Channels

X

The X channel integrates Open Astra agents into your X account's Direct Messages. Agents respond to incoming DMs using OAuth 1.0a and the X Account Activity API webhook.

Setup

  1. Go to the X Developer Portal and create a project and app with Read and Write and Direct Messages permissions
  2. Under Keys and Tokens, generate an API Key & Secret and an Access Token & Secret (OAuth 1.0a User Context)
  3. Subscribe your app to the Account Activity API and create a dev environment (e.g. production)
  4. Set the webhook URL to your Astra gateway: https://your-domain/channels/twitter
  5. Add to your environment:
bash
X_API_KEY=your-api-key
X_API_SECRET=your-api-secret
X_ACCESS_TOKEN=your-access-token
X_ACCESS_TOKEN_SECRET=your-access-token-secret
X_BEARER_TOKEN=your-bearer-token
X_WEBHOOK_ENV=production

Configuration in astra.yml

yaml
channels:
  twitter:
    enabled: true
    apiKey: your-api-key                       # Overrides X_API_KEY
    apiSecret: your-api-secret                 # Overrides X_API_SECRET
    accessToken: your-access-token             # Overrides X_ACCESS_TOKEN
    accessTokenSecret: your-access-token-secret # Overrides X_ACCESS_TOKEN_SECRET
    webhookEnv: production                     # Overrides X_WEBHOOK_ENV

Features

  • Direct messages — agents respond to incoming DMs on your X account
  • CRC validation — webhook challenge-response checks are handled automatically
  • OAuth 1.0a — all API calls are signed with your user-context credentials
  • Bearer token — read-only operations (e.g. fetching user info) use the app-level bearer token

Environment Variables

VariableRequiredDescription
X_API_KEYYesOAuth 1.0a API key (consumer key)
X_API_SECRETYesOAuth 1.0a API secret (consumer secret)
X_ACCESS_TOKENYesOAuth 1.0a access token (user context)
X_ACCESS_TOKEN_SECRETYesOAuth 1.0a access token secret
X_BEARER_TOKENNoApp-only bearer token for read operations
X_WEBHOOK_ENVYesAccount Activity API dev environment name (e.g. production)
The X Account Activity API requires a publicly accessible HTTPS endpoint and an approved developer app with Elevated or higher access. In development, use a tunnel like ngrok: ngrok http 3000.