# null Source: https://docs.x.com/home export const IntroCard = ({img, href, title, description}) => { return

{title}

{description}

; }; export function openSearch() { if (typeof window !== 'undefined') { document.getElementById('search-bar-entry').click(); } }
Tap into what's happening to build what's next

Get immediate access to the X API and unlock the potential of X data

Get started
Use cases
See how others are innovating with the X Developer Platform

Businesses, researchers, and developers all over the world have used the X Developer Platform to creatively innovate, gain valuable insights, and shape the future. Explore how they did it and get inspired to use the APIs in your own way.

Browse all success stories
# API Reference Index Source: https://docs.x.com/resources/api-reference-index # Enterprise data customers Source: https://docs.x.com/resources/enterprise/customer-directory export const IntroCard = ({img, href, title, description}) => { return

{title}

{description}

; }; ## Discover companies that use X data to help power innovation. Our enterprise data customers receive commercial-level access to APIs and dedicated account and developer support. Apply for enterprise API access to get the highest level of access and reliability. [Apply for enterprise access →](/resources/enterprise/forms/enterprise-api-interest) ## X Official Partners Work with a trusted X Official Partner to expand what's possible for your business. Each Official Partner has been selected for the program after an extensive evaluation, and represents excellence, value, and trust. [Check our partners →](https://partners.x.com/en) ## Enterprise customers listing Here's the modified version of your code with all images removed from the IntroCard components: # Enterprise Access Form Source: https://docs.x.com/resources/enterprise/forms/enterprise-api-interest export const Form = ({src, width = "500", height = "1000"}) => { return ; };
# Government End User Request Form Source: https://docs.x.com/resources/enterprise/forms/government-end-user-request export const Form = ({src, width = "500", height = "1000"}) => { return ; }; # X Official Partner Source: https://docs.x.com/resources/enterprise/partner-directory export const StoryCard = ({img, href, title}) => { return
{title}

{title}

; }; export const Banner = ({img, href, title, description}) => { return

{title}

{description}

; }; export const Button = ({href, children}) => { return
; }; export const IntroCard = ({img, href, title, description}) => { return

{title}

{description}

; }; ## Build your business with X Official Partners ###### Tap into the public conversation on X and turn insights into action with solutions from our partners.
## Work with a trusted X Official Partner to expand what's possible for your business Our partners are vetted for excellence and can provide technology to help you: * Understand consumer trends and preferences  * Collect and analyze product and service feedback  * Engage with customers and resolve issues  * Be alerted to breaking news and events  * Create, publish, and analyze content across social channels  * And more! ## Discover the right Official Partner for your business
### Official Partners represent excellence, value, and trust Each Official Partner has been selected for the program after an extensive evaluation. Our partners are continuously reviewed by X, as this invitation-only program holds its members to the highest performance standards, in order to deliver great experiences for brands. ## See our partners' impressive work # OAuth API reference index Source: https://docs.x.com/resources/fundamentals/authentication/api-reference ### OAuth 1.0a | | | | :-------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------- | | **Purpose** | Method | | Step 1 of the 3-legged OAuth flow and Sign in with X
Allows a Consumer application to obtain an OAuth Request Token to request user authorization. | [POST oauth/request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token) | | Step 2 of the 3-legged OAuth flow and Sign in with X
Allows a Consumer application to use an OAuth Request Tokento request user authorization. | [GET oauth/authenticate](/resources/fundamentals/authentication/api-reference#get-oauth-authenticate) | | Step 2 of the 3-legged OAuth flow and Sign in with X
Allows a Consumer application to use an OAuth Request Token to request user authorization. | [GET oauth/authorize](/resources/fundamentals/authentication/api-reference#get-oauth-authorize) | | Step 3 of the 3-legged OAuth flow and Sign in with X
Allows a Consumer application to exchange the OAuth Request Token for an OAuth Access Token. | [POST oauth/access\_token](/resources/fundamentals/authentication/api-reference#post-oauth-access-token) | | Allows a registered application to revoke an issued OAuth Access Token. | [POST oauth/invalidate\_token](/resources/fundamentals/authentication/api-reference#post-oauth-invalidate-token) | ### OAuth 2.0 Bearer Token | | | | :----------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------- | | **Purpose** | Method | | Allows a registered App to generate an OAuth 2 app-only Bearer Token, which can be used to make API requests on an App's behalf, without user context. | [POST oauth2/token](/resources/fundamentals/authentication/api-reference#post-oauth2-token) | | Allows a registered App to revoke an issued OAuth 2 app-only Bearer Token. | [POST oauth2/invalidate\_token](/resources/fundamentals/authentication/api-reference#post-oauth2-invalidate-token) | ### POST oauth/request\_token Allows a Consumer application to obtain an OAuth Request Token to request user authorization. This method fulfills [Section 6.1](https://oauth.net/core/1.0/#auth_step1) of the [OAuth 1.0 authentication flow](http://oauth.net/core/1.0/#anchor9). **We require you use HTTPS for all OAuth authorization steps.** **Usage Note:** Only ASCII values are accepted for the `oauth_nonce` **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/oauth/request_token` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :--- | | Response formats | JSON | | Requires authentication? | No | | Rate limited? | Yes | **Parameters[](#parameters "Permalink to this headline")** | Name | Required | Description | Example | | :-------------------- | :------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------- | | oauth\_callback | required | For OAuth 1.0a compliance this parameter is **required** . The value you specify here will be used as the URL a user is redirected to should they approve your application's access to their account. Set this to `oob` for out-of-band pin mode. This is also how you specify custom callbacks for use in desktop/mobile applications. Always send an `oauth_callback` on this step, regardless of a pre-registered callback.

