X (Twitter) MCP Server - Enhanced Edition

X MCP Server - Enhanced Edition

An enhanced Model Context Protocol (MCP) server for X that adds OAuth 2.0 support, v2 API media uploads, and comprehensive rate limiting to the original implementation.

✨ Features

• Post Tweets: Create text tweets with optional media attachments (images, GIFs)
• Search Tweets: Search X with customizable result count
• Delete Tweets: Remove your tweets programmatically
• Dual Authentication: Support for both OAuth 1.0a and OAuth 2.0
• Media Upload: Post images using the appropriate API version for each auth method
• Rate Limiting: Built-in protection for X's API limits
• Type Safety: Full TypeScript implementation with Zod validation

🔄 API Version Handling

This server intelligently uses different X API versions based on authentication method and operation:

OAuth 1.0a

• Tweet operations: Uses v2 API endpoints
• Media upload: Uses v1.1 endpoint (upload.twitter.com)
• Delete fallback: Automatically falls back to v1.1 when v2 fails

OAuth 2.0

• All operations: Uses v2 API endpoints exclusively
• Media upload: Uses v2 endpoint (api.x.com/2/media/upload)
• No v1.1 access: Cannot fall back to v1.1 due to authentication restrictions

Why Different Endpoints?

• v1.1: Legacy API, being phased out but still works with OAuth 1.0a
• v2: Modern API with better features but some endpoints have issues
• Media: OAuth 2.0 tokens cannot access v1.1 media endpoints, must use v2
• Delete: v2 delete endpoint currently has issues (500 errors), v1.1 works as fallback

📋 Prerequisites

Before you begin, you'll need:

1. An X Developer Account (sign up at developer.x.com)
2. An X App created in the Developer Portal
3. API credentials (detailed setup below)
4. Node.js 18+ installed

🔐 Authentication Setup

This server supports two authentication methods. Choose based on your needs:

• OAuth 1.0a: Simpler setup, works with all features including v1.1 fallbacks
• OAuth 2.0: Modern authentication, required for some newer features

Setting Up Your X App

1. Create a Developer Account:
   • Go to developer.x.com
   • Sign in with your Twitter account
   • Apply for developer access if you haven't already
2. Create a New App:
   • Navigate to the Twitter Developer Portal
   • Click "Projects & Apps" → "New Project"
   • Give your project a name
   • Select your use case
   • Create a new App within the project
3. Configure App Permissions:
   • In your app settings, go to "User authentication settings"
   • Click "Set up"
   • Enable OAuth 1.0a and/or OAuth 2.0
   • Set App permissions to "Read and write"
   • Add Callback URLs:
     • For OAuth 1.0a: http://localhost:3000/callback
     • For OAuth 2.0: http://localhost:3000/callback
   • Set Website URL (can be your GitHub repo)

OAuth 1.0a Setup

1. Get Your Credentials:
   • In your app's "Keys and tokens" tab
   • Copy your API Key and API Key Secret
   • Generate Access Token and Secret (click "Generate")
   • Make sure the access token has "Read and Write" permissions
2. Required Credentials:
   API_KEY=your_api_key_here API_SECRET_KEY=your_api_secret_key_here ACCESS_TOKEN=your_access_token_here ACCESS_TOKEN_SECRET=your_access_token_secret_here

OAuth 2.0 Setup

1. Get Your Client Credentials:
   • In your app's "Keys and tokens" tab
   • Find OAuth 2.0 Client ID and Client Secret
   • Save these for the next step
2. Generate User Tokens:Option A - Use our helper script:
   # Clone this repository first git clone https://github.com/mbelinky/x-mcp-server.git cd x-mcp-server/twitter-mcp npm install # Run the OAuth2 setup script node scripts/oauth2-setup.js
   Option B - Manual setup:
   • Use the OAuth 2.0 flow with PKCE
   • Required scopes: tweet.read, tweet.write, users.read, media.write, offline.access
   • Exchange authorization code for access token
3. Required Credentials:
   AUTH_TYPE=oauth2 OAUTH2_CLIENT_ID=your_client_id_here OAUTH2_CLIENT_SECRET=your_client_secret_here OAUTH2_ACCESS_TOKEN=your_access_token_here OAUTH2_REFRESH_TOKEN=your_refresh_token_here

🚀 Installation

For Claude Desktop

1. Install via NPM (Recommended):Edit your Claude Desktop configuration file:
   • Windows: %APPDATA%\Claude\claude_desktop_config.json
   • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

   Add this configuration:

   { "mcpServers": { "twitter-mcp": { "command": "npx", "args": ["-y", "@mbelinky/x-mcp-server"], "env": { "API_KEY": "your_api_key_here", "API_SECRET_KEY": "your_api_secret_key_here", "ACCESS_TOKEN": "your_access_token_here", "ACCESS_TOKEN_SECRET": "your_access_token_secret_here" } } } }

   For OAuth 2.0:

