X MCP Server - Enhanced Edition

An enhanced Model Context Protocol (MCP) server for X that adds OAuth 2.0 support, v2 API media uploads, and comprehensive rate limiting to the original implementation.

✨ Features

• Post Tweets: Create text tweets with optional media attachments (images, GIFs)

• Search Tweets: Search X with customizable result count

• Delete Tweets: Remove your tweets programmatically

• Dual Authentication: Support for both OAuth 1.0a and OAuth 2.0

• Media Upload: Post images using the appropriate API version for each auth method

• Rate Limiting: Built-in protection for X's API limits

• Type Safety: Full TypeScript implementation with Zod validation

🔄 API Version Handling

This server intelligently uses different X API versions based on authentication method and operation:

OAuth 1.0a

• Tweet operations: Uses v2 API endpoints

• Media upload: Uses v1.1 endpoint (upload.twitter.com)

• Delete fallback: Automatically falls back to v1.1 when v2 fails

OAuth 2.0

• All operations: Uses v2 API endpoints exclusively

• Media upload: Uses v2 endpoint (api.x.com/2/media/upload)

• No v1.1 access: Cannot fall back to v1.1 due to authentication restrictions

Why Different Endpoints?

• v1.1: Legacy API, being phased out but still works with OAuth 1.0a

• v2: Modern API with better features but some endpoints have issues

• Media: OAuth 2.0 tokens cannot access v1.1 media endpoints, must use v2

• Delete: v2 delete endpoint currently has issues (500 errors), v1.1 works as fallback

📋 Prerequisites

Before you begin, you'll need:

1. An X Developer Account (sign up at developer.x.com)

2. An X App created in the Developer Portal

3. API credentials (detailed setup below)

4. Node.js 18+ installed

🔐 Authentication Setup

This server supports two authentication methods. Choose based on your needs:

• OAuth 1.0a: Simpler setup, works with all features including v1.1 fallbacks

• OAuth 2.0: Modern authentication, required for some newer features

Setting Up Your X App

1. Create a Developer Account:

   • Go to developer.x.com

   • Sign in with your Twitter account

   • Apply for developer access if you haven't already

2. Create a New App:

   • Navigate to the Twitter Developer Portal

   • Click "Projects & Apps" → "New Project"

   • Give your project a name

   • Select your use case

   • Create a new App within the project

3. Configure App Permissions:

   • In your app settings, go to "User authentication settings"

   • Click "Set up"

   • Enable OAuth 1.0a and/or OAuth 2.0

   • Set App permissions to "Read and write"

   • Add Callback URLs:

     • For OAuth 1.0a: http://localhost:3000/callback

     • For OAuth 2.0: http://localhost:3000/callback

   • Set Website URL (can be your GitHub repo)

OAuth 1.0a Setup

1. Get Your Credentials:

   • In your app's "Keys and tokens" tab

   • Copy your API Key and API Key Secret

   • Generate Access Token and Secret (click "Generate")

   • Make sure the access token has "Read and Write" permissions

2. Required Credentials:

   API_KEY=your_api_key_here API_SECRET_KEY=your_api_secret_key_here ACCESS_TOKEN=your_access_token_here ACCESS_TOKEN_SECRET=your_access_token_secret_here

OAuth 2.0 Setup

1. Get Your Client Credentials:

   • In your app's "Keys and tokens" tab

   • Find OAuth 2.0 Client ID and Client Secret

   • Save these for the next step

2. Generate User Tokens:

   Option A - Use our helper script:

   # Clone this repository first git clone https://github.com/mbelinky/x-mcp-server.git cd x-mcp-server/twitter-mcp npm install # Run the OAuth2 setup script node scripts/oauth2-setup.js

   Option B - Manual setup:

   • Use the OAuth 2.0 flow with PKCE

   • Required scopes: tweet.read, tweet.write, users.read, media.write, offline.access

   • Exchange authorization code for access token

3. Required Credentials:

   AUTH_TYPE=oauth2 OAUTH2_CLIENT_ID=your_client_id_here OAUTH2_CLIENT_SECRET=your_client_secret_here OAUTH2_ACCESS_TOKEN=your_access_token_here OAUTH2_REFRESH_TOKEN=your_refresh_token_here

🚀 Installation

For Claude Desktop

1. Install via NPM (Recommended):

   Edit your Claude Desktop configuration file:

   • Windows: %APPDATA%\Claude\claude_desktop_config.json

   • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

   Add this configuration:

   { "mcpServers": { "twitter-mcp": { "command": "npx", "args": ["-y", "@mbelinky/x-mcp-server"], "env": { "API_KEY": "your_api_key_here", "API_SECRET_KEY": "your_api_secret_key_here", "ACCESS_TOKEN": "your_access_token_here", "ACCESS_TOKEN_SECRET": "your_access_token_secret_here" } } } }

   For OAuth 2.0:

   { "mcpServers": { "twitter-mcp": { "command": "npx", "args": ["-y", "@mbelinky/x-mcp-server"], "env": { "AUTH_TYPE": "oauth2", "OAUTH2_CLIENT_ID": "your_client_id", "OAUTH2_CLIENT_SECRET": "your_client_secret", "OAUTH2_ACCESS_TOKEN": "your_access_token", "OAUTH2_REFRESH_TOKEN": "your_refresh_token" } } } }