We require that any callback URL used with this endpoint will have to be configured within the App’s settings on developer.x.com\* | `http://themattharris.local/auth.php` `twitterclient://callback` | | x\_auth\_access\_type | optional | Overrides the access level an application requests to a users account. Supported values are `read` or `write` . This parameter is intended to allow a developer to register a read/write application but also request read only access when appropriate. | | Learn more about how to approve your callback URLs on [this page](/resources/fundamentals/developer-apps#callback-urls). **Please note** - You can view and edit your existing [X apps](/resources/fundamentals/developer-apps) via the [X app dashboard](https://developer.x.com/en/apps) if you are logged into your X account on developer.x.com. **Example request[](#example-request "Permalink to this headline")** Request URL: `POST https://api.x.com/oauth/request_token` Request POST Body: *N/A* Authorization Header: `OAuth oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw", oauth_callback="http%3A%2F%2Fmyapp.com%3A3005%2Ftwitter%2Fprocess_callback", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849", oauth_consumer_key="OqEqJeafRSF11jBMStrZz", oauth_signature="Pc%2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"` Response: `oauth_token=Z6eEdO8MOmk394WozF5oKyuAv855l4Mlqo7hhlSLik&oauth_token_secret=Kd75W4OQfb2oJTV0vzGzeXftVAwgMnEK9MumzYcM&oauth_callback_confirmed=true` ### GET oauth/authorize Allows a Consumer application to use an OAuth Request Token to request user authorization. This method fulfills [Section 6.2](http://oauth.net/core/1.0/#auth_step2) of the [OAuth 1.0 authentication flow](http://oauth.net/core/1.0/#anchor9). Desktop applications must use this method (and cannot use [GET oauth / authenticate](/resources/fundamentals/authentication/api-reference#get-oauth-authenticate)). **Usage Note:** An `oauth_callback` is never sent to this method, provide it to [POST oauth / request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token) instead. **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/oauth/authorize` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :--- | | Response formats | JSON | | Requires authentication? | Yes | | Rate limited? | Yes | **Parameters[](#parameters "Permalink to this headline")** | | | | | | | :----------- | :------- | :-------------------------------------------------------------------------------------------- | :------------ | :------ | | Name | Required | Description | Default Value | Example | | force\_login | optional | Forces the user to enter their credentials to ensure the correct users account is authorized. | | | | screen\_name | optional | Prefills the username input box of the OAuth login screen with the given value. | | | **Example request[](#example-request "Permalink to this headline")** Send the user to the `oauth/authorize` step in a web browser, including an oauth\_token parameter: `https://api.x.com/oauth/authorize?oauth_token=Z6eEdO8MOmk394WozF5oKyuAv855l4Mlqo7hhlSLik` ### GET oauth/authenticate Allows a Consumer application to use an OAuth `request_token` to request user authorization. This method is a replacement of [Section 6.2](http://oauth.net/core/1.0/#auth_step2) of the [OAuth 1.0 authentication flow](http://oauth.net/core/1.0/#anchor9) for applications using the callback authentication flow. The method will use the currently logged in user as the account for access authorization unless the `force_login` parameter is set to `true`. This method differs from [GET oauth / authorize](/resources/fundamentals/authentication/api-reference#get-oauth-authorize) in that if the user has already granted the application permission, the redirect will occur without the user having to re-approve the application. To realize this behavior, you must enable the *Use Sign in with X* setting on your [application record](https://developer.x.com/apps). **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/oauth/authenticate` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :--- | | Response formats | JSON | | Requires authentication? | Yes | | Rate limited? | Yes | **Parameters[](#parameters "Permalink to this headline")** | | | | | | | :----------- | :------- | :-------------------------------------------------------------------------------------------- | :------------ | :------ | | Name | Required | Description | Default Value | Example | | force\_login | optional | Forces the user to enter their credentials to ensure the correct users account is authorized. | | *true* | | screen\_name | optional | Prefills the username input box of the OAuth login screen with the given value. | | | **Example request[](#example-request "Permalink to this headline")** Send the user to the `oauth/authenticate` step in a web browser, including an oauth\_token parameter: `https://api.x.com/oauth/authenticate?oauth_token=Z6eEdO8MOmk394WozF5oKyuAv855l4Mlqo7hhlSLik` ### POST oauth/access\_token Allows a Consumer application to exchange the OAuth Request Token for an OAuth Access Token. This method fulfills [Section 6.3](http://oauth.net/core/1.0/#auth_step3) of the [OAuth 1.0 authentication flow](http://oauth.net/core/1.0/#anchor9). **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/oauth/access_token` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :--- | | Response formats | JSON | | Requires authentication? | Yes | | Rate limited? | Yes | **Parameters[](#parameters "Permalink to this headline")** | | | | | | | :-------------- | :------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------ | :------ | | Name | Required | Description | Default Value | Example | | oauth\_token | required | The oauth\_token here must be the same as the oauth\_token returned in the request\_token step. | | | | oauth\_verifier | required | If using the OAuth web-flow, set this parameter to the value of the *oauth\_verifier* returned in the callback URL. If you are using out-of-band OAuth, set this value to the pin-code. For OAuth 1.0a compliance this parameter is **required**. OAuth 1.0a is strictly enforced and applications not using the *oauth\_verifier* will fail to complete the OAuth flow. | | | **Example request[](#example-request "Permalink to this headline")** `POST https://api.x.com/oauth/access_token?oauth_token=qLBVyoAAAAAAx72QAAATZxQWU6P&oauth_verifier=ghLM8lYmAxDbaqL912RZSRjCCEXKDIzx` From PIN-based `POST https://api.x.com/oauth/access_token?oauth_token=9Npq8AAAAAAAx72QBRABZ4DAfY9&oauth_verifier=4868795` **Example response[](#example-response "Permalink to this headline")** `oauth_token=6253282-eWudHldSbIaelX7swmsiHImEL4KinwaGloHANdrY&oauth_token_secret=2EEfA6BG5ly3sR3XjE0IBSnlQu4ZrUzPiYTmrkVU&user_id=6253282&screen_name=xapi` ### POST oauth/invalidate\_token Allows a registered application to revoke an issued OAuth access\_token by presenting its client credentials. Once an access\_token has been invalidated, new creation attempts will yield a different Access Token and usage of the invalidated token will no longer be allowed. **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/1.1/oauth/invalidate_token` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :-------------------------------------------------------------------------- | | Response formats | JSON | | Requires authentication? | Yes - User context with the access tokens that you would like to invalidate | | Rate limited? | Yes | **Example request[](#example-request "Permalink to this headline")** ```bash curl --request POST --url 'https://api.x.com/1.1/oauth/invalidate_token.json' --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY", oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE", oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP", oauth_token="ACCESS_TOKEN", oauth_version="1.0"' ``` **Example response[](#example-response "Permalink to this headline")** ```bash HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 127 ... {"access_token":"ACCESS_TOKEN"} ``` **Example error response after token has been invalidated[](#example-error-response-after-token-has-been-invalidated "Permalink to this headline")** ```bash HTTP/1.1 401 Authorization Required ... {"errors": [{ "code": 89, "message": "Invalid or expired token."} ]} ``` ### POST oauth2/token Allows a registered application to obtain an OAuth 2 Bearer Token, which can be used to make API requests on an application's own behalf, without a user context. This is called [Application-only authentication](/resources/fundamentals/authentication/oauth-2-0/application-only). A Bearer Token may be invalidated using oauth2/invalidate\_token. Once a Bearer Token has been invalidated, new creation attempts will yield a different Bearer Token and usage of the previous token will no longer be allowed. Only one bearer token may exist outstanding for an application, and repeated requests to this method will yield the same already-existent token until it has been invalidated. Successful responses include a JSON-structure describing the awarded Bearer Token. Tokens received by this method should be cached. If attempted too frequently, requests will be rejected with a HTTP 403 with code 99. **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/oauth2/token` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :-------------------------------------------------------------------------------------- | | Response formats | JSON | | Requires authentication? | Yes - Basic auth with your API key as your username and API key secret as your password | | Rate limited? | Yes | **Parameters[](#parameters "Permalink to this headline")** | | | | | | | :---------- | :------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------ | :-------------------- | | Name | Required | Description | Default Value | Example | | grant\_type | required | Specifies the type of grant being requested by the application. At this time, only *client\_credentials* is allowed. See [Application-Only Authentication](/resources/fundamentals/authentication/oauth-2-0/application-only) for more information. | | *client\_credentials* | **Example request[](#example-request "Permalink to this headline")** ```bash POST /oauth2/token HTTP/1.1 Host: api.x.com User-Agent: My X App v1.0.23 Authorization: Basic eHZ6MWV2R ... o4OERSZHlPZw== Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Content-Length: 29 Accept-Encoding: gzip grant_type=client_credentials ``` **Example response:** ```bash HTTP/1.1 200 OK Status: 200 OK Content-Type: application/json; charset=utf-8 ... Content-Encoding: gzip Content-Length: 140 {"token_type":"bearer","access_token":"AAAA%2FAAA%3DAAAAAAAA"} ``` ### POST oauth2/invalidate\_token Allows a registered application to revoke an issued oAuth 2.0 Bearer Token by presenting its client credentials. Once a Bearer Token has been invalidated, new creation attempts will yield a different Bearer Token and usage of the invalidated token will no longer be allowed. Successful responses include a JSON-structure describing the revoked Bearer Token. **Resource URL[](#resource-url "Permalink to this headline")** `https://api.x.com/oauth2/invalidate_token` **Resource Information[](#resource-information "Permalink to this headline")** | | | | :----------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Response formats | JSON | | Requires authentication? | Yes - [oAuth 1.0a](/resources/fundamentals/authentication/oauth-1-0a) with the application's consumer API keys and the application owner's access token & access token secret | | Rate limited? | Yes | **Parameters[](#parameters "Permalink to this headline")** | Name | Required | Description | | :------------ | :------- | :-------------------------------------------------------------- | | access\_token | required | The value of the bearer token that you would like to invalidate | **Example request[](#example-request "Permalink to this headline")** ``` curl --request POST --url 'https://api.x.com/oauth2/invalidate_token?access_token=AAAA%2FAAA%3DAAAAAAAA' --header 'authorization: OAuth oauth_consumer_key="CLIENT_KEY", oauth_nonce="AUTO_GENERATED_NONCE", oauth_signature="AUTO_GENERATED_SIGNATURE", oauth_signature_method="HMAC-SHA1", oauth_timestamp="AUTO_GENERATED_TIMESTAMP", oauth_token="ACCESS_TOKEN", oauth_version="1.0"' ``` **Example response[](#example-response "Permalink to this headline")** ``` Status: 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 135 ... { "access_token": "AAAA%2FAAA%3DAAAAAAAA" } ``` # Basic authentication Source: https://docs.x.com/resources/fundamentals/authentication/basic-auth ## Basic authentication Many of X's enterprise APIs require the use of HTTP Basic Authentication. To make a successful request to an API that requires Basic Authentication, you must pass a valid email address and password combination as an authorization header for each request. The email and password combination are the same ones that you will use to access the [enterprise API console](https://console.gnip.com/), and can be editted from within this console.  When building a request using Basic Authentication, make sure you add the Authentication: Basic HTTP header with encoded credentials over HTTPS. In the following cURL request example, you would replace `` and `` with your credentiails before sending the request: ```bash curl -v --compressed -u: "https://gnip-api.x.com/search/30day/accounts//prod/counts.json?query=from%3Axdevelopers" ``` **APIs that require basic authentication:** * [PowerTrack API](/x-api/enterprise-gnip-2.0/powertrack-api) enterprise * [Decahose stream API](http://localhost:3000/x-api/enterprise-gnip-2.0/fundamentals/decahose-api) enterprise * [30-Day Search API](/x-api/enterprise-gnip-2.0/fundamentals/search-api) enterprise * [Full-Archive Search API](/x-api/enterprise-gnip-2.0/fundamentals/search-api) enterprise * [Usage API](/x-api/enterprise-gnip-2.0/fundamentals/usage) enterprise # OAuth FAQ Source: https://docs.x.com/resources/fundamentals/authentication/faq ## General OAuth is an authentication protocol that allows users to approve an application to act on their behalf without sharing their password. More information can be found at [oauth.net](http://oauth.net/). You must have a [X app](/resources/fundamentals/developer-apps) to generate access tokens. Learn more about access tokens [here](/resources/fundamentals/authentication#oauth-1-0a-2).  You must have a [developer account](/resources/fundamentals/developer-portal) to create a [X app](/resources/fundamentals/developer-apps). You can sign up for one [here](https://developer.x.com/en/portal/petition/essential/basic-info). You can view and edit your app from the [X app dashboard](https://developer.x.com/content/developer-twitter/en/apps) if you are logged into your X account on developer.x.com. ## Technical Access tokens are not explicitly expired. An access token will be invalidated if a user explicitly revokes an application in the their X account settings, or if X suspends an application. If an application is suspended, there will be a note in the [X app](/resources/fundamentals/developer-apps) dashboard stating that it has been suspended. Assume a user’s access token *may* become invalid at any time. If this happens, prompt the user to re-authorize the application. Ensuring that this situation is handled gracefully is important for a good user experience. Many users trust an application to read their information, but not necessarily change their user profile information or post new statuses. Updating information via the X API - be it name, location or adding a new status - requires an HTTP POST. Any API method that requires an HTTP POST is considered a write method and requires read & write access. # Best practices Source: https://docs.x.com/resources/fundamentals/authentication/guides/authentication-best-practices export const Button = ({href, children}) => { return ; }; Your API keys and tokens should be guarded very carefully.  These credentials are directly tied to your [developer App](/resources/fundamentals/developer-apps) and those X account that have authorized you to make requests on behalf of them. If your keys are compromised, bad actors could use them to make requests to the X endpoints on behalf of your developer App or its authorized users, which could mean their requests might cause you to hit unexpected rate limits, use up your paid access allotment, or even cause your developer App to be suspended. The following sections include best practices that should be considered when managing your API keys and tokens. ## Regenerate API keys and tokens In the event that you believe that your API keys has been exposed, you should regenerate your API keys by following these steps: 1. Navigate to the [developer portal's "Projects and Apps" page](https://developer.x.com/en/portal/projects-and-apps.html). 2. Click on the "Keys and tokens" icon (🗝 ) next to the relevant App. 3. Click on the "Regenerate" button next to the set of keys and tokens that you would like to regenerate.  If you would prefer to regenerate your Access Tokens or Bearer Tokens programatically, you can do so using our authentication endpoints. * If you would like to regenerate your Access Tokens, you must invalidate your tokens using the [POST oauth/invalidate\_token](/resources/fundamentals/authentication/api-reference#post-oauth2-invalidate-token) endpoint, then regenerate your tokens using the [3-legged OAuth flow](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens). * If you would like to regenerate your Bearer Token, you must invalidate your token using the [POST oauth2/invalidate\_token](/resources/fundamentals/authentication/api-reference#post-oauth2-invalidate-token) endpoint, then regenerate your token using the [POST oauth2/token](/resources/fundamentals/authentication/api-reference#post-oauth2-token) endpoint. ## Having a central file for your secrets Having a file such as .ENV file or any other sort of .yaml file to contain your secrets is an option that could be helpful but be sure to have a strong .gitignore file that can prevent you from accidentally committing these to a git repository.  ## Environment variables Writing code that utilizes environment variables might be helpful.  