SkillRepo
Sign InSign Up
Catalog
affaan-m/x-api

affaan-m

x-api

X/Twitter API integration for posting tweets, threads, reading timelines, search, and analytics. Covers OAuth auth patterns, rate limits, and platform-native content posting. Use when the user wants to interact with X programmatically.

global
0installs0uses~1.6k
v1.1Saved Apr 20, 2026

X API

Programmatic interaction with X (Twitter) for posting, reading, searching, and analytics.

When to Activate

  • User wants to post tweets or threads programmatically
  • Reading timeline, mentions, or user data from X
  • Searching X for content, trends, or conversations
  • Building X integrations or bots
  • Analytics and engagement tracking
  • User says "post to X", "tweet", "X API", or "Twitter API"

Authentication

OAuth 2.0 Bearer Token (App-Only)

Best for: read-heavy operations, search, public data.

# Environment setup
export X_BEARER_TOKEN="your-bearer-token"

import os
import requests

bearer = os.environ["X_BEARER_TOKEN"]
headers = {"Authorization": f"Bearer {bearer}"}

# Search recent tweets
resp = requests.get(
    "https://api.x.com/2/tweets/search/recent",
    headers=headers,
    params={"query": "claude code", "max_results": 10}
)
tweets = resp.json()

OAuth 1.0a (User Context)

Required for: posting tweets, managing account, DMs, and any write flow.

# Environment setup — source before use
export X_CONSUMER_KEY="your-consumer-key"
export X_CONSUMER_SECRET="your-consumer-secret"
export X_ACCESS_TOKEN="your-access-token"
export X_ACCESS_TOKEN_SECRET="your-access-token-secret"

Legacy aliases such as X_API_KEY, X_API_SECRET, and X_ACCESS_SECRET may exist in older setups. Prefer the X_CONSUMER_* and X_ACCESS_TOKEN_SECRET names when documenting or wiring new flows.

import os
from requests_oauthlib import OAuth1Session

oauth = OAuth1Session(
    os.environ["X_CONSUMER_KEY"],
    client_secret=os.environ["X_CONSUMER_SECRET"],
    resource_owner_key=os.environ["X_ACCESS_TOKEN"],
    resource_owner_secret=os.environ["X_ACCESS_TOKEN_SECRET"],
)

Core Operations

Post a Tweet

resp = oauth.post(
    "https://api.x.com/2/tweets",
    json={"text": "Hello from Claude Code"}
)
resp.raise_for_status()
tweet_id = resp.json()["data"]["id"]

Post a Thread

def post_thread(oauth, tweets: list[str]) -> list[str]:
    ids = []
    reply_to = None
    for text in tweets:
        payload = {"text": text}
        if reply_to:
            payload["reply"] = {"in_reply_to_tweet_id": reply_to}
        resp = oauth.post("https://api.x.com/2/tweets", json=payload)
        tweet_id = resp.json()["data"]["id"]
        ids.append(tweet_id)
        reply_to = tweet_id
    return ids

Read User Timeline

resp = requests.get(
    f"https://api.x.com/2/users/{user_id}/tweets",
    headers=headers,
    params={
        "max_results": 10,
        "tweet.fields": "created_at,public_metrics",
    }
)

Search Tweets

resp = requests.get(
    "https://api.x.com/2/tweets/search/recent",
    headers=headers,
    params={
        "query": "from:affaanmustafa -is:retweet",
        "max_results": 10,
        "tweet.fields": "public_metrics,created_at",
    }
)

Pull Recent Original Posts for Voice Modeling

resp = requests.get(
    "https://api.x.com/2/tweets/search/recent",
    headers=headers,
    params={
        "query": "from:affaanmustafa -is:retweet -is:reply",
        "max_results": 25,
        "tweet.fields": "created_at,public_metrics",
    }
)
voice_samples = resp.json()

Get User by Username

resp = requests.get(
    "https://api.x.com/2/users/by/username/affaanmustafa",
    headers=headers,
    params={"user.fields": "public_metrics,description,created_at"}
)

Upload Media and Post

# Media upload uses v1.1 endpoint

# Step 1: Upload media
media_resp = oauth.post(
    "https://upload.twitter.com/1.1/media/upload.json",
    files={"media": open("image.png", "rb")}
)
media_id = media_resp.json()["media_id_string"]

# Step 2: Post with media
resp = oauth.post(
    "https://api.x.com/2/tweets",
    json={"text": "Check this out", "media": {"media_ids": [media_id]}}
)

Rate Limits

X API rate limits vary by endpoint, auth method, and account tier, and they change over time. Always:

  • Check the current X developer docs before hardcoding assumptions
  • Read x-rate-limit-remaining and x-rate-limit-reset headers at runtime
  • Back off automatically instead of relying on static tables in code
import time

remaining = int(resp.headers.get("x-rate-limit-remaining", 0))
if remaining < 5:
    reset = int(resp.headers.get("x-rate-limit-reset", 0))
    wait = max(0, reset - int(time.time()))
    print(f"Rate limit approaching. Resets in {wait}s")

