> ## Documentation Index
> Fetch the complete documentation index at: https://docs.x.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Authentication
> The TypeScript SDK supports multiple authentication methods for different use cases. For read-only operations and public data access: For legacy applications.
The TypeScript SDK supports multiple authentication methods for different use cases.
## Bearer Token (App-Only Auth)
For read-only operations and public data access:
```typescript quickstart.ts theme={null} theme={null}
import {
Client,
type ClientConfig,
type Users
} from '@xdevplatform/xdk';
const config: ClientConfig = { bearerToken: 'your-bearer-token' };
const client: Client = new Client(config);
async function main(): Promise {
const userResponse: Users.GetByUsernameResponse = await client.users.getByUsername('XDevelopers');
const username: string = userResponse.data?.username!;
console.log(username);
}
main();
```
```javascript quickstart.js theme={null} theme={null}
import { Client } from '@xdevplatform/xdk';
const client = new Client({ bearerToken: 'your-bearer-token' });
const userResponse = await client.users.getByUsername('XDevelopers');
const username = userResponse.data.username;
console.log(username);
```
## OAuth 1.0a (User Context)
For legacy applications or specific use cases:
```typescript oauth1.ts theme={null} theme={null}
import {
Client,
OAuth1,
type OAuth1Config,
type ClientConfig,
type Users
} from '@xdevplatform/xdk';
const oauth1Config: OAuth1Config = {
apiKey: 'your-api-key',
apiSecret: 'your-api-secret',
accessToken: 'user-access-token',
accessTokenSecret: 'user-access-token-secret'
};
const oauth1: OAuth1 = new OAuth1(oauth1Config);
const config: ClientConfig = {
oauth1: oauth1,
};
const client: Client = new Client(config);
async function main(): Promise {
const response: Users.GetMeResponse = await client.users.getMe();
const me = response.data;
console.log(me);
}
main();
```
```javascript oauth1.js theme={null} theme={null}
import { Client, OAuth1 } from '@xdevplatform/xdk';
const oauth1 = new OAuth1({
apiKey: 'your-api-key',
apiSecret: 'your-api-secret',
accessToken: 'user-access-token',
accessTokenSecret: 'user-access-token-secret'
});
const client = new Client({ oauth1: oauth1 });
const response = await client.users.getMe();
const me = response.data;
console.log(me);
```
## OAuth 2.0 (User Context)
For user-specific operations:
```typescript oauth2.ts theme={null} theme={null}
import {
Client,
OAuth2,
generateCodeVerifier,
generateCodeChallenge,
type OAuth2Config,
type ClientConfig,
type OAuth2Token
} from '@xdevplatform/xdk';
(async (): Promise => {
const oauth2Config: OAuth2Config = {
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
redirectUri: 'https://example.com',
scope: ['tweet.read', 'users.read', 'offline.access'],
};
const oauth2: OAuth2 = new OAuth2(oauth2Config);
const state: string = 'example-state';
const codeVerifier: string = generateCodeVerifier();
const codeChallenge: string = await generateCodeChallenge(codeVerifier);
oauth2.setPkceParameters(codeVerifier, codeChallenge);
const authUrl: string = await oauth2.getAuthorizationUrl(state);
// User visits authUrl and authorizes the app
// After authorization, user is redirected back with a code parameter
// Extract the code from the callback URL (e.g., from query params)
const authCode: string = 'code-from-callback-url'; // Replace with actual code from OAuth callback
const tokens: OAuth2Token = await oauth2.exchangeCode(authCode, codeVerifier);
const config: ClientConfig = {
accessToken: tokens.access_token,
};
const client: Client = new Client(config);
});
```
```javascript oauth2.js theme={null} theme={null}
import { Client, OAuth2, generateCodeVerifier, generateCodeChallenge } from '@xdevplatform/xdk';
(async () => {
const oauth2 = new OAuth2({
clientId: 'your-client-id',
clientSecret: 'your-client-secret',
redirectUri: 'https://example.com',
scope: ['tweet.read', 'users.read', 'offline.access'],
});
const state = 'example-state';
const codeVerifier = generateCodeVerifier();
const codeChallenge = await generateCodeChallenge(codeVerifier);
oauth2.setPkceParameters(codeVerifier, codeChallenge);
const authUrl = await oauth2.getAuthorizationUrl(state);
// User visits authUrl and authorizes the app
// After authorization, user is redirected back with a code parameter
// Extract the code from the callback URL (e.g., from query params)
const authCode = 'code-from-callback-url'; // Replace with actual code from OAuth callback
const tokens = await oauth2.exchangeCode(authCode, codeVerifier);
const client = new Client({ accessToken: tokens.access_token });
const response = await client.users.getMe();
const me = response.data;
console.log(me);
});
```
## Environment Variables
Store sensitive credentials in environment variables:
```bash theme={null}
# .env
X_API_BEARER_TOKEN=your-bearer-token
X_API_CLIENT_ID=your-client-id
X_API_CLIENT_SECRET=your-client-secret
```
```typescript env.ts theme={null} theme={null}
import { Client } from '@xdevplatform/xdk';
const client = new Client({ bearerToken: process.env.X_API_BEARER_TOKEN });
```
```javascript env.js theme={null} theme={null}
import { Client } from '@xdevplatform/xdk';
const client = new Client({ bearerToken: process.env.X_API_BEARER_TOKEN });
```
For detailed code examples using the Javascript/TypeScript XDK, check out our [code samples GitHub repo](https://github.com/xdevplatform/samples/tree/main/javascript).