X.com POAP Dispenser

Problem Statement

Community moments deserve more than a post—they deserve to be kept, remembered, and collected. Our project transforms social‑shared experiences into on‑chain souvenirs by turning posts into verifiable proof of presence. Whether it’s a concert, a community meetup, or a spontaneous street moment, participants don’t just share their memories online—they mint them into POAPs tied to their identity. The result is a bridge between lived experiences, social expression, and collectible digital artefacts.Instead of claiming a POAP passively, we anchor each claim to user‑generated content. The memory itself becomes the ticket.User scans QRUser logs in with TwitterSystem assigns a unique claim code to that Twitter userUser posts a tweet including code + imageBot monitors tweets for valid postsBackend verifies tweet authenticity + code ownership + mediaUser is authorized to mint a unique POAP linked to their accountWhy it matters :Links real participation to real content converting social proof into on‑chain proof.Rewards storytelling instead of passive claimingTurns memories into permanent digital artifactsBy making experiences collectible, we give communities a new way to share, authenticate, and remember the moments that matter.

Solution

We builtxbotas a full-stack TypeScript app where a single codebase orchestrates the Twitter bot, the admin console, and the claim experience. The frontend isNext.js 16 App Router + React 19 + Tailwind CSS, backed byPostgreSQL via Prisma. Authentication is handled withNextAuth.js using Twitter OAuth 2.0, so the same Twitter identity is used both to log into the claim UI and to link back to the tweets the bot processed.On the backend, we keep things very explicit and boring-on-purpose. A set of API routes under/api/adminexposes configuration, stats, and CSV exports;/api/deliveriesserves the authenticated user’s POAP deliveries; and/api/cron/process-tweetsis the brain of the bot. That cron endpoint is hit byVercel’s scheduled functions, protected by aCRON_SECRETcheck so it can’t be called publicly. On each run, the bot loads the current config from Postgres (hashtag, required code, POAP event, reply template), callsTwitter API v2to pull eligible tweets, and then talks to thePOAP APIto reserve unique mint links before persisting a “delivery” record via Prisma. This cleanly decouples “found a tweet” from “user actually clicked and claimed”.The web claim flow and admin UI are just thin React layers on top of those APIs. The claim page uses NextAuth session data to fetch deliveries for the logged-in Twitter account and renders a simple state machine: no deliveries / pending / ready-to-claim. The admin dashboard lives under/adminand is built as small Tailwind-styled components on top of/api/admin/config,/api/admin/stats, and/api/admin/deliveriesso organizers can tune the bot and export results without touching code. Tests are wired withJestandPlaywrightso we can exercise both the bot logic and the main flows end-to-end, and everything is deployed onVercelwith a singlevercel.jsonwiring the cron job.