An example of this is as follows written in Python: ```python import os consumer_key = os.environ.get("CONSUMER_KEY") consumer_secret = os.environ.get("CONSUMER_SECRET") ``` Inside of your terminal you would want to write something like this: ```bash export CONSUMER_KEY='xxxxxxxxxxxxxxxxxxx' export CONSUMER_SECRET='xxxxxxxxxxxxxxxxxxxxxxx' ``` ## Source code and version control The most common security mistakes made by developers are having API keys and tokens committed to source code in accessible version control systems like GitHub and BitBucket. Many of these code repositories are publicly accessible. This mistake is made so often in public code repositories that there are lucrative bots that scrape for API keys. * Use server environment variables. By storing API keys in environment variables, you keep them out of your code and version control. This also allows you to use different keys for different environments easily. * Use a configuration file excluded from source control. Add the filename to your [.gitignore](https://git-scm.com/docs/gitignore) file to exclude the file from being tracked by version control. * If you remove the API keys from your code after you have used version control, the API keys are likely still accessible by accessing previous versions of your codebase. Regenerate your API keys, as described in the next section. ## Databases If you need to store your access tokens in a database, please keep the following in mind: * Restrict access to the database in a way such that the access tokens are only readable by the owner of the token. * Restrict edit/write privileges to the database table for access tokens - this should be automated with the key management system. * Encrypt access tokens before storing in any data stores. ## Password management tools Password management tools such as 1password or Last Pass can be helpful in keeping your keys and tokens in secure place. You might want to avoid sharing these in side of a shared team password management tool. ## Web storage & cookies There are two types of web storage: LocalStorage and SessionStorage. These were created as improvements to using Cookies since the storage capacity for web storage is much higher than Cookie storage. However, there are different pros and cons to each of these storage options.   **Web Storage: LocalStorage** Anything stored in local web storage is persistent. This means that the data will persist until the data is explicitly deleted. Depending on the needs of your project, you might view this as a positive. However, you should be mindful of using LocalStorage, since any changes/additions to data will be available on all future visits to the webpage in question. We would not usually recommend using LocalStorage, although there may be a few exceptions to this. If you decide to use LocalStorage, it is good to know that it supports the same-origin policy, so all data stored here will only be available via the same origin. An added performance perk of using LocalStorage would be a resulting decrease in client-server traffic since the data does not have to be sent back to the server for every HTTP request.   **Web Storage: SessionStorage** SessionStorage is similar to LocalStorage, but the key difference is that SessionStorage is not persistent. Once the window (or tab, depending on which browser you are using) that was used to write to SessionStorage is closed, the data will be lost. This is useful in restricting read access to your token within a user session. Using SessionStorage is normally more preferable than LocalStorage when thinking in terms of security. Like LocalStorage, the perks of same-origin policy support and decreased client-server traffic apply to SessionStorage as well.   **Cookies** Cookies are the more traditional way to store session data. You can set an expiration time for each cookie, which would allow for ease of revocability and restriction of access. However, the client-server traffic would definitely increase when using cookies, since the data is being sent back to the server for every HTTP request. If you decide to use cookies, you need to protect against session hijacking. By default, cookies are sent in plaintext over HTTP, which makes their contents vulnerable to packet sniffing and/or man-in-the-middle attacks where attackers may modify your traffic. You should always enforce HTTPS to protect your data in transit. This will provide confidentiality, integrity (of the data), and authentication. However, if your web application or site is available both through HTTP and HTTPS, you will also want to use the 'Secure' flag on the cookie. This will prevent attackers from being able to send links to the HTTP version of your site to a user and listening in on the resulting HTTP request generated. Another secondary defense against session hijacking when using cookies would be to validate the user's identity again before any high-impact actions are carried out. One other flag to consider for improving the security of your cookies would be the 'HttpOnly' flag. This flag tells the browser that the cookie in question shall only be accessible from the server specified. Any attempts made by client-side scripts would be forbidden by this flag, therefore helping to protect against most cross-site scripting (XSS) attacks. # Log in with X Source: https://docs.x.com/resources/fundamentals/authentication/guides/log-in-with-x export const Button = ({href, children}) => { return ; }; Use Log in with X, also known as Sign in with X, to place a button on your site or application which allows X users to enjoy the benefits of a registered user account in as little as one click. This works on websites, iOS, mobile, and desktop applications. ![Sign in with X button](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/auth-docs/sign-in-with-twitter-gray.png.twimg.1920.png) ## Features * Ease of use - A new visitor to your site only has to click two buttons in order to log in for the first time. * X integration - The Log in with X flow can grant authorization to use X APIs on your users' behalf. * OAuth based - A wealth of client libraries and example code are compatible with the Log in with X API. ## Available for * Browsers - If your users can access a browser, you can integrate with Log in with X. Learn about the browser sign in flow. * Mobile devices - Any web-connected mobile device can take advantage of Log in with X. Learn about the mobile sign in flow. ## Implementing Log in with X The browser and mobile web implementations of Log in with X are based on OAuth. This page demonstrates the requests needed to obtain an access token for the sign in flow. To use the “Log in with X" flow, please go to your [X app settings](/resources/fundamentals/developer-apps) and ensure that the *"Allow this app to be used to Sign in with X?*” option is enabled. This page assumes that the reader knows how to sign requests using the OAuth 1.0a protocol. If you want to know how to sign a request, read the [Authorizing a request](/resources/fundamentals/authentication/oauth-1-0a/authorizing-a-request) page. If you want to check the signing of the requests on this page, the consumer secret used is: L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg. This value is for test purposes and will not work for real requests. The three steps for implementing Log in with X through obtaining a request token, redirecting a user, and converting a request token into an access token are listed below. ### Step 1: Obtaining a request token To start a sign-in flow, your [X app](/resources/fundamentals/developer-apps) must obtain a request token by sending a signed message to [POST oauth/request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token). The only unique parameter in this request is oauth\_callback, which must be a URL-encoded version of the URL you wish your user to be redirected to when they complete step 2. The remaining parameters are added by the OAuth signing process. **Note:** Any [callback URL](/resources/fundamentals/developer-apps#callback-urls) that you use with the [POST oauth/request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token) endpoint will have to be registered within the [X app settings](/resources/fundamentals/developer-apps) in the [developer portal](/resources/fundamentals/developer-portal). **Example request (Authorization header has been wrapped):** ``` POST /oauth/request_token HTTP/1.1 User-Agent: themattharris' HTTP Client Host: api.x.com Accept: */* Authorization: OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F", oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_version="1.0" ``` Your app should examine the HTTP status of the response. Any value other than 200 indicates a failure. The body of the response will contain the oauth\_token, oauth\_token\_secret, and oauth\_callback\_confirmed parameters. Your app should verify that oauth\_callback\_confirmed is true and store the other two values for the next steps. **Example response (response body has been wrapped):** ``` HTTP/1.1 200 OK Date: Thu, 13 Oct 2011 00:57:06 GMT Status: 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 146 Pragma: no-cache Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Vary: Accept-Encoding Server: tfe oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0& oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI& oauth_callback_confirmed=true ``` ### Step 2: Redirecting the user The next step is to direct the user to X so that they may complete the appropriate flow, as described in Browser sign-in flow below. Direct the user to [GET oauth/authenticate](/resources/fundamentals/authentication/api-reference#get-oauth-authenticate), and the request token obtained in step 1 should be passed as the oauth\_token parameter. The most seamless way for a website to implement this would be to issue an HTTP 302 redirect as the response to the original “sign in” request. Mobile and desktop apps should open a new browser window or direct to the URL via an embedded web view. **Example URL to redirect to:** [https://api.x.com/oauth/authenticate?oauth\_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0](https://api.x.com/oauth/authenticate?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0) The sign in endpoint will behave in one of three ways depending on the user’s status: 1. **Signed in and approved**: If the user is signed in on x.com and has already approved the calling application, they will be immediately authenticated and returned to the callback URL with a valid OAuth request token. The redirect to x.com is not obvious to the user. 2. **Signed in but not approved**: If the user is signed in to x.com but has not approved the calling application, a request to share access with the calling application will be shown. After accepting the authorization request, the user will be redirected to the callback URL with a valid OAuth request token. 3. **Not signed in**: If the user is not signed in on x.com, they will be prompted to enter their credentials and grant access for the application to access their information on the same screen. Once signed in, the user will be returned to the callback URL with a valid OAuth request token. Upon a successful authentication, your callback\_url would receive a request containing the oauth\_token and oauth\_verifier parameters. Your application should verify that the token matches the request token received in step 1. **Request from client’s redirect (querystring parameters wrapped):** ``` GET /sign-in-with-twitter/? oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0& oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.5 (KHTML, like Gecko) Chrome/16.0.891.1 Safari/535.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: http://localhost/sign-in-with-twitter/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 ``` ### Step 3: Converting the request token to an access token To render the request token into a usable access token, your application must make a request to the [POST oauth/access\_token](/resources/fundamentals/authentication/api-reference#post-oauth-access-token) endpoint, containing the oauth\_verifier value obtained in step 2. The request token is also passed in the oauth\_token portion of the header, but this will have been added by the signing process. **Example request (Authorization header wrapped):** ``` POST /oauth/access_token HTTP/1.1 User-Agent: themattharris' HTTP Client Host: api.x.com Accept: */* Authorization: OAuth oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", oauth_nonce="a9900fe68e2573b27a37f10fbad6a755", oauth_signature="39cipBtIOHEEnybAR4sATQTpl2I%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1318467427", oauth_token="NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0", oauth_version="1.0" Content-Length: 57 Content-Type: application/x-www-form-urlencoded oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY ``` A successful response contains the oauth\_token, oauth\_token\_secret parameters. The token and token secret should be stored and used for future authenticated requests to the X API. To determine the identity of the user, use [GET account/verify\_credentials](https://dev.x.com/rest/reference/get/account/verify_credentials). **Example response (response body has been wrapped):** ``` HTTP/1.1 200 OK Date: Thu, 13 Oct 2011 00:57:08 GMT Status: 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 157 Pragma: no-cache Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Vary: Accept-Encoding Server: tfe oauth_token=7588892-kagSNqWge8gB1WwE3plnFsJHAZVfxWD7Vb57p0b4& oauth_token_secret=PbKfYqSryyeKDWz4ebtY3o5ogNLG11WJuZBc9fQrQo ``` ### Log in with X Resources #### Client libraries The client libraries listed at [X libraries](/resources/tools-and-libraries) will help implement Log in with X. Use the /oauth/authenticate endpoint, as described in the previous steps. #### Buttons X would prefer your application to use the following buttons for consistent branding. Save these images to host on your own servers. Sign in with X (button style): Sign in with X (link style): The browser log in flow is appropriate for websites and applications which are able to open or embed a web browser. At a very high level: * The application renders a “Sign in with X” link or button. * The user clicks the sign in button. * The current web browser is redirected to X (or a new browser is opened and directed to X). * The user completes a login and authorization step at X if needed. * X redirects back to an URL under the application’s control, passing authorization information for the user. X keeps track of the authorizations, so for users already signed in to X.com who have authorized the application, no UI is shown - instead, they are automatically redirected back to the application. ### Desktop flow To demonstrate the flows, pretend the website pictured above (“The greatest website ever created”) has implemented this API, as shown by the Sign in with X button on the landing page. When the user clicks the Sign in button, the page they see depends on whether they are signed in and whether they have previously allowed the application to access their account. When the user is signed in to x.com but has not granted access, a list of requested permissions, along with Sign In and Cancel buttons are shown. When the user is not signed in to x.com input fields for a username and password will be shown. Note that even if the user has already granted access to the application, the list of permissions will still be shown. After the user inputs valid credentials (if needed) and clicks “Sign In”, X will redirect the user to the website which started the sign in flow. In the case where the user is already signed in to x.com and has granted access to the website, this redirect happens immediately. The UI flow for mobile web browsers works exactly like the Browser sign in flow, but is optimized for mobile browsers. Below are screenshots for the signed in, signed out, and redirect screens: # Connection to X API using TLS Source: https://docs.x.com/resources/fundamentals/authentication/guides/tls export const Button = ({href, children}) => { return ; }; TLS connections are required in order to access X API endpoints. Communicating over TLS preserves user privacy and security by protecting information between the user and the X API as it travels across the public Internet. Connections to the X API require TLS version 1.2. ## Verification ### Use an up-to-date root store It's important that your application or library use a trustworthy and up-to-date root store when verifying the X certificate. Where possible, using the root store provided by your operating system may be the simplest approach here. Alternatively, the [Mozilla (NSS) root store](https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/) is well maintained in a public and transparent manner. Curl also provides [a version of this store in PEM format](https://curl.haxx.se/docs/caextract.html). X currently issues the bulk of our certs from the [DigiCert High Assurance EV Root CA](https://www.digicert.com/digicert-root-certificates.htm), but this is not true for 100% of X-related certificates and may not hold true forever, so trusting only the currently-used Digicert roots may lead to issues with your app in the future. ### Check CRLs and the OCSP status[](#check-crls-and-the-ocsp-status "Permalink to this headline") Many applications do not check the Certificate Revocation List for returned certificates or rely on the operating system to do so. Ensure that your application or TLS library is configured to force CRL and OCSP (Online Certificate Status Protocol) verification before accepting X’s certificate. ### CDNs[](#cdns "Permalink to this headline") When showing Tweets that contain media, use the `media_url_https` attribute for the HTTPS URLs to use when showing images. In the future, all URLs served from API endpoints will provide HTTPS paths. ## Provide an indication of security status If possible, you should show an indication of the current status between your application and X. Some web browsers indicate this by offering a Lock Icon, while others indicate the current connection state with descriptive messaging. # X API v2 authentication mapping Source: https://docs.x.com/resources/fundamentals/authentication/guides/v2-authentication-mapping export const Button = ({href, children}) => { return ; }; The following chart illustrates which v2 endpoints map to what authentication methods.    | | | | | | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------- | :---------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------- | | **Endpoint** | **OAuth 1.0a User Context** | **OAuth 2.0** **App Only 
** | **OAuth 2.0
Authorization Code with PKCE** | | [Tweet lookup](/x-api/posts/lookup/introduction)

