique identifier description string output field description name string name of the resource conversation id string unique identifier edit controls object output field edit controls example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" \[], "errors" \[], "includes" {}, "meta" {} } } ] recent search retrieves tweets from the past week that match a specified 'query' parameter, contributing to the project level tweet cap endpoint url /2/tweets/search/recent method get input argument name type required description query string required one query/rule/filter for matching posts refer to https //t co/rulelength https //t co/rulelength to identify the max query length the string length should be between 1 and 4096 characters start time string optional yyyy mm ddthh\ mm \ ssz the oldest utc timestamp from which the posts will be provided timestamp is in second granularity and is inclusive (i e 12 00 01 includes the first second of the minute) end time string optional yyyy mm ddthh\ mm \ ssz the newest, most recent utc timestamp to which the posts will be provided timestamp is in second granularity and is exclusive (i e 12 00 01 excludes the first second of the minute) since id string optional returns results with a post id greater than (that is, more recent than) the specified id until id string optional returns results with a post id less than (that is, older than) the specified id max results number optional the maximum number of search results to be returned by a request required range 10 < x < 100 next token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 pagination token string optional this parameter is used to get the next 'page' of results the value used with the parameter is pulled directly from the response provided by the api, and should not be modified minimum length 1 sort order string optional this order in which to return results tweet fields string optional a comma separated list of tweet fields to display possible values are article, attachments, author id, card uri, community id, context annotations, conversation id, created at, display text range, edit controls, edit history tweet ids, entities, geo, id, in reply to user id, lang, media metadata, non public metrics, note tweet, organic metrics, possibly sensitive, promoted metrics, public metrics, referenced tweets, reply settings, scopes, source, text, withheld expansions string optional a comma separated list of fields to expand possible values are article cover media, article media entities, attachments media keys, attachments media source tweet, attachments poll ids, author id, edit history tweet ids, entities mentions username, geo place id, in reply to user id, entities note mentions username, referenced tweets id, referenced tweets id author id media fields string optional a comma separated list of media fields to display possible values are alt text, duration ms, height, media key, non public metrics, organic metrics, preview image url, promoted metrics, public metrics, type, url, variants, width poll fields string optional a comma separated list of poll fields to display possible values are duration minutes, end datetime, id, options, voting status user fields string optional a comma separated list of user fields to display possible values are affiliation, connection status, created at, description, entities, id, is identity verified, location, most recent tweet id, name, parody, pinned tweet id, profile banner url, profile image url, protected, public metrics, receives your dm, subscription, subscription type, url, username, verified, verified followers count, verified type, withheld place fields string optional a comma separated list of place fields to display possible values are contained within, country, country code, full name, geo, id, name, place type output parameter type description status code number http status code of the response reason string response reason phrase data array response data author id string unique identifier created at string output field created at id string unique identifier edit history tweet ids array unique identifier text string output field text username string name of the resource attachments object output field attachments media keys array output field media keys media source tweet id array unique identifier poll ids array unique identifier community id string unique identifier context annotations array output field context annotations domain object output field domain id string unique identifier description string output field description name string name of the resource entity object output field entity id string unique identifier description string output field description name string name of the resource conversation id string unique identifier edit controls object output field edit controls example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" \[], "errors" \[], "includes" {}, "meta" {} } } ] users lookup retrieves detailed profiles and settings for specified users using the 'usernames' parameter endpoint url /2/users/by method get input argument name type required description usernames string required a list of usernames, comma separated user fields string optional a comma separated list of user fields to display possible values are affiliation, connection status, created at, description, entities, id, is identity verified, location, most recent tweet id, name, parody, pinned tweet id, profile banner url, profile image url, protected, public metrics, receives your dm, subscription, subscription type, url, username, verified, verified followers count, verified type, withheld expansions string optional a comma separated list of fields to expand possible values are affiliation user id, most recent tweet id, pinned tweet id tweet fields string optional a comma separated list of tweet fields to display possible values are article, attachments, author id, card uri, community id, context annotations, conversation id, created at, display text range, edit controls, edit history tweet ids, entities, geo, id, in reply to user id, lang, media metadata, non public metrics, note tweet, organic metrics, possibly sensitive, promoted metrics, public metrics, referenced tweets, reply settings, scopes, source, text, withheld output parameter type description status code number http status code of the response reason string response reason phrase data array response data created at string output field created at id string unique identifier name string name of the resource protected boolean output field protected username string name of the resource affiliation object output field affiliation badge url string url endpoint for the request description string output field description url string url endpoint for the request user id string unique identifier connection status array status value description string output field description entities object output field entities description object output field description annotations array output field annotations end number output field end start number output field start normalized text string output field normalized text probability number output field probability type string type of the resource cashtags array output field cashtags end number output field end example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok", "json body" { "data" \[], "errors" \[], "includes" {} } } ] response headers header description example content length the length of the response body in bytes content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt