X Api
Wire your solo project or agent workflow to X for posting threads, search, timelines, and engagement reads without hand-rolling OAuth and endpoint details.
Overview
x-api is an agent skill for the Build phase that guides OAuth-backed X (Twitter) API integration for posting, reading, search, and analytics.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill x-apiWhat is this skill?
- OAuth 2.0 bearer flows for search and public reads plus OAuth 1.0a for user-context writes
- Posting tweets and threads, timelines, mentions, and recent search via X API v2
- Explicit drift warning to re-verify tiers, quotas, and permissions against current developer docs
- Python and curl-ready request patterns with environment-based token setup
- Activation triggers aligned with “post to X”, bots, and analytics-style programmatic access
- Documents OAuth 2.0 bearer (app-only) and OAuth 1.0a (user context) auth split for read vs write
Adoption & trust: 4k installs on skills.sh; 210k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need to post or read X from code but OAuth modes, write permissions, and rate limits are easy to misquote and break in production.
Who is it for?
Solo builders shipping bots, schedulers, or search/listening features that must post threads or query recent tweets with the correct OAuth mode.
Skip if: Teams that only need one-off manual tweets without code, or projects that cannot maintain API tier billing and periodic doc reconciliation.
When should I use this skill?
User wants to post tweets or threads programmatically, read timeline or mentions, search X, build bots or integrations, or says post to X, tweet, X API, or Twitter API.
What do I get? / Deliverables
You get vetted auth patterns, endpoint examples, and activation cues so your agent implements read vs write flows against current X API v2 docs.
- Auth and endpoint patterns for search, read, and write flows
- Starter code snippets wired to environment-based credentials
- Checklist to re-verify quotas and permissions against current X docs
Recommended Skills
Journey fit
Canonical shelf is Build because the skill teaches programmatic X API integration patterns (auth, endpoints, bots) that you implement in the product or automation layer. Integrations is the right subphase: OAuth 1.0a/2.0, read vs write scopes, and HTTP examples are third-party service wiring—not launch copy or growth analytics dashboards alone.
How it compares
Use as a procedural OAuth and endpoint playbook—not a hosted social scheduler or MCP server that hides X credentials.
Common Questions / FAQ
Who is x-api for?
Indie developers and agent users who integrate X programmatically for posts, threads, search, or light analytics in apps and automation.
When should I use x-api?
During Build integrations when you implement bots or API clients; also when Launch or Grow workflows need scripted distribution or conversation search after the HTTP layer exists.
Is x-api safe to install?
Review the Security Audits panel on this Prism page and treat bearer and OAuth secrets as high-risk; never commit tokens and re-check X developer policy before enabling writes.
SKILL.md
READMESKILL.md - X Api
# X API > **Drift-prone skill.** X API endpoints, access tiers, quotas, and write > permissions change frequently. Verify current developer docs and account > access before quoting rate limits or implementing a posting/search flow. Programmatic interaction with X (Twitter) for posting, reading, searching, and analytics. ## When to Activate - User wants to post tweets or threads programmatically - Reading timeline, mentions, or user data from X - Searching X for content, trends, or conversations - Building X integrations or bots - Analytics and engagement tracking - User says "post to X", "tweet", "X API", or "Twitter API" ## Authentication ### OAuth 2.0 Bearer Token (App-Only) Best for: read-heavy operations, search, public data. ```bash # Environment setup export X_BEARER_TOKEN="your-bearer-token" ``` ```python import os import requests bearer = os.environ["X_BEARER_TOKEN"] headers = {"Authorization": f"Bearer {bearer}"} # Search recent tweets resp = requests.get( "https://api.x.com/2/tweets/search/recent", headers=headers, params={"query": "claude code", "max_results": 10} ) tweets = resp.json() ``` ### OAuth 1.0a (User Context) Required for: posting tweets, managing account, DMs, and any write flow. ```bash # Environment setup — source before use export X_CONSUMER_KEY="your-consumer-key" export X_CONSUMER_SECRET="your-consumer-secret" export X_ACCESS_TOKEN="your-access-token" export X_ACCESS_TOKEN_SECRET="your-access-token-secret" ``` Legacy aliases such as `X_API_KEY`, `X_API_SECRET`, and `X_ACCESS_SECRET` may exist in older setups. Prefer the `X_CONSUMER_*` and `X_ACCESS_TOKEN_SECRET` names when documenting or wiring new flows. ```python import os from requests_oauthlib import OAuth1Session oauth = OAuth1Session( os.environ["X_CONSUMER_KEY"], client_secret=os.environ["X_CONSUMER_SECRET"], resource_owner_key=os.environ["X_ACCESS_TOKEN"], resource_owner_secret=os.environ["X_ACCESS_TOKEN_SECRET"], ) ``` ## Core Operations ### Post a Tweet ```python resp = oauth.post( "https://api.x.com/2/tweets", json={"text": "Hello from Claude Code"} ) resp.raise_for_status() tweet_id = resp.json()["data"]["id"] ``` ### Post a Thread ```python def post_thread(oauth, tweets: list[str]) -> list[str]: ids = [] reply_to = None for text in tweets: payload = {"text": text} if reply_to: payload["reply"] = {"in_reply_to_tweet_id": reply_to} resp = oauth.post("https://api.x.com/2/tweets", json=payload) tweet_id = resp.json()["data"]["id"] ids.append(tweet_id) reply_to = tweet_id return ids ``` ### Read User Timeline ```python resp = requests.get( f"https://api.x.com/2/users/{user_id}/tweets", headers=headers, params={ "max_results": 10, "tweet.fields": "created_at,public_metrics", } ) ``` ### Search Tweets ```python resp = requests.get( "https://api.x.com/2/tweets/search/recent", headers=headers, params={ "query": "from:affaanmustafa -is:retweet", "max_results": 10, "tweet.fields": "public_metrics,created_at", } ) ``` ### Pull Recent Original Posts for Voice Modeling ```python resp = requests.get( "https://api.x.com/2/tweets/search/recent", headers=headers, params={ "query": "from:affaanmustafa -is:retweet -is:reply", "max_results": 25, "tweet.fields": "created_at,public_metrics", } ) voice_samples = resp.json() ``` ### Get User by Username ```python resp = requests.get( "https://api.x.com/2/users/by/username/affaanmustafa", headers=headers, params={"user.fields": "public_metrics,description,created_at"} ) ```