Retrieve multiple Tweets with a list of IDs

[GET /2/tweets](/x-api/posts/post-lookup-by-post-ids)

Retrieve a single Tweet with an ID

[GET /2/tweets/:id](/x-api/posts/post-lookup-by-post-id) | ✅ | ✅ | ✅  

Scopes:

tweet.read

users.read | | [Manage Tweets](/x-api/posts/manage-tweets/introduction)

Post a Tweet

[POST /2/tweets](/x-api/posts/creation-of-a-post)

Delete a Tweet

[DELETE /2/tweets/:id](/x-api/posts/post-delete-by-post-id) | ✅ | | ✅

Scopes:

tweet.read

tweet.write

users.read | | [Timelines](/x-api/posts/timelines/introduction)

User Tweet timeline

[GET /2/users/:id/tweets](/x-api/posts/user-posts-timeline-by-user-id)

User mention timeline

[GET /2/users/:id/mentions](/x-api/posts/user-mention-timeline-by-user-id)

Reverse chronological home timeline

[GET /2/users/:id/timelines/reverse\_cronological](/x-api/posts/timelines#user-mention-timeline-3) | ✅

✅ | ✅ | ✅

Scopes:

tweet.read

users.read



Scopes:

tweet.read

users.read | | [Recent search](/x-api/posts/search/introduction#recent-search)

Search for Tweets published in the last 7 days

[GET /2/tweets/search/recent](/x-api/posts/recent-search) | ✅ | ✅ | ✅

Scopes: 

tweet.read

users.read | | [Full-archive search](/x-api/posts/search/introduction#full-archive-search)

Only available to those with Academic Research access

Search the full archive of Tweets

[GET /2/tweets/search/all](/x-api/posts/full-archive-search) | | ✅ | | | [Filtered stream](/x-api/posts/filtered-stream/introduction)

Add or delete rules from your stream

[POST /2/tweets/search/stream/rules](/x-api/posts/adddelete-rules)

Retrieve your stream's rules

[GET /2/tweets/search/stream/rules](/x-api/posts/rules-lookup)

Connect to the stream

[GET /2/tweets/search/stream](/x-api/posts/filtered-stream) | | ✅ | | | [Volume streams](/x-api/posts/volume-streams/introduction)

Streams about 1% of all Tweets in real-time.