   { "mcpServers": { "twitter-mcp": { "command": "npx", "args": ["-y", "@mbelinky/x-mcp-server"], "env": { "AUTH_TYPE": "oauth2", "OAUTH2_CLIENT_ID": "your_client_id", "OAUTH2_CLIENT_SECRET": "your_client_secret", "OAUTH2_ACCESS_TOKEN": "your_access_token", "OAUTH2_REFRESH_TOKEN": "your_refresh_token" } } } }
2. Install from Source:
   git clone https://github.com/mbelinky/x-mcp-server.git cd x-mcp-server/twitter-mcp npm install npm run build
   Then update your config to point to the local installation:
   { "mcpServers": { "twitter-mcp": { "command": "node", "args": ["/path/to/twitter-mcp/build/index.js"], "env": { // ... your credentials } } } }
3. Restart Claude Desktop

For Claude Code (CLI)

Install the server globally and add it to Claude:

🛠️ Available Tools

Once installed, Claude can use these tools:

post_tweet

Post a new tweet with optional media attachments and replies.

Example prompts:

• "Post a tweet saying 'Hello from Claude!'"
• "Tweet this image with the caption 'Check out this view!'" (attach image)
• "Reply to tweet ID 123456789 with 'Great point!'"

search_tweets

Search for tweets with customizable result count (10-100).

Example prompts:

• "Search for tweets about #MachineLearning"
• "Find 50 recent tweets mentioning @ClaudeAI"
• "Search for tweets about TypeScript tutorials"

delete_tweet

Delete a tweet by its ID.

Example prompts:

• "Delete tweet with ID 1234567890"
• "Remove my last tweet (provide the ID)"

Note: Due to temporary Twitter API issues, OAuth 1.0a uses v1.1 fallback for deletion.

📸 Media Upload Notes

When using Claude to post tweets with images:

• Use file paths: Save your image to disk and provide the file path
• Base64 limitation: While the server supports base64 encoded images, Claude cannot extract base64 from pasted images
• Other clients: Base64 support remains available for programmatic use and other MCP clients

Example usage:

🧪 Testing

The project includes comprehensive tests:

🔧 Development

Setup

Commands

Environment Variables

Create a .env file for local development:

✅ OAuth 2.0 Media Upload Support

Media uploads now work with both OAuth 1.0a and OAuth 2.0!

• OAuth 1.0a uses the v1.1 media upload endpoint ✓
• OAuth 2.0 uses the v2 media upload endpoint ✓
• Both authentication methods support posting tweets with images (JPEG, PNG, GIF)

Note: OAuth 2.0 requires the media.write scope for media uploads.

⚠️ Known Issues

Tweet Deletion (Temporary)

Twitter's v2 delete endpoint is currently experiencing issues (returning 500 errors). The MCP server handles this gracefully:

• OAuth 1.0a: Automatically falls back to v1.1 delete endpoint ✅
• OAuth 2.0: Cannot use v1.1 endpoint, will show helpful error message ⚠️

This is a temporary Twitter API issue. Once resolved, both auth methods will use v2 deletion.

🐛 Troubleshooting

Common Issues

"Could not authenticate you"

• Verify all credentials are correct
• Check that your app has "Read and Write" permissions
• For OAuth 1.0a, regenerate your access tokens
• For OAuth 2.0, ensure tokens have required scopes

"Rate limit exceeded"

• Twitter has strict rate limits (especially on free tier)
• Wait 15 minutes and try again
• Consider upgrading your Twitter API access level

"Media upload failed"

• Check file size (max 5MB for images)
• Verify file format (JPEG, PNG, GIF only)
• For OAuth 2.0, ensure media.write scope is included

"403 Forbidden"

• Your app may lack required permissions
• Check your Twitter Developer Portal settings
• Ensure your access level supports the operation

Debug Mode

Enable detailed logging by setting the DEBUG environment variable:

Log Locations

• Windows: %APPDATA%\Claude\logs\mcp-server-twitter.log
• macOS: ~/Library/Logs/Claude/mcp-server-twitter.log

📚 Resources

• Twitter API Documentation
• MCP Documentation
• OAuth 2.0 Setup Guide

🤝 Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Ensure all tests pass
5. Submit a pull request

🔒 Privacy Policy

This MCP server:

• Does not store any user data: All Twitter/X API credentials are stored locally on your machine
• Does not log sensitive information: API keys and tokens are never logged
• Only communicates with Twitter/X: No data is sent to any third-party services
• Processes data locally: All operations happen on your machine
• Respects rate limits: Built-in protection for Twitter's API limits

Your tweets, searches, and media remain private between you and Twitter/X.

📧 Support

• Email: mbelinky@gmail.com
• Issues: GitHub Issues
• Documentation: GitHub Wiki

For security vulnerabilities, please email directly instead of creating a public issue.

📄 License

MIT

🙏 Acknowledgments

This is an enhanced fork of @enescinar/twitter-mcp that adds:

• OAuth 2.0 authentication support
• Twitter/X API v2 media upload for OAuth 2.0
• Automatic v1.1 fallback for OAuth 1.0a
• Comprehensive rate limiting for free tier
• Enhanced error handling and debugging
• Programmatic OAuth 2.0 token generation script

Original implementation by @enescinar