Authentication
Before using emusks, you must authenticate your client. emusks supports two authentication methods: auth token login and username/password login.
Auth token login
The simplest way to authenticate is with a Twitter/X auth token. This is a cookie value (auth_token) from an active browser session.
import Emusks from "emusks";
const client = new Emusks();
await client.login("your_auth_token_here");You may also provide an object if you'd like to configure proxies or a custom client:
await client.login({
auth_token: "your_auth_token_here",
// e.g. proxy: "protocol://user:pass@host:port",
});Finding your auth token
- Open x.com in your browser and log in
- Open Developer Tools (
F12orCmd+Shift+I) - Go to Application → Cookies →
https://x.com - Find the cookie named
auth_token - Copy its value
Username & password login
You can also log in with your account credentials. This method handles the full login flow, including the ui_metrics JS instrumentation challenge, two-factor authentication, and email verification challenges.
const client = new Emusks();
await client.login({
type: "password",
username: "your_username",
password: "your_password",
});emusks solves the login JS instrumentation challenge for real: it fetches the live challenge script and executes it in a DOM sandbox, computing the genuine ui_metrics value the same way a browser would, instead of replaying a fabricated one. This means logins look legitimate and Twitter no longer routinely forces an email/phone confirmation step.
TIP
An auth token is still the simplest way to log in. Password login is now reliable, but Twitter can always ask for a verification code on a genuinely risky login (new IP, flagged account, 2FA enabled), so wire up onRequest if you depend on it.
2FA & email verification
If your account has two-factor authentication enabled or Twitter requests an email/phone verification, use the onRequest callback to provide the required codes:
const client = new Emusks();
await client.login({
type: "password",
username: "your_username",
password: "your_password",
onRequest: async (type) => {
if (type === "two_factor_code") {
// Return your 2FA code (e.g. from an authenticator app)
return "123456";
}
if (type === "email_code") {
// Return the code sent to your email
return "654321";
}
},
});onRequest is blocking. If Twitter asks for a code, your callback must return it before the login can continue.
We recommend making your app support email code verification if you rely on username/password login. Since emusks now solves the JS instrumentation challenge genuinely, email/phone prompts are far less common than they used to be, but Twitter may still request one for a login it considers risky.
If you do rely on this, I also recommend setting all data so it can handle as much of the login flow as possible without needing to prompt you:
const client = new Emusks();
await client.login({
type: "password",
username: "your_username",
password: "your_password",
email: "[email protected]",
phone: "+1234567890",
onRequest: async (type) => {
if (type === "two_factor_code") return "123456";
},
});Reference
| Option | Type | Description |
|---|---|---|
auth_token | string | Your Twitter/X auth token (use directly as the argument to login()) |
type | string | Set to "password" for username/password login |
username | string | Your Twitter/X username |
password | string | Your account password |
email | string | Email for alternate identifier challenges |
phone | string | Phone number for alternate identifier challenges |
onRequest | function | Async callback for interactive login challenges (2FA, email verification, etc.) |
Elevated Access
Some sensitive actions, like reading settings, require elevated access. After logging in, call elevate() with your password:
await client.login("your_auth_token");
// Elevate your session for sensitive operations
await client.elevate("your_password");
// Now you can perform privileged actionsTIP
You only need to elevate once per session. The elevated state persists until the session ends.
Checking your session
After logging in, you can verify your session by fetching your own profile:
const me = await client.account.viewer();
console.log(`Logged in as @${me.username}`);
console.log(`Followers: ${me.stats.followers.count}`);or by checking the output of the client.login() method, which returns your user object on successful authentication.
Next steps
Head over to Configuration to learn how to choose which client to emulate, set up proxies, and customize your setup.