[GET /2/tweets/sample/stream](/x-api/posts/sample-stream) | | ✅ | | | [Manage Retweets](/x-api/posts/retweets/introduction#manage-retweets)

Retweet a Tweet

[POST /2/users/:id/retweets](/x-api/posts/retrieve-posts-that-repost-a-post)

Delete a Retweet

[DELETE /2/users/:id/retweets/:source\_tweet\_id](/x-api/posts/causes-the-user-in-the-path-to-unretweet-the-specified-post) | ✅ | | ✅

Scopes:

tweet.read

tweet.write

users.read | | [Retweets lookup](/x-api/posts/retweets/introduction#retweets-lookup)

Users who have Retweeted a Tweet

[GET /2/tweets/:id/retweeted\_by](/x-api/users/returns-user-objects-that-have-retweeted-the-provided-post-id) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read | | Bookmarks [lookup](/x-api/posts/bookmarks/introduction#bookmarks-lookup)

Get bookmarked Tweets

[GET /2/tweets/:id/bookmarks](/x-api/bookmarks/bookmarks-by-user) | | | ✅

Scopes:

tweet.read

users.read

bookmark.read | | [Manage Bookmarks](/x-api/posts/bookmarks/introduction#manage-bookmarks)

Bookmark a Tweet

[POST /2/tweets/:id/bookmarks](/x-api/bookmarks/add-post-to-bookmarks)

Remove a Bookmark of a Tweet

[DELETE /2/users/:id/bookmarks:tweet\_id](/x-api/bookmarks/remove-a-bookmarked-post) | | | ✅

Scopes:

tweet.read

users.read

bookmark.write | | [Manage Likes](/x-api/posts/likes/introduction#manage-likes)

Like a Tweet

[POST /2/users/:id/likes](/x-api/posts/causes-the-user-in-the-path-to-like-the-specified-post)

Undo a Like of a Tweet

[DELETE /2/users/:id/likes/:tweet\_id](/x-api/posts/causes-the-user-in-the-path-to-unlike-the-specified-post) | ✅ | | ✅

Scopes:

tweet.read

users.read

like.write | | [Likes lookup](/x-api/posts/likes/introduction#likes-lookup)

Users who have liked a Tweet

[GET /2/tweets/:id/liking\_users](/x-api/users/returns-user-objects-that-have-liked-the-provided-post-id)

Tweets liked by a user

[GET /2/users/:id/liked\_tweets](/x-api/posts/returns-post-objects-liked-by-the-provided-user-id) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read

like.read | | [Hide replies](/x-api/posts/hide-replies/introduction)

Hides or unhides a reply to a Tweet.

[PUT /2/tweets/:id/hidden](/x-api/posts/hide-replies) | ✅ | | ✅

Scopes:

tweet.read

users.read

tweet.moderate.write | | [Users lookup](/x-api/users/lookup/introduction)

Retrieve multiple users with IDs

[GET /2/users](/x-api/users/user-lookup-by-ids)

Retrieve a single user with an ID

[GET /2/users/:id](/x-api/users/user-lookup-by-id)

Retrieve multiple users with usernames

[GET /2/users/by](/x-api/users/user-lookup-by-usernames)

Retrieve a single user with a usernames

[GET /2/users/by/username/:username](/x-api/users/user-lookup-by-username)

Get information about an authenticated user

[GET /2/users/me](/x-api/users/user-lookup-me) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read | | [Manage follows](/x-api/users/follows/introduction#manage-follows)

Allows a user ID to follow another user

[POST /2/users/:id/following](/x-api/users/follow-user)

Allows a user ID to unfollow another user

[DELETE /2/users/:source\_user\_id/following/:target\_user\_id](/x-api/users/unfollow-user) | ✅ | | ✅

Scopes: 

tweet.read

users.read

follows.write | | [Follows lookup](/x-api/users/follows/introduction#follows-lookup)

Lookup following of a user by ID

[GET /2/users/:id/following](/x-api/users/following-by-user-id)

Lookup followers of a user by ID

[GET /2/users/:id/followers](/x-api/users/followers-by-user-id) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read

follows.read | | [Blocks lookup](/x-api/users/blocks/introduction#blocks-lookup)

Returns a list of users who are blocked by the specified user ID 

[GET /2/users/:id/blocking](/x-api/users/returns-user-objects-that-are-blocked-by-provided-user-id) | ✅ | | ✅

Scopes:

tweet.read

users.read

block.read | | [Manage Mutes](/x-api/users/mutes/introduction#manage-mutes)

Allows a user ID to mute another user

[POST /2/users/:id/muting](/x-api/users/mute-user-by-user-id)

Allows a user ID to unmute another user

[DELETE /2/users/:source\_user\_id/muting/:target\_user\_id](/x-api/users/unmute-user-by-user-id) | ✅ | | ✅

Scopes:

tweet.read

users.read

mute.write | | [Mutes lookup](/x-api/users/mutes/introduction#mutes-lookup)

Returns a list of users who are muted by the specified user ID

[GET /2/users/:id/muting](/x-api/users/returns-user-objects-that-are-muted-by-the-provided-user-id) | ✅ | | ✅

Scopes:

tweet.read

users.read

mute.read | | [Spaces lookup](/x-api/spaces/lookup/introduction)

Lookup Space by ID

[GET /2/spaces/:id](/x-api/spaces/space-lookup-by-space-id)

Lookup multiple Spaces 

[GET /2/spaces](/x-api/spaces/space-lookup-up-space-ids)

Discover Spaces created by user ID

[GET /2/spaces/by/creator\_ids](/x-api/spaces/space-lookup-by-their-creators) | | ✅ | ✅

Scopes:

tweet.read

users.read

space.read | | [Spaces lookup](/x-api/spaces/lookup/introduction)

Get users who purchased a ticket to a Space

[GET /2/spaces/:id/buyers](/x-api/spaces/retrieve-the-list-of-users-who-purchased-a-ticket-to-the-given-space) | | | ✅

Scopes:

tweet.read

users.read

space.read | | [Spaces search](/x-api/spaces/search/introduction)

Returns live or scheduled Spaces matching your specified search terms.

[GET /2/spaces/search](/x-api/spaces/search-for-spaces) | | ✅ | ✅

Scopes:

tweet.read

users.read

space.read | | [List lookup](/x-api/lists/list-lookup/introduction)

Lookup a specific list by ID

[GET /2/lists/:id](/x-api/lists/list-lookup-by-list-id)

Lookup a user's owned List

[GET /2/users/:id/owned\_lists](/x-api/lists/get-a-users-owned-lists) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read

list.read | | [Manage Lists](/x-api/lists/manage-lists/introduction)

Creates a new List on behalf of an authenticated user

[POST /2/lists](/x-api/lists/create-list) | ✅ | | ✅

Scopes:

tweet.read

users.read

list.read

list.write | | [Manage Lists](/x-api/lists/manage-lists/introduction)

Deletes a List the authenticated user owns

[DELETE /2/lists/:id](/x-api/lists/delete-list)

Updates the metadata for a List the authenticated user owns

[PUT /2/lists/:id](/x-api/lists/update-list) | ✅ | | ✅

Scopes:

tweet.read

users.read

list.write | | [List Tweets lookup](/x-api/lists/list-tweets/introduction)

Lookup Tweets from a specified List

[GET /2/lists/:id/tweets](/x-api/posts/list-posts-timeline-by-list-id) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read

list.read | | [List members lookup](/x-api/lists/list-members/introduction#list-members-lookup)

Returns a list of members from a specified List

[GET /2/lists/:id/members](/x-api/users/returns-user-objects-that-are-members-of-a-list-by-the-provided-list-id)

Returns all Lists a specified user is a member of

[GET /2/users/:id/list\_memberships](/x-api/lists/get-a-users-list-memberships) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read

list.read | | [Manage List members](/x-api/lists/list-members/introduction#manage-list-members)

Add a member to a List that the authenticated user owns

[POST /2/lists/:id/members](/x-api/users/returns-user-objects-that-are-members-of-a-list-by-the-provided-list-id)

Removes a member from a List the authenticated user owns

[DELETE /2/lists/:id/members/:user\_id](/x-api/lists/remove-a-list-member) | ✅ | | ✅

Scopes:

tweet.read

users.read

list.write | | [List follows lookup](/x-api/lists/list-lookup/introduction)

Returns all followers of a specified List

[GET /2/lists/:id/followers](/x-api/users/returns-user-objects-that-follow-a-list-by-the-provided-list-id)

Returns all Lists a specified user follows

[GET /2/users/:id/followed\_lists](/x-api/lists/get-users-followed-lists) | ✅ | ✅ | ✅

Scopes:

tweet.read

users.read

list.read | | [Manage List follows](/x-api/lists/manage-lists/introduction)

Follows a List on behalf of an authenticated user

[POST /2/users/:id/followed\_lists](/x-api/lists/follow-a-list)

Unfollows a List on behalf of an authenticated user

[DELETE /2/users/:id/followed\_lists/:list\_id](/x-api/lists/unfollow-a-list) | ✅ | | ✅

Scopes:

tweet.read

users.read

list.write | | [Pinned List lookup](/x-api/lists/pinned-lists/introduction)

Returns the pinned Lists of the authenticated user

[GET /2/users/:id/pinned\_lists](/x-api/lists/get-a-users-pinned-lists) | ✅ | | ✅

Scopes:

tweet.read

users.read

list.read | | [Manage pinned List](/x-api/lists/pinned-lists/introduction)

Pins a List on behalf of an authenticated user

[POST /2/users/:id/pinned\_lists](/x-api/lists/pin-a-list)

Unpins a List on behalf of an authenticated user

[DELETE /2/users/:id/pinned\_lists/:list\_id](/x-api/lists/unpin-a-list) | ✅ | | ✅

Scopes:

tweet.read

users.read

list.write | | [Batch compliance](/x-api/compliance/batch-compliance/introduction)

Creates a new compliance job

[POST /2/compliance/jobs](/x-api/compliance/create-compliance-job)

Returns status and download information about a specified compliance job

[GET /2/compliance/jobs/:job\_id](/x-api/compliance/get-compliance-job)

