I found out the endpoints for bookmark with Chrome Developer Tools: GET timeline/bookmark, POST bookmark/entries/remove, POST bookmark/entries/remove.
The rate limits below are values returned by an official endpoint GET application/rate_limit_status.
This document is still a work in progress because I got stuck in GET timeline/bookmark. Please let me know if you find how to use it.
- It is necessary that
x-csrf-tokenin a request header andct0in a cookie are the same value. Twitter uses them to avoid CSRF attacks. I recommend that you extract the values from your browsers. - All of the endpoints requires OAuth2 Authorizations. Note that they refuse OAuth2 Bearer tokens obtained from
POST oauth2/token. - You can easily reach the rate limit and get HTTP 429 Error (too many requests), so you should be careful about how many requests you send.