Authentication
X APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication. There are a few methods for authentication, each listed below.
Most developers will not need to deal with the complexities surrounding authentication since client libraries automatically handle these difficulties.
You can find a list of available client libraries on our Tools and libraries page.
Authentication methods
OAuth 1.0a User Context
OAuth 1.0a allows an authorized X developer App to access private account information or perform a X action on behalf of a X account.
App only
App only Access Token allows a X developer app to access information publicly available on X.
Basic authentication
OAuth 2.0 Authorization Code Flow with PKCE
OAuth 2.0 User Context allows you to authenticate on behalf of another account with greater control over an application’s scope, and authorization flows across multiple devices.
Note: Your App’s API Keys and App only Access Token, as well as your personal Access Token and Access Token Secret can be obtained from the X developer Apps section found in the developer portal.
If you would like to make requests on behalf of another user, you will need to generate a separate set of Access Tokens for that user using the 3-legged OAuth flow, and pass that user’s tokens with your OAuth 1.0a User Context or OAuth 2.0 user context requests.
Additional resources
Guides
Learn how to generate tokens and authenticate requests using our integration guides.
API reference
Review our reference guides for our authentication endpoints.
Best practices
Make sure you protect yourself and understand the best practices for storing your keys and tokens.
FAQs
Question? Visit our FAQs.
Authentication
X APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication. There are a few methods for authentication, each listed below.
Most developers will not need to deal with the complexities surrounding authentication since client libraries automatically handle these difficulties.
You can find a list of available client libraries on our Tools and libraries page.
Authentication methods
OAuth 1.0a User Context
OAuth 1.0a allows an authorized X developer App to access private account information or perform a X action on behalf of a X account.
App only
App only Access Token allows a X developer app to access information publicly available on X.
Basic authentication
OAuth 2.0 Authorization Code Flow with PKCE
OAuth 2.0 User Context allows you to authenticate on behalf of another account with greater control over an application’s scope, and authorization flows across multiple devices.
Note: Your App’s API Keys and App only Access Token, as well as your personal Access Token and Access Token Secret can be obtained from the X developer Apps section found in the developer portal.
If you would like to make requests on behalf of another user, you will need to generate a separate set of Access Tokens for that user using the 3-legged OAuth flow, and pass that user’s tokens with your OAuth 1.0a User Context or OAuth 2.0 user context requests.
Additional resources
Guides
Learn how to generate tokens and authenticate requests using our integration guides.
API reference
Review our reference guides for our authentication endpoints.
Best practices
Make sure you protect yourself and understand the best practices for storing your keys and tokens.
FAQs
Question? Visit our FAQs.