Returns a list of recent compliance jobs

[GET /2/compliance/jobs](/x-api/compliance/list-compliance-jobs) | | ✅ | | # API Key and Secret Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/api-key-and-secret export const Button = ({href, children}) => { return ; }; ### API Key and Secret The API Key and Secret (also known as Consumer Key and Secret) are the most fundamental credentials required to access the X API. These credentials act as the username and password for your X App, and are used by the X API to understand which App requests are coming from.  These credentials can be used by [authentication endpoints](/resources/fundamentals/authentication/api-reference) to generate additional credentials, such as [user Access Tokens and Secrets](/resources/fundamentals/authentication/oauth-1-0a/api-key-and-secret), and [Bearer Tokens](/resources/fundamentals/authentication/oauth-2-0/bearer-tokens). You also need to use these credentials along with Access Tokens and other authorization parameters to [authorize requests](/resources/fundamentals/authentication/oauth-1-0a/authorizing-a-request) that require OAuth 1.0a User Context authentication.  #### How to acquire an API Key and Secret To acquire a X API Key and Secret, please follow these steps: 1. [Sign up for a X developer account](https://developer.x.com/en/apply-for-access) 2. Create a [X App](/resources/fundamentals/developer-apps) within the [developer portal](/resources/fundamentals/developer-portal). Note that if you would like to use [X API v2](/x-api/introduction), you must add your X App to a [Project](/resources/fundamentals/projects).   When you create your X App, you will be presented with your API Key and Secret, along with a Bearer Token. Please note that we only display these credentials once, so make sure to save them in your password manager or somewhere secure. We have more recommendations on how to handle your keys and tokens within our [authentication best practices](/resources/fundamentals/authentication/guides/authentication-best-practices) page, including details on what you should do if your credentials have been compromised.   #### How to find and regenerate your API Key and Secret after App creation If you've already created an App and need to find or regenerate your API Key and Secret, please follow these steps: 1. Navigate to the developer portal 2. Expand the 'Projects and Apps' dropdown in the sidenav 3. Open the App which is associated with the API Key and Secret that you would like to find or regenerate 4. Navigate to the Keys and tokens tab From there, you will find all of the credentials associated with your App.    #### How to use your API Key and Secret If you are just exploring the X Developer Platform, we recommend that you use a [tool or library](/resources/tools-and-libraries) to see what’s available on the platform. These tools handle authentication gracefully, and can save you a lot of time and frustration. We specifically recommend [getting started with Postman](/tutorials/postman-getting-started) or [Insomnia](https://insomnia.rest/) for beginner developers.  If you are interested in building a request from scratch, please read our guide on [authorizing an OAuth 1.0a request](/resources/fundamentals/authentication/oauth-1-0a/authorizing-a-request).   # Authorizing a request Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/authorizing-a-request export const Button = ({href, children}) => { return ; }; ### Authorizing a request The purpose of this document is to show you how to modify HTTP requests for the purpose of sending authorized requests to the X API. All of X's APIs are based on the HTTP protocol. This means that any software you write which uses X's APIs sends a series of structured messages to X’s servers. For example, a request to post the text “**Hello Ladies + Gentlemen, a signed OAuth request!**” as a Tweet will look something like this: ``` POST /1.1/statuses/update.json?include_entities=true HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.4 Content-Type: application/x-www-form-urlencoded Content-Length: 76 Host: api.x.com status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21 ``` Any HTTP library should be able to generate and issue the above request with a minimum of difficulty. However, the above request is considered invalid, since there is no way of knowing: 1. Which application is making the request 2. Which user the request is posting on behalf of 3. Whether the user has granted the application authorization to post on the user’s behalf 4. Whether the request has been tampered by a third party while in transit To allow applications to provide this information, X’s API relies on the [OAuth 1.0a protocol](http://tools.ietf.org/html/rfc5849). At a very simplified level, X’s implementation requires that requests needing authorization contain an additional HTTP Authorization header with enough information to answer the questions listed above. A version of the HTTP request shown above, modified to include this header, looks like this (normally the Authorization header would need to be on one line, but has been wrapped for legibility here): ``` POST /1.1/statuses/update.json?include_entities=true HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.4 Content-Type: application/x-www-form-urlencoded Authorization: OAuth oauth\_consumer\_key="xvz1evFS4wEEPTGEFPHBog", oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", oauth\_signature\_method="HMAC-SHA1", oauth_timestamp="1318622958", oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", oauth_version="1.0" Content-Length: 76 Host: api.x.com status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21 ``` When this request was created, it would have been accepted by the X API as valid. If this signing process sounds like it is beyond the scope of your integration, consider using [Web Intents](https://dev.x.com/web/intents), which do not need to use OAuth to interact with the X API.   **Collecting parameters** You should be able to see that the header contains 7 key/value pairs, where the keys all begin with the string “oauth\_”. For any given X API request, collecting these 7 values and creating a similar header will allow you to specify authorization for the request. How each value was generated is described below: **Consumer key** The oauth\_consumer\_key identifies which application is making the request. Obtain this value from the settings page for your [X app](/resources/fundamentals/developer-apps) in the [developer portal](/resources/fundamentals/developer-portal). | | | | :------------------- | :--------------------- | | oauth\_consumer\_key | xvz1evFS4wEEPTGEFPHBog | **Nonce** The oauth\_nonce parameter is a unique token your application should generate for each unique request. X will use this value to determine whether a request has been submitted multiple times. The value for this request was generated by base64 encoding 32 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here. | | | | :----------- | :----------------------------------------- | | oauth\_nonce | kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg | **Signature** The oauth\_signature parameter contains a value which is generated by running all of the other request parameters and two secret values through a signing algorithm. The purpose of the signature is so that X can verify that the request has not been modified in transit, verify the application sending the request, and verify that the application has authorization to interact with the user’s account. The process for calculating the oauth\_signature for this request is described in [Creating a signature](/resources/fundamentals/authentication/oauth-1-0a/creating-a-signature). | | | | :--------------- | :--------------------------- | | oauth\_signature | tnnArxj06cWHq44gCs1OSKk/jLY= | **Signature method** The oauth\_signature\_method used by X is HMAC-SHA1. This value should be used for any authorized request sent to X’s API. | | | | :----------------------- | :-------- | | oauth\_signature\_method | HMAC-SHA1 | **Timestamp** The oauth\_timestamp parameter indicates when the request was created. This value should be the number of seconds since the Unix epoch at the point the request is generated, and should be easily generated in most programming languages. X will reject requests which were created too far in the past, so it is important to keep the clock of the computer generating requests in sync with NTP. | | | | :--------------- | :--------- | | oauth\_timestamp | 1318622958 | **Token** The oauth\_token parameter typically represents a user’s permission to share access to their account with your application. There are a few authentication requests where this value is not passed or is a different form of token, but those are covered in detail in [Obtaining access tokens](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens). For most general-purpose requests, you will use what is referred to as an **access token**. You can generate a valid [access token](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) for your account on the settings page for your [X app](/resources/fundamentals/developer-apps) on the [developer portal](/resources/fundamentals/developer-portal). | | | | :----------- | :------------------------------------------------- | | oauth\_token | 370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb | **Version** The oauth\_version parameter should always be 1.0 for any request sent to the X API. | | | | :------------- | :-- | | oauth\_version | 1.0 | #### Building the header string To build the header string, imagine writing to a string named DST. 1. Append the string “OAuth ” (including the space at the end) to DST. 2. For each key/value pair of the 7 parameters listed above: 1. [Percent encode](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) the key and append it to DST. 2. Append the equals character ‘=’ to DST. 3. Append a double quote ‘”’ to DST. 4. [Percent encode](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) the value and append it to DST. 5. Append a double quote ‘”’ to DST. 6. If there are key/value pairs remaining, append a comma ‘,’ and a space ‘ ‘ to DST. Pay particular attention to the percent encoding of the values when building this string. For example, the oauth\_signature value of tnnArxj06cWHq44gCs1OSKk/jLY= must be encoded as tnnArxj06cWHq44gCs1OSKk%2FjLY%3D. Performing these steps on the parameters collected above results in the following string: ``` OAuth oauth\_consumer\_key="xvz1evFS4wEEPTGEFPHBog", oauth\_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth\_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D", oauth\_signature\_method="HMAC-SHA1", oauth\_timestamp="1318622958", oauth\_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb", oauth_version="1.0" ``` This value should be set as the Authorization header for the request. # Creating a signature Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/creating-a-signature export const Button = ({href, children}) => { return ; }; ### Creating a signature This page explains how to generate an OAuth 1.0a HMAC-SHA1 signature for an HTTP request. This signature will be suitable for passing to the X API as part of an authorized request, as described in [authorizing a request.](/resources/fundamentals/authentication/oauth-1-0a/authorizing-a-request) The request used to demonstrate signing is a POST to [https://api.x.com/1.1/statuses/update.json](https://api.x.com/1.1/statuses/update.json). The raw request looks like this: ``` POST /1.1/statuses/update.json?include_entities=true HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.4 Content-Type: application/x-www-form-urlencoded Content-Length: 76 Host: api.x.com status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21 ``` **Collecting the request method and URL** To produce a signature, start by determining the HTTP method and URL of the request. These two are known when creating the request, so they are easy to obtain. The request method will almost always be GET or POST for X API requests. | | | | :---------- | :--- | | HTTP Method | POST | The base URL is the URL to which the request is directed, minus any query string or hash parameters. It is important to use the correct protocol here, so make sure that the “https\://” portion of the URL matches the actual request sent to the API. | | | | :------- | :--------------------------------------------------------------------------------------- | | Base URL | [https://api.x.com/1.1/statuses/update.json](https://api.x.com/1.1/statuses/update.json) | #### Collecting parameters Next, gather all of the parameters included in the request. There are two such locations for these additional parameters - the URL (as part of the query string) and the request body. The sample request includes a single parameter in both locations: ``` POST /1.1/statuses/update.json?include_entities=true HTTP/1.1 Accept: */* Connection: close User-Agent: OAuth gem v0.4.4 Content-Type: application/x-www-form-urlencoded Content-Length: 76 Host: api.x.com status=Hello%20Ladies%20%2b%20Gentlemen%2c%20a%20signed%20OAuth%20request%21 ``` An HTTP request has parameters that are URL encoded, but you should collect the raw values. In addition to the request parameters, every oauth\_\* parameter needs to be included in the signature, so collect those too. Here are the parameters from [authorizing a request](/resources/fundamentals/authentication/oauth-1-0a/authorizing-a-request): | | | | :----------------------- | :------------------------------------------------- | | status | Hello Ladies + Gentlemen, a signed OAuth request! | | include\_entities | true | | oauth\_consumer\_key | xvz1evFS4wEEPTGEFPHBog | | oauth\_nonce | kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg | | oauth\_signature\_method | HMAC-SHA1 | | oauth\_timestamp | 1318622958 | | oauth\_token | 370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb | | oauth\_version | 1.0 | These values need to be encoded into a single string, which will be used later on. The process to build the string is very specific: 1. [Percent encode](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters) every key and value that will be signed. 2. Sort the list of parameters alphabetically [\[1\]](/resources/fundamentals/authentication/oauth-1-0a/creating-a-signature) by encoded key [\[2\]](/resources/fundamentals/authentication/oauth-1-0a/creating-a-signature). 3. For each key/value pair: 4. Append the encoded key to the output string. 5. Append the ‘=’ character to the output string. 6. Append the encoded value to the output string. 7. If there are more key/value pairs remaining, append a ‘&’ character to the output string.   \[1] The OAuth spec says to sort lexicographically, which is the default alphabetical sort for many libraries. \[2] In the case of two parameters with the same encoded key, the OAuth spec says to continue sorting based on value. However, X does not accept duplicate keys in API requests   **Parameter string** The following *parameter string* will be produced by repeating these steps with the parameters collected above: | status | Hello Ladies + Gentlemen, a signed OAuth request! | | :----------------------- | :------------------------------------------------- | | `include_entities` | true | | `oauth_consumer_key` | xvz1evFS4wEEPTGEFPHBog | | `oauth_nonce` | kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg | | `oauth_signature_method` | HMAC-SHA1 | | `oauth_timestamp` | 1318622958 | | `oauth_token` | 370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb | | `oauth_version` | 1.0 | #### Creating the signature base string The three values collected so far must be joined to make a single string, from which the signature will be generated. This is called the **signature base string** by the OAuth specification. To encode the HTTP method, base URL, and parameter string into a single string: 1. Convert the HTTP Method to uppercase and set the output string equal to this value. 2. Append the ‘&’ character to the output string. 3. [Percent encode](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters) the URL and append it to the output string. 4. Append the ‘&’ character to the output string. 5. [Percent encode](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters) the parameter string and append it to the output string.   This will produce the following *signature base string*: ``` POST&https%3A%2F%2Fapi.x.com%2F1.1%2Fstatuses%2Fupdate.json&include\_entities%3Dtrue%26oauth\_consumer\_key%3Dxvz1evFS4wEEPTGEFPHBog%26oauth\_nonce%3DkYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg%26oauth\_signature\_method%3DHMAC-SHA1%26oauth\_timestamp%3D1318622958%26oauth\_token%3D370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb%26oauth_version%3D1.0%26status%3DHello%2520Ladies%2520%252B%2520Gentlemen%252C%2520a%2520signed%2520OAuth%2520request%2521 ``` Make sure to percent encode the parameter string. The signature base string should contain exactly 2 ampersand ‘&’ characters. The percent ‘%’ characters in the parameter string should be encoded as %25 in the signature base string.   #### Getting a signing key The last pieces of data to collect are secrets which identify the [X app](/resources/fundamentals/developer-apps) making the request, and the user the request is on behalf of. It is very important to note that these values are incredibly sensitive and should never be shared with anyone. The value which identifies your app to X is called the **consumer secret** and can be found in the [developer portal](/resources/fundamentals/developer-portal) by viewing the [app details page](/resources/fundamentals/developer-apps). This will be the same for every request your X app sends. | | | | :-------------- | :------------------------------------------ | | Consumer secret | kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw | The value which identifies the account your application is acting on behalf of is called the **OAuth token secret**. This value can be obtained in several ways, all of which are described in [obtaining access tokens](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens). | | | | :----------------- | :---------------------------------------- | | OAuth token secret | LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE | Once again, it is very important to keep these values private to your application. If you feel that your values have been compromised, regenerate your tokens (the tokens on this page have been marked as invalid for real requests). Both of these values need to be combined to form a **signing key** which will be used to generate the signature. The signing key is simply the [percent encoded](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters) token secret: Note that there are some flows, such as when obtaining a [request token](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens), where the token secret is not yet known. In this case, the signing key should consist of the [percent encoded](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters) **consumer secret** followed by an ampersand character ‘&’. | | | | :---------- | :------------------------------------------------------------------------------------- | | Signing key | kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw\&LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE | #### Calculating the signature Finally, the signature is calculated by passing the signature base string and signing key to the HMAC-SHA1 hashing algorithm. The details of the algorithm are explained as hash\_hmac function. The output of the HMAC signing function is a binary string. This needs to be base64 encoded to produce the signature string. For example, the output given the base string and signing key given on this page is 2E CF 77 84 98 99 6D 0D DA 90 5D C7 17 7C 75 07 3F 3F CD 4E. That value, when converted to base64, is the OAuth signature for this request: | | | | :-------------- | :--------------------------- | | OAuth signature | Ls93hJiZbQ3akF3HF3x1Bz8/zU4= | # OAuth Echo Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/oauth-echo export const Button = ({href, children}) => { return ; }; ### OAuth Echo OAuth Echo is a means to securely delegate OAuth authorization with a third party while interacting with an API. There are four parties involved in this interaction: * **the User** who is using X through a particular, authorized X application * **the Consumer**, or the X application that is attempting to interact with the 3rd party media provider (e.g. the photo-sharing site) * **the Delegator**, or the 3rd party media provider * **the Service Provider** a.k.a. X itself   Essentially, prepare a request for the delegator to send to the X API on behalf of an application and a user. Add what would otherwise be a signed OAuth request into an HTTP header and ask the delegator to send that request to X after completing the intermediary operation. Here’s an example: the User wants to upload a photo. The Consumer is going to call upload on the Delegator with a POST. The POST should contain the image, but it should also contain two additional items as HTTP headers: * `x-auth-service-provider` — effectively, this is the realm that identity delegation should be sent to — in the case of X, set this to [https://api.x.com/1.1/account/verify\_credentials.json](https://api.x.com/1.1/account/verify_credentials.json). iOS5-based X integrations will add an additional application\_id parameter to this URL that will also be used to calculate the oauth\_signature used in x-verify-credentials-authorization. * `x-verify-credentials-authorization` — Consumer should create all the OAuth parameters necessary so it could call [https://api.x.com/1.1/account/verify\_credentials.json](https://api.x.com/1.1/account/verify_credentials.json) using OAuth in the HTTP header (e.g. it should look like OAuth oauth\_consumer\_key=”...”, oauth\_token=”...”, oauth\_signature\_method=”...”, oauth\_signature=”...”, oauth\_timestamp=”...”, oauth\_nonce=”...”, oauth\_version=”...” ).   