> For the complete documentation index, see [llms.txt](https://bot-docs.yopro.studio/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://bot-docs.yopro.studio/getting-started/twitter-authentication.md).

# Twitter Authentication

This page covers the two available methods for authenticating the bot with Twitter/X, explains why the cookie-based approach is strongly recommended, and provides step-by-step instructions for extracting the required cookie values from a browser. For general bot configuration (all `.env` variables, the setup wizard), see [Configuration with setup.py](/getting-started/configuration-with-setup.py.md).

***

## Authentication Methods Overview

The bot uses the `tweety-ns` library to scrape Twitter. It supports two authentication strategies, selected during `setup.py` and stored in `.env`.

<table><thead><tr><th width="183.6666259765625"></th><th width="258.666748046875">Cookie-Based</th><th>User/Password</th></tr></thead><tbody><tr><td>Recommended</td><td>Yes</td><td>No</td></tr><tr><td>Cloudflare Bypass</td><td>Yes</td><td>No</td></tr><tr><td>Required Credentials</td><td><code>auth_token</code>, <code>ct0</code>, <code>guest_id</code>, <code>twid</code></td><td><code>TWITTER_USERNAME</code>, <code>TWITTER_PASSWORD</code></td></tr><tr><td><code>.env</code> vars set</td><td><code>TWITTER_AUTH_TOKEN</code>, <code>TWITTER_CT0</code>, <code>TWITTER_GUEST_ID</code>, <code>TWITTER_TWID</code></td><td><code>TWITTER_USERNAME</code>, <code>TWITTER_PASSWORD</code></td></tr><tr><td>Risk of block</td><td>Low</td><td>High</td></tr></tbody></table>

## Why Cookie-Based Auth is Recommended

Twitter/X uses Cloudflare to prevent bots (nothing wrong with that) that contain automated login methods. The `tweety-ns` flow activates the block because the origin comes from some code.

Browser cookies represents an already-activate session that came from a real login (you), which Cloudflare doesn't mind.

{% hint style="info" %}
Still ***HIGHLY*** recommend you use an alternative Twitter account and please wait at least a day or two before running to reduce the chance of moderation detecting you and receiving a ban or heavy rate-limit.&#x20;
{% endhint %}

***

## How to Extract Cookies from Your Browser

{% stepper %}
{% step %}

### Log into your alt account on Twitter/X

Go to [twitter.com](https://twitter.com) or [x.com](https://x.com), all the same.
{% endstep %}

{% step %}

### Identify your Browser Type

(helps with future steps)

To check if you are Chromium-based or Firefox-based, go to [chromiumchecker.com](https://chromiumchecker.com/).&#x20;

Here are some common browsers:

| Chromium                                 | Firefox                      |
| ---------------------------------------- | ---------------------------- |
| Chrome, Edge, Brave, Opera, Vivaldi, Arc | Firefox, LibreWolf, Waterfox |

If you are a Safari user, I don't own a Mac so do your own research.

{% endstep %}

{% step %}

### Chromium-Based Browser

Skip if you are a Firefox-based user.

1. Open DevTools (logged into Twitter) by right-clicking on the page and clicking `Inspect` (or press `F12` or `CTRL+SHIFT+I` ).
2. Click `Application` at the top of the menu, next to the `Memory` tab.
3. On the left-hand side, find the `Storage` section and find `Cookies` -> `https://x.com`.

<figure><img src="https://github.com/Yoproo20/twitter-to-bluesky-template/blob/main/examples/chromium_tokens.png?raw=true" alt="" width="563"><figcaption></figcaption></figure>

4. Should see a list of names and values, locate each of the following and save them somewhere:
   1. `auth_token`
   2. `cto`
   3. `guest_id`
   4. `twid`
      {% endstep %}

{% step %}

### Firefox-Based Browsers

1. Open DevTools: press `F12` or go to **Menu -> More Tools -> Browser Developer Tools**.
2. Click `Storage`at the top of the menu, next to the `Memory` tab.
3. On the left-hand side, find the `Storage` section and find `Cookies` -> `https://x.com`.

<figure><img src="https://github.com/Yoproo20/twitter-to-bluesky-template/blob/main/examples/firefox_tokens.png?raw=true" alt="" width="563"><figcaption></figcaption></figure>

4. Should see a list of names and values, locate each of the following and save them somewhere:
   1. `auth_token`
   2. `cto`
   3. `guest_id`
   4. `twid`
      {% endstep %}

{% step %}

### Enter them into setup.py

(you can do this manually as well)

> Everything but `auth_token` can be left blank when entering in `.env` as they just *help* with the session, more the merrier!
> {% endstep %}
> {% endstepper %}

***

## Cookie Reference

| Cookie       | Required                                       | TLDR                                                                   |
| ------------ | ---------------------------------------------- | ---------------------------------------------------------------------- |
| `auth_token` | *<mark style="color:$success;">**Yes**</mark>* | Primary session authentication token                                   |
| `ct0`        | *Recommended*                                  | [CSRF](https://owasp.org/www-community/attacks/csrf) protection token  |
| `guest_id`   | Optional                                       | Guest session identifier *(I forgot the exact purpose being for real)* |
| `twid`       | Optional                                       | Twitter user ID tied to session                                        |

***

## Security Reminder

* `.env` file is stored via raw text (as of now), *<mark style="color:$warning;">**KEEP IT OUT OF ANY PUBLIC RESOURCE**</mark>*
* Cookies *may* periodically expire and cancel your session, please monitor your bot actively just in case.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bot-docs.yopro.studio/getting-started/twitter-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.