Appearance
X (Twitter)
Dual mode. OAuth 2.0 (passport, @superfaceai/passport-twitter-oauth2) or cookie connect (POST /api/v1/auth/twitter/unofficial) — submit a logged-in browser's auth_token and ct0 cookies and Sosyabot verifies them against api.twitter.com/1.1/account/settings.json.
Authentication at a glance
| Field | Value |
|---|---|
| Auth model | OAuth 2.0 |
| Required ENV | TWITTER_CLIENT_ID, TWITTER_CLIENT_SECRET |
| Callback URL | ${BASE_URL}/api/v1/auth/twitter/callback |
| Scopes / permissions | tweet.read, tweet.write, users.read, follows.read |
| Auto token refresh | No — manual reconnect on expiry |
ENV details
Both keys are optional at boot — the admin panel can override them at runtime under Admin → OAuth Credentials. Cookie connect needs neither.
How to connect
- Open Connections → X (Twitter) → Connect.
- Pick OAuth (redirected to twitter.com) or paste browser cookies (cookie connect form).
- Sosyabot persists the account and you land back on the connections list.
Token refresh
X is not in the auto-refresh sweep. Cookie credentials are revalidated on every post; OAuth tokens expire per X's policy and require manual reconnect when they do.
Notes
- Cookie mode bypasses the v2 API and uses the legacy v1.1 endpoints with the public X bearer token. Use it for personal handles you control; don't share cookies.
login_typein the stored Account record is1for OAuth,2for cookie. Both flagcan_post: 1.- If your X app is in sandbox/audit tier with limited posting, cookie connect is the workaround.
Troubleshooting
If the channel shows needs_reconnect, the access token was rejected by X (Twitter). Common causes:
- The user revoked Sosyabot's authorization on the platform.
- The platform invalidated the token (password change, security event).
- Your OAuth app credentials rotated and the existing tokens no longer match.
Re-run the connect flow above. See Troubleshooting for the workspace-wide checklist.