Keep in mind that the entire transaction period needs to occur within an amount of time where the `oauth_timestamp` will still be valid. Alternatively, instead of sending these two parameters in the header, they could be sent in the POST as x\_auth\_service\_provider and x\_verify\_credentials\_authorization — in this case, remember to escape and include the parameters in the OAuth signature base string — similar to encoding parameters in any request. It’s best to use HTTP headers to keep the operations as separate as possible. The Delegators goal, at this point, is to verify that the User is who they say they are before it saves the media. Once the Delegator receives all the data above via its upload method, it should temporarily store the image, and then construct a call to the endpoint specified in the x-auth-service-provider header — in this case, [https://api.x.com/1.1/account/verify\_credentials.json](https://api.x.com/1.1/account/verify_credentials.json), using the same OAuth authentication header provided by the Consumer in the x-verify-credentials-authorization header.   #### OAuth Echo best practices Use the URL provided by `x-auth-service-provider` to perform the lookup, *not* a hard-coded value. Apple iOS, for example, adds an additional application\_id parameter to all OAuth requests, and its existence should be maintained at each stage of OAuth Echo. For the OAuth authorization portion, take the header value in x-verify-credentials-authorization, and place that into its own Authorization header for its call to the service provider. For good measure, confirm that the value in `x-auth-service-provider` is what it should be. * If the Service Provider returns an HTTP 200, then good. The Delegator should permanently store the image, generate a URL, and return it. * If the Service Provider doesn’t return an HTTP 200, then dump the image, and then return an error back to the Consumer. # Obtaining Access Tokens using 3-legged OAuth flow Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens export const Button = ({href, children}) => { return ; }; ### Obtaining Access Tokens using 3-legged OAuth flow To perform actions on behalf of another user, you'll need to obtain their access tokens. Access tokens specify the X account the request is made on behalf of, so for you to obtain these they will need to first grant you access. These tokens do not expire but can be revoked by the user at any time. X allows you to obtain user access tokens through the 3-legged OAuth flow, which allows your application to obtain an **access token** and access token secret by redirecting a user to X and having them authorize your application. This flow is almost identical to the flow described in [implementing Log in with X](/resources/fundamentals/authentication/guides/log-in-with-x), with two exceptions: * The [GET oauth/authorize](/resources/fundamentals/authentication/api-reference#get-oauth-authorize) endpoint is used instead of [GET oauth/authenticate](/resources/fundamentals/authentication/api-reference#get-oauth-authenticate). * The user will **always** be prompted to authorize access to your application, even if access was previously granted.   Before you get started, you will need to check your [application's](/resources/fundamentals/developer-apps) permissions and know the consumer keys and callback URL. If you don't have a callback URL or publicly accessible UI, consider using [PIN-based authorization](/resources/fundamentals/authentication/oauth-1-0a/pin-based-oauth), which is intended for applications that cannot access or embed a web browser in order to redirect the user after authorization.  The possible states for the 3-legged sign in interaction are illustrated in the following flowchart: ![](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/docs/obtaining-access-tokens.png.twimg.1920.png) #### Overview of the process At a high level, the 3-Legged OAuth process will: 1. Create a request for a consumer application to obtain a request token. 2. Have the user authenticate, and send the consumer application a request token. 3. Convert the request token into a usable user access token. **Terminology clarification** In the guide below, you may see different terms referring to the same thing. **Client credentials:** * App Key === API Key === Consumer API Key === Consumer Key === Customer Key === `oauth_consumer_key` * App Key Secret === API Secret Key === Consumer Secret === Consumer Key === Customer Key === `oauth_consumer_secret` * Callback URL === `oauth_callback`   **Temporary credentials:** * Request Token === `oauth_token` * Request Token Secret === `oauth_token_secret` * oauth\_verifier   **Token credentials:** * Access token === Token === resulting `oauth_token` * Access token secret === Token Secret === resulting `oauth_token_secret` #### Walkthrough steps **Step 1: [POST oauth/request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token)** Create a request for a consumer application to obtain a request token. The only unique parameter in this request is oauth\_callback, which must be a [URL encoded](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters) version of the URL you wish your user to be redirected to when they complete step 2. The remaining parameters are added by the OAuth signing process. Please note - any callback URL that you use with the [POST oauth/request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token) endpoint will have to be configured within your [developer App's](/resources/fundamentals/developer-apps) settings in the app details page of developer portal.   **Request includes:** `oauth_callback="https%3A%2F%2FyourCallbackUrl.com"` `oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w" ` Your app should examine the HTTP status of the response. Any value other than 200 indicates a failure. The body of the response will contain the `oauth_token`, `oauth_token_secret`, and `oauth_callback_confirmed` parameters. Your app should verify that `oauth_callback_confirmed` is true and store the other two values for the next steps.   **Response includes** `oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0` `oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI` `oauth_callback_confirmed=true` **Step 2: [GET oauth/authorize](/resources/fundamentals/authentication/api-reference#get-oauth-authorize)** Have the user authenticate, and send the consumer application a request token.   **Example URL to redirect user to:** `https://api.x.com/oauth/authorize?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0` Upon successful authentication, your `callback_url` would receive a request containing the `oauth_token` and `oauth_verifier` parameters. Your application should verify that the token matches the request token received in step 1.   **Request from client’s redirect:** `https://yourCallbackUrl.com?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY` **Step 3: [POST oauth/access\_token](/resources/fundamentals/authentication/api-reference#post-oauth-access-token)** Convert the request token into a usable access token. To render the request token into a usable access token, your application must make a request to the [POST oauth/access\_token](/resources/fundamentals/authentication/api-reference#post-oauth-access-token) endpoint, containing the `oauth_verifier` value obtained in step 2. The request token is also passed in the `oauth_token` portion of the header, but this will have been added by the signing process.   **Request includes:** `POST /oauth/access_token` `oauth_consumer_key=cChZNFj6T5R0TigYB9yd1w` `oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0` `oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY` A successful response contains the `oauth_token`, `oauth_token_secret` parameters. The token and token secret should be stored and used for future authenticated requests to the X API. To determine the identity of the user, use [GET account/verify\_credentials](/resources/fundamentals/authentication/api-reference).   **Response includes:** `oauth_token=7588892-kagSNqWge8gB1WwE3plnFsJHAZVfxWD7Vb57p0b4` `oauth_token_secret=PbKfYqSryyeKDWz4ebtY3o5ogNLG11WJuZBc9fQrQo` **Using these credentials for OAuth 1.0a (application-user) required requests** Now you've obtained the user access tokens; you can use them to access certain APIs such as [POST statuses/update](/x-api/posts/manage-tweets/introduction) to create Tweets on the users' behalf.   **Request includes:** `POST statuses/update.json` `oauth_consumer_key=cChZNFj6T5R0TigYB9yd1w` `oauth_token=7588892-kagSNqWge8gB1WwE3plnFsJHAZVfxWD7Vb57p0b4` #### Sample use case The standard flow is web-based and uses the 3-legged authorization OAuth flow. The screenshots outlined here are part of a sample that you can view the source of at [https://github.com/xdevplatform/twauth-web](https://github.com/xdevplatform/twauth-web). At some point in your application, you will want to redirect to X in order to authorize your application. When you redirect to X with the request token, the user will be prompted to authorize your application. Upon authorizing your application, the user will be redirected to the callback URL provided when you generated the request token. You will use this to obtain the permanent access token for this user and store it locally. # Percent encoding parameters Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters export const Button = ({href, children}) => { return ; }; ### Percent encoding parameters Parts of the X API, particularly those dealing with OAuth signatures, require strings to be encoded according to [RFC 3986, Section 2.1](http://tools.ietf.org/html/rfc3986#section-2.1). Since many implementations of URL encoding algorithms are not fully compatible with RFC 3986, bad encodings are a cause of many OAuth signature errors. For this reason, the exact signing algorithm to use is covered on this page. This page covers the URL encoding process described in [RFC 3986, Section 2.1](http://tools.ietf.org/html/rfc3986#section-2.1). We encourage you to reference that specification in case of any ambiguity or conflict with this document.   #### Encoding a string The following algorithm assumes you are encoding a string SRC by copying its values byte-by-byte to a string DST. **Step 1: While SRC contains unread bytes, read the next byte (8 bits) from SRC.** Typically, this is considered a character, but in the case of encodings where a character may be more than one byte (such as UTF-8), just read the first byte. **Step 2: Check whether the read byte matches any of the following ASCII equivalents.** The following table has been broken down into rows for legibility, but you only need to determine whether the read byte exists in the table at all, not the specific row. | Name | ASCII characters | Equivalent byte values | | :------------------ | :------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- | | Digits | ‘0’, ‘1’, ‘2’, ‘3’, ‘4’, ‘5’, ‘6’, ‘7’, ‘8’, ‘9’ | 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39 | | Uppercase letters | ‘A’, ‘B’, ‘C’, ‘D’, ‘E’, ‘F’, ‘G’, ‘H’, ‘I’, ‘J’, ‘K’, ‘L’, ‘M’, ‘N’, ‘O’, ‘P’, ‘Q’, ‘R’, ‘S’, ‘T’, ‘U’, ‘V’, ‘W’, ‘X’, ‘Y’, ‘Z’ | 0x41, 0x42, 0x43, 0x44, 0x45,0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B,0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51,0x52, 0x53, 0x54, 0x55, 0x56, 0x57,0x58, 0x59, 0x5A | | Lowercase letters | ‘a’, ‘b’, ‘c’, ‘d’, ‘e’, ‘f’, ‘g’, ‘h’, ‘i’, ‘j’, ‘k’, ‘l’, ‘m’, ‘n’, ‘o’, ‘p’, ‘q’, ‘r’, ‘s’, ‘t’, ‘u’, ‘v’, ‘w’, ‘x’, ‘y’, ‘z’ | 0x61, 0x62, 0x63, 0x64, 0x65,0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B,0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71,0x72, 0x73, 0x74, 0x75, 0x76, 0x77,0x78, 0x79, 0x7A | | Reserved characters | ‘-‘, ‘.’, ‘\_’, ‘\~’ | 0x2D, 0x2E, 0x5F, 0x7E | **Step 2b: If the byte is not listed in the above table, continue.** Any other value must be encoded. **Step 2a: If the byte is listed in the above table, copy it into DST and go back to Step 1.** Characters listed in the above table do not need to be escaped, so you will just copy the byte directly. **Step 3: Write the character ‘%’ to DST.** The percent character ‘%’ (or 0x25 in hex and 00100101 in binary) indicates that the next two bytes will represent an encoded byte. **Step 4: Write two characters representing the uppercase ASCII-encoded hex value of the current byte to DST.** This is a bit confusing, so here is an example. Pretend the current byte is 0xE6 (11100110 in binary). This corresponds with the UTF-8 encoded value of ‘æ’. To encode this value, write the character ‘E’ (0x45, from the table above) and then the character ‘6’ (0x36) to DST. The last three characters are written should have been “%E6”. Note that if you write a letter such as A,B,C,D,E or F, you must use the uppercase character. **Step 5: Return to Step 1.** Keep going until the entirety of SRC is copied to DST.   #### Examples The following examples may be helpful to compare with the output of your own code. You should consider any differences an error. Spaces encoded as “+” characters are an example of incorrect encoding. | Original string | Encoded string | | :----------------- | :-------------------------- | | Ladies + Gentlemen | Ladies%20%2B%20Gentlemen | | An encoded string! | An%20encoded%20string%21 | | Dogs, Cats & Mice | Dogs%2C%20Cats%20%26%20Mice | | ☃ | %E2%98%83 | # PIN-based authorization Source: https://docs.x.com/resources/fundamentals/authentication/oauth-1-0a/pin-based-oauth export const Button = ({href, children}) => { return ; }; ### PIN-based authorization The PIN-based OAuth flow is a version of the [3-legged OAuth](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) process and is intended for applications that cannot access or embed a web browser to redirect the user after authorization. Examples of such applications would be command-line applications, embedded systems, game consoles, and certain types of mobile apps. PIN-based OAuth flow is initiated by an app in the `request_token` with the `oauth_callback` set to `oob`. The term `oob` means out-of-band OAuth.  The user still visits X to login or authorize the app, but they will not be automatically redirected to the application upon approving access. Instead, they will see a numerical PIN code, with instructions to return to the application and enter this value. **Note:** The `callback_url` within the X app settings is still required, even when using PIN-based auth.   #### Implementing the PIN-based OAuth flow The PIN-based flow is implemented in the same way as [3-legged authorization](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) (and [Sign in with X](/resources/fundamentals/authentication#log-in-with-x)), with the following differences: 1. The value for `oauth_callback` must be set to `oob` during the [POST oauth/request\_token](/resources/fundamentals/authentication/api-reference#post-oauth-request-token) call. 2. After the user is sent to X to authorize your app using either a [GET oauth/authenticate](/resources/fundamentals/authentication/api-reference#get-oauth-authenticate) or [GET oauth/authorize URL](/resources/fundamentals/authentication/api-reference#get-oauth-authorize), they will not be redirected to your `callback_url`, instead they will see a screen with a X generated \~7 digit PIN with directions to enter the PIN into your applications name. 3. The user enters this PIN into your application, and your application uses the PIN number as the `oauth_verifier` in the [POST oauth/access\_token](/resources/fundamentals/authentication/api-reference#post-oauth-access-token) to obtain an access\_token. **Note:** PIN numbers are not reusable, and the `access_token` obtained should be used for application-user requests. # App only authentication and OAuth 2.0 Bearer Token Source: https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/application-only ### App only authentication and OAuth 2.0 Bearer Token X offers applications the ability to issue authenticated requests on behalf of the application itself, as opposed to on behalf of a specific user. X's implementation is based on the [Client Credentials Grant](http://tools.ietf.org/html/rfc6749#section-4.4) flow of the [OAuth 2 specification](http://tools.ietf.org/html/rfc6749). Application-only authentication doesn't include any user-context and is a form of authentication where an application makes API requests on its own behalf. This method is for developers that just need read-only access to public information.  You can do application-only authentication using your apps consumer API keys, or by using a App only Access Token (Bearer Token). This means that the only requests you can make to a X API must not require an authenticated user. With application-only authentication, you can perform actions such as: * Pull user timelines * Access friends and followers of any account * Access lists resources * Search Tweets Please note that only [OAuth 1.0a](/resources/fundamentals/authentication/oauth-1-0a/api-key-and-secret) or [OAuth 2.0 Authorization Code Flow](/resources/fundamentals/authentication/oauth-2-0/authorization-code) with PKCE is required to issues requests on behalf of users. The [API reference](/resources/fundamentals/authentication/api-reference) page describes the authentication method required to use an API. You will need user-authentication, user-context, with an [access token](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) to perform the following: * Post Tweets or other resources * Search for users * Use any geo endpoint * Access Direct Messages or account credentials * Retrieve user's email addresses #### Auth Flow To use this method, you need to use a [App only Access Token](/resources/fundamentals/authentication/oauth-2-0/application-only)(also known as [Bearer Token](/resources/fundamentals/authentication/oauth-2-0/bearer-tokens)). You can generate an App only Access Token (Bearer Token) by passing your consumer key and secret through the [POST oauth2/token](/resources/fundamentals/authentication/api-reference#post-oauth2-token) endpoint.  The application-only auth flow follows these steps: * An application encodes its consumer key and secret into a specially encoded set of credentials. * An application makes a request to the [POST oauth2/token](/resources/fundamentals/authentication/api-reference#post-oauth2-token) endpoint to exchange these credentials for an [App only Access Token](/resources/fundamentals/authentication/oauth-2-0/application-only). * When accessing the REST API, the application uses the App only Access Token to authenticate. Because there is no need to sign a request, this approach is much simpler than the standard OAuth 1.0a model. #### About application-only auth **Tokens are passwords** Keep in mind that the consumer key & secret and the App only Access Token (Bearer Token) itself grant access to make requests on behalf of an application. These values should be considered as sensitive as passwords, and must not be shared or distributed to untrusted parties. **SSL required** All requests (both to obtain and use the tokens) *must* use HTTPS endpoints. Follow the best practices detailed in [Connecting to X API using TLS](/resources/fundamentals/authentication/guides/tls) — peers should **always** be verified. **No user-context** When issuing requests using application-only auth, there is no concept of a "current user". Therefore, endpoints such as [POST statuses/update](/x-api/posts/creation-of-a-post) will not function with application-only auth. See [using OAuth](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens) for more information for issuing requests on behalf of a user. **Rate limiting** Applications have two kinds of rate limiting pools. Requests made on behalf of users with access tokens, also known as user-context, depletes from a different rate limiting context than that used in application-only authentication. So, in other words, requests made on behalf of users will not deplete from the rate limits available through app-only auth, and requests made through app-only auth will not deplete from the rate limits used in user-based auth. Read more about [API Rate Limiting](/x-api/fundamentals/rate-limits) and [review the limits](https://developer.x.com/en/portal/products). #### Issuing application-only requests **Step 1: Encode consumer key and secret** The steps to encode an application’s consumer key and secret into a set of credentials to obtain a Bearer Token are: 1. URL encode the consumer key and consumer secret according to [RFC 1738](http://www.ietf.org/rfc/rfc1738.txt). Note that at the time of writing, this will not actually change the consumer key and secret, but this step should still be performed in case the format of those values changes in the future. 2. Concatenate the encoded consumer key, a colon character ":", and the encoded consumer secret into a single string. 3. [Base64 encode](http://en.wikipedia.org/wiki/Base64) the string from the previous step. Below are example values showing the result of this algorithm. Note that the consumer secret used in this page is for test purposes and will not work for real requests. | | | | :------------------------------------------------------------ | :------------------------------------------------------------------------------------------ | | Consumer key | xvz1evFS4wEEPTGEFPHBog | | Consumer secret | L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg | | RFC 1738 encoded consumer