2. Install from Source:

   git clone https://github.com/mbelinky/x-mcp-server.git cd x-mcp-server/twitter-mcp npm install npm run build

   Then update your config to point to the local installation:

   { "mcpServers": { "twitter-mcp": { "command": "node", "args": ["/path/to/twitter-mcp/build/index.js"], "env": { // ... your credentials } } } }

3. Restart Claude Desktop

For Claude Code (CLI)

Install the server globally and add it to Claude:

🛠️ Available Tools

Once installed, Claude can use these tools:

post_tweet

Post a new tweet with optional media attachments and replies.

Example prompts:

• "Post a tweet saying 'Hello from Claude!'"

• "Tweet this image with the caption 'Check out this view!'" (attach image)

• "Reply to tweet ID 123456789 with 'Great point!'"

search_tweets

Search for tweets with customizable result count (10-100).

Example prompts:

• "Search for tweets about #MachineLearning"

• "Find 50 recent tweets mentioning @ClaudeAI"

• "Search for tweets about TypeScript tutorials"

delete_tweet

Delete a tweet by its ID.

Example prompts:

• "Delete tweet with ID 1234567890"

• "Remove my last tweet (provide the ID)"

Note: Due to temporary Twitter API issues, OAuth 1.0a uses v1.1 fallback for deletion.

📸 Media Upload Notes

When using Claude to post tweets with images:

• Use file paths: Save your image to disk and provide the file path

• Base64 limitation: While the server supports base64 encoded images, Claude cannot extract base64 from pasted images

• Other clients: Base64 support remains available for programmatic use and other MCP clients

Example usage:

🧪 Testing

The project includes comprehensive tests:

🔧 Development

Setup

Commands

Environment Variables

Create a .env file for local development:

✅ OAuth 2.0 Media Upload Support

Media uploads now work with both OAuth 1.0a and OAuth 2.0!

• OAuth 1.0a uses the v1.1 media upload endpoint ✓

• OAuth 2.0 uses the v2 media upload endpoint ✓

• Both authentication methods support posting tweets with images (JPEG, PNG, GIF)

Note: OAuth 2.0 requires the media.write scope for media uploads.

⚠️ Known Issues

Tweet Deletion (Temporary)

Twitter's v2 delete endpoint is currently experiencing issues (returning 500 errors). The MCP server handles this gracefully:

• OAuth 1.0a: Automatically falls back to v1.1 delete endpoint ✅

• OAuth 2.0: Cannot use v1.1 endpoint, will show helpful error message ⚠️

This is a temporary Twitter API issue. Once resolved, both auth methods will use v2 deletion.

🐛 Troubleshooting

Common Issues

"Could not authenticate you"

• Verify all credentials are correct

• Check that your app has "Read and Write" permissions

• For OAuth 1.0a, regenerate your access tokens

• For OAuth 2.0, ensure tokens have required scopes

"Rate limit exceeded"

• Twitter has strict rate limits (especially on free tier)

• Wait 15 minutes and try again

• Consider upgrading your Twitter API access level

"Media upload failed"

• Check file size (max 5MB for images)

• Verify file format (JPEG, PNG, GIF only)

• For OAuth 2.0, ensure media.write scope is included

"403 Forbidden"

• Your app may lack required permissions

• Check your Twitter Developer Portal settings

• Ensure your access level supports the operation

Debug Mode

Enable detailed logging by setting the DEBUG environment variable:

Log Locations

• Windows: %APPDATA%\Claude\logs\mcp-server-twitter.log

• macOS: ~/Library/Logs/Claude/mcp-server-twitter.log

📚 Resources

• Twitter API Documentation

• MCP Documentation

• OAuth 2.0 Setup Guide

🤝 Contributing

Contributions are welcome! Please:

1. Fork the repository

2. Create a feature branch

3. Add tests for new functionality

4. Ensure all tests pass

5. Submit a pull request

🔒 Privacy Policy

This MCP server:

• Does not store any user data: All Twitter/X API credentials are stored locally on your machine

• Does not log sensitive information: API keys and tokens are never logged

• Only communicates with Twitter/X: No data is sent to any third-party services

• Processes data locally: All operations happen on your machine

• Respects rate limits: Built-in protection for Twitter's API limits

Your tweets, searches, and media remain private between you and Twitter/X.

📧 Support

• Email: mbelinky@gmail.com

• Issues: GitHub Issues

• Documentation: GitHub Wiki

For security vulnerabilities, please email directly instead of creating a public issue.

📄 License

MIT

🙏 Acknowledgments

This is an enhanced fork of @enescinar/twitter-mcp that adds:

• OAuth 2.0 authentication support

• Twitter/X API v2 media upload for OAuth 2.0

• Automatic v1.1 fallback for OAuth 1.0a

• Comprehensive rate limiting for free tier

• Enhanced error handling and debugging

• Programmatic OAuth 2.0 token generation script

Original implementation by @enescinar