94635e7ace
Complete CLI tool with 4 core commands: - xapi login: Configure OAuth credentials via editor - xapi status: Test authentication - xapi search: Search tweets with preview/execute modes - xapi create: Post tweets with preview/execute modes Features: - OAuth 1.0a authentication with HMAC-SHA1 signing - OAuth 2.0 Client ID/Secret support (for future features) - TOML-based configuration - Editor integration for config management - Helpful error messages for permission issues - Quota-aware design (no caching to avoid complexity) Built for developers on Free/Basic X API tiers. |
||
|---|---|---|
| cmd | ||
| .gitignore | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| main.go | ||
| Makefile | ||
| PKGBUILD | ||
| README.md | ||
xapi - X API for Everyone
A simple CLI tool to help developers learn and use X API on their own accounts
The Vision
X API should be accessible to all developers. Whether you want to automate your tweets, search for content, or build tools for your own account, you shouldn't need complex SDKs or third-party services.
xapi exists to help YOU:
- Learn how X API works by using it directly
- Control your own X account programmatically
- Understand OAuth authentication in practice
- Build on top of a simple, clear foundation
This tool is built with simplicity in mind. No hidden complexity, no unnecessary features. Just a straightforward CLI that does what you need and gets out of your way.
What is xapi? (Current MVP)
xapi is a command-line tool that provides:
- OAuth 1.0a authentication - Industry-standard signing with HMAC-SHA1
- 4 simple commands - login, status, search, create
- Editor-based configuration - Edit credentials in your favorite editor
- Local-first security - All credentials stay on your machine
- Clear error messages - Helpful guidance when things go wrong
This is day 1. This MVP was built today, and development continues tomorrow. It works, it's useful, and it's ready for you to try.
Installation
From Source
git clone https://git.maxtheweb.com/maxtheweb/xapi-cli.git
cd xapi-cli
go build -o xapi .
Using Make
# Build the binary
make build
# Install system-wide (requires sudo)
make install
# Install for current user only
make install-user
# Clean up
make clean
Arch Linux (AUR) - Coming Soon
paru -S xapi
# or
yay -S xapi
Getting Started
Step 1: Create an X Developer Account
- Go to https://developer.x.com/en/portal/dashboard
- Create a new project and app (or use an existing one)
- Important: Set app permissions to "Read and Write" (required for posting)
Step 2: Get Your OAuth Credentials
You need 4 OAuth 1.0a credentials:
-
Go to your app's "Keys and tokens" tab
-
Find your OAuth 1.0a section:
- Consumer Key (API Key)
- Consumer Secret (API Secret)
- Access Token
- Access Token Secret
-
Optional: Get your OAuth 2.0 Client ID and Secret (for future features)
Important: If you change app permissions from "Read" to "Read and Write", you must regenerate your Access Token and Access Token Secret. The Consumer Key/Secret stay the same.
Step 3: Configure xapi
./xapi login
This opens your editor (nvim/vim/nano) with a config template. Fill in your credentials:
# OAuth 1.0a Credentials (required)
[oauth]
consumer_key = "YOUR_CONSUMER_KEY"
consumer_secret = "YOUR_CONSUMER_SECRET"
access_token = "YOUR_ACCESS_TOKEN"
access_token_secret = "YOUR_ACCESS_TOKEN_SECRET"
# OAuth 2.0 Credentials (optional, for future features)
[oauth2]
client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"
Save and exit. Your credentials are stored in ~/.config/xapi/config.toml with secure 0600 permissions.
Step 4: Test Your Authentication
./xapi status
If everything is set up correctly, you'll see:
TESTING AUTHENTICATION
======================
Authenticating with X API...
AUTHENTICATION SUCCESSFUL
=========================
Authenticated as:
Name: Your Name
Username: @yourusername
User ID: 1234567890
Your OAuth credentials are working correctly!
You can now use 'xapi search' and 'xapi create'
Step 5: Use xapi
Search for tweets:
# Preview search (doesn't consume quota)
./xapi search preview
# Execute search
./xapi search now
Post a tweet:
# Preview post
./xapi create preview
# Post immediately
./xapi create now
Commands
xapi login
Opens your text editor to configure X API credentials.
- Creates config template at
~/.config/xapi/config.toml - Secure file permissions (0600)
- Auto-detects your editor (nvim, vim, vi, nano, emacs)
./xapi login
xapi status
Tests your OAuth authentication by fetching your user information.
- Verifies your credentials work
- Shows your authenticated username
- Detects permission errors
./xapi status
xapi search
Search for tweets using X API v2.
preview- Edit search config, don't executenow- Execute configured search
Configuration is stored in ~/.config/xapi/search.toml:
[query]
text = "golang"
max_results = 10
[filters]
start_time = ""
end_time = ""
[fields]
tweet_fields = ["created_at", "author_id", "public_metrics"]
user_fields = ["username", "verified"]
./xapi search # Open editor
./xapi search preview # Preview configured search
./xapi search now # Execute search
xapi create
Post tweets to X.
preview- Edit post config, don't postnow- Post immediately
Configuration is stored in ~/.config/xapi/create.toml:
[text]
content = "Hello from xapi!"