Error Handling

resp = oauth.post("https://api.x.com/2/tweets", json={"text": content})
if resp.status_code == 201:
    return resp.json()["data"]["id"]
elif resp.status_code == 429:
    reset = int(resp.headers["x-rate-limit-reset"])
    raise Exception(f"Rate limited. Resets at {reset}")
elif resp.status_code == 403:
    raise Exception(f"Forbidden: {resp.json().get('detail', 'check permissions')}")
else:
    raise Exception(f"X API error {resp.status_code}: {resp.text}")

Security

  • Never hardcode tokens. Use environment variables or .env files.
  • Never commit .env files. Add to .gitignore.
  • Rotate tokens if exposed. Regenerate at developer.x.com.
  • Use read-only tokens when write access is not needed.
  • Store OAuth secrets securely — not in source code or logs.

Integration with Content Engine

Use brand-voice plus content-engine to generate platform-native content, then post via X API:

  1. Pull recent original posts when voice matching matters
  2. Build or reuse a VOICE PROFILE
  3. Generate content with content-engine in X-native format
  4. Validate length and thread structure
  5. Return the draft for approval unless the user explicitly asked to post now
  6. Post via X API only after approval
  7. Track engagement via public_metrics

Related Skills

  • brand-voice — Build a reusable voice profile from real X and site/source material
  • content-engine — Generate platform-native content for X
  • crosspost — Distribute content across X, LinkedIn, and other platforms
  • connections-optimizer — Reorganize the X graph before drafting network-driven outreach
Files1
1 files · 1.0 KB

Select a file to preview

Overall Score

86/100

Grade

A

Excellent

Safety

88

Quality

87

Clarity

86

Completeness

83

Summary

X/Twitter API integration skill that guides agents through OAuth authentication, posting tweets and threads, reading timelines, searching content, and managing media uploads. The skill documents authentication patterns, rate limiting strategies, error handling, and security best practices for programmatic X API interaction.

Static Analysis Findings

1 finding

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Credential Exposure
SEC-020Direct .env File Access2x in 1 file

Direct .env file access

SKILL.md.env2x
85% confidenceCWE-538: Sensitive Info in Externally-Accessible File

Detected Capabilities

OAuth 1.0a and OAuth 2.0 authentication setupTweet posting and thread compositionTimeline and user data retrievalTweet search with query parametersMedia upload and attachmentRate limit monitoring and backoffError handling for API responsesIntegration with content generation workflows

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

post to xtweet threadx api integrationtwitter searchmedia upload xtimeline automationx analyticsvoice modeling twitter

Risk Signals

INFO

SEC-020: Direct .env file access referenced in security guidance

SKILL.md | Security section and Authentication sections
INFO

OAuth credentials (bearer token, consumer keys, access tokens) referenced in code examples

SKILL.md | Authentication sections
INFO

Network requests to api.x.com and upload.twitter.com

SKILL.md | Core Operations sections
WARNING

File I/O for media upload (open() call without explicit error handling in example)

SKILL.md | Upload Media and Post section

Referenced Domains

External domains referenced in skill content, detected by static analysis.

api.x.comupload.twitter.com

Use Cases

  • Post tweets or threads programmatically to X
  • Read user timelines and pull recent original posts
  • Search X for content, trends, or conversations
  • Upload media and post tweets with images
  • Build X integrations, bots, or analytics dashboards
  • Pull voice samples from X for content modeling

Quality Notes

  • Excellent security guidance: explicitly documents token rotation, read-only tokens, and environment variable usage
  • Well-structured sections with clear headings and logical flow from auth → operations → error handling → security
  • Comprehensive code examples in Python covering all major operations (POST, GET, media upload, threading)
  • Rate limiting guidance is pragmatic: recommends reading headers at runtime instead of hardcoding static limits, with concrete code example
  • Error handling documentation covers key HTTP status codes (201, 429, 403) with appropriate responses
  • Integration guidance with related skills (brand-voice, content-engine, crosspost) provides context for multi-skill workflows
  • Minor: Media upload example could use context manager (with statement) for safer file handling
  • Documentation of OAuth 1.0a vs 2.0 use cases clearly explains when each auth method should be used
  • Voice modeling section provides specific query parameters (-is:retweet -is:reply) demonstrating advanced usage
Model: claude-haiku-4-5-20251001Analyzed: Apr 20, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Version History

v1.1

Content updated

2026-04-20

Latest
v1.1

Content updated

2026-04-12

v1.0

Seeded from github.com/affaan-m/everything-claude-code

2026-03-16

Add affaan-m/x-api to your library

Get Started Free

Command Palette

Search for a command to run...