[schedule]
schedule_at = "" # ISO 8601 format, or empty for immediate
[visibility]
reply_settings = "everyone" # everyone, mentioned_users, or followers
./xapi create # Open editor
./xapi create preview # Preview configured post
./xapi create now # Post immediately
How It Works
Configuration Files
All configuration is stored in ~/.config/xapi/:
config.toml- OAuth credentialssearch.toml- Search parameterscreate.toml- Post parameters
Files are created with 0600 permissions and never leave your machine.
Authentication
xapi uses OAuth 1.0a with HMAC-SHA1 signing:
- Generates OAuth signature base string from request parameters
- Signs with consumer secret + access token secret
- Includes signature in Authorization header
- X API verifies the signature
This is the same authentication used by Twitter's official clients.
API Endpoints Used
GET /2/users/me- Verify authentication (status command)GET /2/tweets/search/recent- Search tweetsPOST /2/tweets- Create tweets
Security
- Local storage only - Credentials never transmitted to third parties
- Secure permissions - Config files use 0600 (owner read/write only)
- No shell history exposure - Editor-based input, not terminal prompts
- HTTPS only - All API calls use encrypted connections
- Standard OAuth - Industry-standard authentication, no custom schemes
Your credentials are as secure as your home directory. Never commit config files to git (already in .gitignore).
Troubleshooting
"Permission Error: Your app only has READ permissions"
Your X app needs "Read and Write" permissions to post tweets:
- Go to https://developer.x.com/en/portal/dashboard
- Select your project > App settings
- Change permissions to "Read and Write"
- Important: Regenerate your Access Token and Access Token Secret
- Run
xapi loginand update your credentials - Run
xapi statusto verify
"Authentication Failed"
Check your credentials:
./xapi login # Re-enter credentials
./xapi status # Test authentication
Make sure you're using OAuth 1.0a credentials, not Bearer tokens.
"No text editor found"
Install a text editor:
# Arch Linux
sudo pacman -S neovim
# Debian/Ubuntu
sudo apt install vim
# macOS
brew install neovim
Or set your preferred editor:
export EDITOR=nano
What's Next
This is day 1 of xapi. More features are coming:
Planned for upcoming releases:
- Bearer token generation for OAuth 2.0 endpoints
- Quota checking with
/2/usage/tweetsendpoint - More X API v2 endpoints (user lookup, likes, retweets)
- Bulk operations (batch posting, search export)
- Better output formatting (JSON, CSV, table)
- Rate limit handling and retry logic
- Multiple account support
- Shell completion (bash, zsh, fish)
Want to help? Contributions are welcome! See below.
Contributing
xapi is open source and contributions are encouraged.
How to contribute:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature - Make your changes
- Test thoroughly
- Commit:
git commit -m "Add your feature" - Push:
git push origin feature/your-feature - Open a Pull Request
Ideas for contributions:
- Add new X API endpoints
- Improve error messages
- Write tests
- Improve documentation
- Report bugs
- Share your use cases
Project Structure
xapi-cli/
├── cmd/
│ ├── root.go # Root command and CLI setup
│ ├── login.go # OAuth configuration
│ ├── status.go # Authentication testing
│ ├── search.go # Tweet search
│ ├── create.go # Tweet posting
│ └── oauth.go # OAuth 1.0a signing
├── main.go # Entry point
├── go.mod # Go dependencies
├── Makefile # Build shortcuts
├── PKGBUILD # Arch Linux package
├── LICENSE # MIT License
└── README.md # You are here
A Note from the Author
I built xapi today because I believe X API should be accessible to everyone. Not just corporations with expensive SDKs, not just developers with complex infrastructure—everyone.
This tool is about freedom. The freedom to control your own account. The freedom to learn by doing. The freedom to build without barriers.
I'm working on this because it brings me purpose and joy. Knowing that other developers will grab this tool, use it, learn from it, and maybe even improve it—that makes me happy.
This is just day 1. I'll be working on xapi tomorrow, and the day after. It will grow with the community's needs. It will stay simple, because simplicity is power.
If you use xapi, if it helps you, if it teaches you something—that's why I built it.
Grab it. Use it. Build with it.
— maxtheweb
License
MIT License - See LICENSE for details.
Copyright (c) 2025 maxtheweb
Links
- Source Code: https://git.maxtheweb.com/maxtheweb/xapi-cli
- Issues: https://git.maxtheweb.com/maxtheweb/xapi-cli/issues
- Author: max@maxtheweb.com
Built with purpose. Built for you.