key (does not change) | xvz1evFS4wEEPTGEFPHBog | | RFC 1738 encoded consumer

secret (does not change) | L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg | | Bearer Token credentials | xvz1evFS4wEEPTGEFPHBog:L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg | | Base64 encoded Bearer Token credentials | :: eHZ6MWV2RlM0d0VFUFRHRUZQSEJvZzpMOHFxOVBaeVJnNmllS0dFS2hab2xHQzB2SldMdzhpRUo4OERSZHlPZw== | **Step 2: Obtain an App only Access Token (Bearer Token)** The value calculated in step 1 must be exchanged for an App only Access Token by issuing a request to [POST oauth2/token](/resources/fundamentals/authentication/api-reference#post-oauth2-token): * The request must be an HTTP POST request. * The request must include an `Authorization` header with the value of `Basic .` * The request must include a `Content-Type` header with the value of `application/x-www-form-urlencoded;charset=UTF-8.` * The body of the request must be `grant_type=client_credentials`. **Example request (Authorization header has been wrapped):** ```json POST /oauth2/token HTTP/1.1 Host: api.x.com User-Agent: My X App v1.0.23 Authorization: Basic eHZ6MWV2RlM0d0VFUFRHRUZQSEJvZzpMOHFxOVBaeVJn NmllS0dFS2hab2xHQzB2SldMdzhpRUo4OERSZHlPZw== Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Content-Length: 29 Accept-Encoding: gzip grant\_type=client\_credentials ``` If the request was formatted correctly, the server would respond with a JSON-encoded payload: **Example response:** ```json HTTP/1.1 200 OK Status: 200 OK Content-Type: application/json; charset=utf-8 ... Content-Encoding: gzip Content-Length: 140 {"token\_type":"bearer","access\_token":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAAAAAAAAAAAAAAAAAAA%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} ``` Applications should verify that the value associated with the `token_type` key of the returned object is `bearer`. The value associated with the `access_token` key is the App only Access Token (Bearer Token). Note that one App only Access Token is valid for an application at a time. Issuing another request with the same credentials to `/oauth2/token` will return the same token until it is invalidated. **Step 3: Authenticate API requests with the App only Access Token (Bearer Token)** The App only Access Token (Bearer Token) may be used to issue requests to API endpoints that support application-only auth. To use the App Access Token, construct a normal HTTPS request and include an `Authorization` header with the value of `Bearer . Signing is not required.` **Example request (Authorization header has been wrapped):** ``` GET /1.1/statuses/user\_timeline.json?count=100&screen\_name=twitterapi HTTP/1.1 Host: api.x.com User-Agent: My X App v1.0.23 Authorization: Bearer AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAAAAAAAAAAA AAAAAAAA%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Accept-Encoding: gzip ``` **Invalidating an App only Access Token (Bearer Token)** Should a App only Access Token become compromised or need to be invalidated for any reason, issue a call to [POST oauth2/invalidate\_token](/resources/fundamentals/authentication/api-reference#post-oauth2-invalidate-token). **Example request (Authorization header has been wrapped):** ```bash POST /oauth2/invalidate_token HTTP/1.1 Authorization: Basic eHZ6MWV2RlM0d0VFUFRHRUZQSEJvZzpMOHFxOVBaeVJn NmllS0dFS2hab2xHQzB2SldMdzhpRUo4OERSZHlPZw== User-Agent: My X App v1.0.23 Host: api.x.com Accept: */* Content-Length: 119 Content-Type: application/x-www-form-urlencoded access_token=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAAAAAAAAAAAAAAAAAAA%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ``` **Example response:** ```json HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Content-Length: 127 ... {"access_token":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAAAAAAAAAAAAAAAAAAA%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} ``` #### Common error cases This section describes some common mistakes involved in the negotiation and use of Bearer Tokens. Be aware that not all possible error responses are covered here - be observant of unhandled error codes and responses. **Invalid requests to obtain or revoke an App only Access Token** Attempts to: * Obtain a App only Access Token (Bearer Token) with an invalid request (for example, leaving out `grant_type=client_credentials`). * Obtain or revoke an App only Access Token (Bearer Token) with incorrect or expired app credentials. * Invalidate an incorrect or revoked App only Access Token (Bearer Token). * Obtain an App only Access Token (Bearer Token) too frequently in a short period of time. Will result in: ```json HTTP/1.1 403 Forbidden Content-Length: 105 Content-Type: application/json; charset=utf-8 ... {"errors":\[{"code":99,"label":"authenticity\_token\_error","message":"Unable to verify your credentials"}\]} ``` #### API request contains invalid App only Access Token (Bearer Token) Using an incorrect or revoked Access Token to make API requests will result in: ```json HTTP/1.1 401 Unauthorized Content-Type: application/json; charset=utf-8 Content-Length: 61 ... {"errors":\[{"message":"Invalid or expired token","code":89}\]} ``` #### App only Access Token (Bearer Token) used on endpoint which doesn't support application-only auth Requesting an endpoint which requires a user context (such as `statuses/home_timeline`) with a n App only Access Token (Bearer Token) will produce: ```json HTTP/1.1 403 Forbidden Content-Type: application/json; charset=utf-8 Content-Length: 91 ... {"errors":\[{"message":"Your credentials do not allow access to this resource","code":220}\]} ``` # OAuth 2.0 Authorization Code Flow with PKCE Source: https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/authorization-code ### OAuth 2.0 Authorization Code Flow with PKCE #### Introduction OAuth 2.0 is an industry-standard authorization protocol that allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user.  To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal. #### How long will my credentials stay valid?   By default, the access token you create through the Authorization Code Flow with PKCE will only stay valid for two hours unless you’ve used the `offline.access` scope. #### Refresh tokens Refresh tokens allow an application to obtain a new access token without prompting the user via the refresh token flow. If the scope `offline.access` is applied an OAuth 2.0 refresh token will be issued. With this refresh token, you obtain an access token. If this scope is not passed, we will not generate a refresh token. An example of the request you would make to use a refresh token to obtain a new access token is as follows: ```bash POST 'https://api.x.com/2/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'refresh_token=bWRWa3gzdnk3WHRGU1o0bmRRcTJ5VUxWX1lZTDdJSUtmaWcxbTVxdEFXcW5tOjE2MjIxNDc3NDM5MTQ6MToxOnJ0OjE' \ --data-urlencode 'grant_type=refresh_token' \ --data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ ``` #### App settings You can select your App’s authentication settings to be OAuth 1.0a or OAuth 2.0. You can also enable an App to access both OAuth 1.0a and OAuth 2.0. OAuth 2.0 can be used with the X API v2 only. If you have selected OAuth 2.0 you will be able to see a Client ID in your App’s Keys and Tokens section.  #### Confidential Clients [Confidential clients](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) can hold credentials in a secure way without exposing them to unauthorized parties and securely authenticate with the authorization server they keep your client secret safe. Public clients as they’re usually running in a browser or on a mobile device and are unable to use your client secrets. If you select a type of App that is a confidential client, you will be provided with a client secret.  If you selected a type of client that is a confidential client in the developer portal, you will also be able to see a Client Secret. Your options are Native App, Single page App, Web App, Automated App, or bot. Native App and Single page Apps are public clients and Web App and Automated App or bots are confidential clients. You don’t need client id for confidential clients with a valid Authorization Header. You still are required to include Client Id in the body for the requests with a public client.  #### Scopes Scopes allow you to set granular access for your App so that your App only has the permissions that it needs. To learn more about what scopes map to what endpoints, view our [authentication mapping guide](/resources/fundamentals/authentication/guides/v2-authentication-mapping). | | | | :------------------- | :----------------------------------------------------------------------------------------------------------- | | **Scope** | **Description** | | tweet.read | All the Tweets you can view, including Tweets from protected accounts. | | tweet.write | Tweet and Retweet for you. | | tweet.moderate.write | Hide and unhide replies to your Tweets. | | users.email | Email from an authenticated user. | | users.read | Any account you can view, including protected accounts. | | follows.read | People who follow you and people who you follow. | | follows.write | Follow and unfollow people for you. | | offline.access | Stay connected to your account until you revoke access. | | space.read | All the Spaces you can view. | | mute.read | Accounts you’ve muted. | | mute.write | Mute and unmute accounts for you. | | like.read | Tweets you’ve liked and likes you can view. | | like.write | Like and un-like Tweets for you. | | list.read | Lists, list members, and list followers of lists you’ve created or are a member of, including private lists. | | list.write | Create and manage Lists for you. | | block.read | Accounts you’ve blocked. | | block.write | Block and unblock accounts for you. | | bookmark.read | Get Bookmarked Tweets from an authenticated user. | | bookmark.write | Bookmark and remove Bookmarks from Tweets. | | media.write | Upload media. | #### Rate limits For the most part, the rate limits are the same as they are authenticating with OAuth 1.0a, with the exception of Tweets lookup and Users lookup. We are increasing the per-App limit from 300 to 900 requests per 15 minutes while using OAuth 2.0 for Tweet lookup and user lookup. To learn more be sure to check out our [documentation on rate limits](/resources/fundamentals/rate-limits). #### Grant types We only provide [authorization code](https://oauth.net/2/grant-types/authorization-code/) with [PKCE](https://oauth.net/2/pkce/) and [refresh token](https://oauth.net/2/grant-types/refresh-token/) as the supported [grant types](https://oauth.net/2/grant-types/) for this initial launch. We may provide more grant types in the future. #### OAuth 2.0 Flow OAuth 2.0 uses a similar flow to what we are currently using for OAuth 1.0a. You can check out a diagram and detailed explanation in our [documentation on this subject](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens).  #### Glossary | | | | :---------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Term** | **Description** | | Grant types | The OAuth framework specifies several grant types for different use cases and a framework for creating new grant types. Examples include authorization code, client credentials, device code, and refresh token. | | Confidential client | Clients are applications that can securely authenticate with the authorization server, for example, keeping their registered client secret safe. | | Public client | Clients cannot use registered client secrets, such as applications running in a browser or mobile device. | | Authorization code flow | Used by both confidential and public clients to exchange an authorization code for an access token. | | PKCE | An extension to the authorization code flow to prevent several attacks and to be able to perform the OAuth exchange from public clients securely. | | Client ID | Can be found in the keys and tokens section of the developer portal under the header "Client ID." If you don't see this, please get in touch with our team directly. The Client ID will be needed to generate the authorize URL. | | Redirect URI | Your callback URL. You will need to have [exact match validation](https://datatracker.ietf.org/doc/html/rfc6749#section-10.6). | | Authorization code | This allows an application to hit APIs on behalf of users. Known as the auth\_code. The auth\_code has a time limit of 30 seconds once the App owner receives an approved auth\_code from the user. You will have to exchange it with an access token within 30 seconds, or the auth\_code will expire. | | Access token | Access tokens are the token that applications use to make API requests on behalf of a user. | | Refresh token | Allows an application to obtain a new access token without prompting the user via the refresh token flow. | | Client Secret | If you have selected an App type that is a confidential client you will be provided with a “Client Secret” under “Client ID” in your App’s keys and tokens section. | #### Parameters To construct an OAuth 2.0 authorize URL, you will need to ensure you have the following parameters in the authorization URL.  | | | | :---------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Parameter** | **Description** | | response\_type | You will need to specify that this is a code with the word “code”. | | client\_id | Can be found in the developer portal under the header "Client ID". | | redirect\_uri | Your callback URL. This value must correspond to one of the Callback URLs defined in your App’s settings. For OAuth 2.0, you will need to have [exact match validation](https://datatracker.ietf.org/doc/html/rfc6749#section-10.6) for your callback URL. | | state | A random string you provide to verify against [CSRF attacks](https://auth0.com/docs/protocols/state-parameters).  The length of this string can be up to 500 characters. | | code\_challenge | A [PKCE](https://www.oauth.com/oauth2-servers/pkce/authorization-request/) parameter, a random secret for each request you make. | | code\_challenge\_method | Specifies the method you are using to make a request (S256 OR plain). | #### Authorize URL  With OAuth 2.0, you create an authorize URL, which you can use to allow a user to authenticate via an authentication flow, similar to “Sign In” with X.  An example of the URL you are creating is as follows:  ``` https://x.com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20account.follows.read%20account.follows.write&state=state&code_challenge=challenge&code_challenge_method=plain ``` You will need to have the proper encoding for this URL to work, be sure to check out our documentation on the [percent encoding](/resources/fundamentals/authentication/oauth-1-0a/percent-encoding-parameters). # Using and generating an app-only Bearer Token Source: https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/bearer-tokens ### Using and generating an app-only Bearer Token A bearer token allows developers to have a more secure point of entry for using the X APIs, and are one of the core features of OAuth 2.0.  Authentication, which uses a Bearer Token, is also known as application-only authentication. A Bearer Token is a byte array of unspecified format that you generate using a script like a curl command. You can also obtain a Bearer Token from the developer portal inside the keys and tokens section of your App's settings. More information about this feature can be found on [OAuth's official documentation](https://oauth.net/2/bearer-tokens/). #### When are they used? The products that require the use of a Bearer Token are as follows: * [Engagement API](/x-api/enterprise-gnip-2.0/fundamentals/engagement-api) * [Account Activity API](/x-api/enterprise-gnip-2.0/fundamentals/account-activity) * Other APIs that utilize OAuth 2.0 Bearer Token authentication such as v2 and Labs endpoints. #### Prerequisites You will need to [sign up for a developer account](https://developer.x.com/en/portal/petition/essential/basic-info) and to have created a [X App](/resources/fundamentals/developer-apps). Once you have those, you'll also need to obtain the API keys found in the [developer portal](/resources/fundamentals/developer-portal). Follow the steps below: 1. Login to your X account on developer.x.com. 2. Navigate to the [X App dashboard](https://developer.x.com/content/developer-twitter/en/apps) and open the X App for which you would like to generate access tokens. 3. Navigate to the "keys and tokens" page. 4. You'll find the API keys, user Access Tokens, and Bearer Token on this page. ### How to generate a Bearer Token You can find the Bearer Token for your App with the rest of your "Keys and Tokens". Copy the following cURL request into your command line after making changes to the following consumer API keys previously obtained from your [X App](/resources/fundamentals/developer-apps). Note that the consumer API keys used on this page have been decommissioned and will not work for real requests. * **API key** `` e.g.`xvz1evFS4wEEPTGEFPHBog` * **API secret key** `` e.g. `L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg` ```bash curl -u "$API_KEY:$API_SECRET_KEY" \ --data 'grant_type=client_credentials' \ 'https://api.x.com/oauth2/token' ``` Here's an example of how the curl request should look with your API keys entered: ```bash curl -u 'xvz1evFS4wEEPTGEFPHBog:L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg' \ --data 'grant_type=client_credentials' \ 'https://api.x.com/oauth2/token' ``` Here is what the response would look like. Note that this is a decommissioned Bearer Token: `{"token_type":"bearer","access_token":"AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F"}` Our Bearer Token used to authenticate to resources with OAuth 2.0 would be: `AAAAAAAAAAAAAAAAAAAAAMLheAAAAAAA0%2BuSeid%2BULvsea4JtiGRiSDSJSI%3DEUifiRBkKG5E2XzMDjRfl76ZC9Ub0wnz4XsNiRVBChTYbJcE3F` # OAuth 2.0 Source: https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/overview ### Bearer Token (also known as app-only) OAuth 2.0 Bearer Token authenticates requests on behalf of your [developer App](/resources/fundamentals/developer-apps). As this method is specific to the App, it does not involve any users. This method is typically for developers that need read-only access to public information.  This authentication method requires for you to pass a Bearer Token with your request, which you can generate within the Keys and tokens section of your developer Apps. Here is an example of what a request looks like with a fake Bearer Token: ```json curl "https://api.x.com/2/tweets?ids=1261326399320715264,1278347468690915330" \ -H "Authorization: Bearer AAAAAAAAAAAAAAAAAAAAAFnz2wAAAAAAxTmQbp%2BIHDtAhTBbyNJon%2BA72K4%3DeIaigY0QBrv6Rp8KZQQLOTpo9ubw5Jt?WRE8avbi" ``` API calls using app-only authentication are [rate limited](/resources/fundamentals/rate-limits) per endpoint at the App level. To use this method, you'll need a Bearer Token, which you can generate by passing your API Key and Secret through the [POST oauth2/token](/resources/fundamentals/authentication/api-reference#post-oauth2-token) endpoint, or by generating it in the "keys and token" section of your App settings in the [developer portal](/resources/fundamentals/developer-portal). If you'd like to revoke a Bearer Token, you can use the [POST oauth2/invalidate\_token](/resources/fundamentals/authentication/api-reference#post-oauth2-invalidate-token) endpoint, or click where it says "revoke" next to the Bearer Token in the "keys and tokens" section of your App settings. ### OAuth 2.0 Authorization Code Flow with PKCE OAuth 2.0 Authorization Code Flow with PKCE allows you to authenticate on behalf of another user with have more control over an application’s scopes and improves authorization flows across multiple devices. In other words, developers building applications for people on X will have more control over the information their App requests from its users, so that you only have to ask your end-users for the data and information you need. This modern authorization protocol will allow you to present your end-users with a more streamlined consent flow for authorizing your app, which only displays the specific scopes you have requested from them. Not only does this reduce your data burden, but it may also lead to increased trust from end-users. # How to connect to endpoints using OAuth 2.0 Authorization Code Flow with PKCE Source: https://docs.x.com/resources/fundamentals/authentication/oauth-2-0/user-access-token ### How to connect to endpoints using OAuth 2.0 Authorization Code Flow with PKCE #### How to connect to the endpoints To authenticate your users, your App will need to implement an authorization flow. This authorization flow lets you direct your users to an authorization dialog on X. From there, the primary X experience will show the authorization dialog and handle the authorization on behalf of your App. Your users will be able to authorize your App or decline permission. After the user makes their choice, X will redirect the user to your App, where you can exchange the authorization code for an access token (if the user authorized your App), or handle a rejection (if the user did not authorize your App). #### Working with confidential clients If you are working with confidential clients, you will need to use a [basic authentication](https://datatracker.ietf.org/doc/html/rfc2617#section-2) scheme for generating an authorization header with base64 encoding while making requests to the token endpoints. The `userid` and `password` are separated by a single colon (":") character within a base64 encoded string in the credentials. An example would look like this: `-header 'Authorization: Basic V1ROclFTMTRiVWhwTWw4M2FVNWFkVGQyTldNNk1UcGphUTotUm9LeDN4NThKQThTbTlKSXQyZm1BanEzcTVHWC1icVozdmpKeFNlR3NkbUd0WEViUA=='` If the user agent wishes to send the Client ID "Aladdin" and password "open sesame,” it would use the following header field: `Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==` To create the basic authorization header you will need to base64 encoding on your Client ID and Client Secret which can be obtained from your App’s “Keys and Tokens” page inside of the [developer portal.](https://developer.x.com/en/portal/dashboard) #### Steps to connect using OAuth 2.0 **Step 1: Construct an Authorize URL** Your App will need to build an authorize URL to X, indicating the scopes your App needs to authorize. For example, if your App needs to lookup Tweets, users and to manage follows, it should request the following scopes: `tweet.read%20users.read%20follows.read%20follows.write` The URL will also contain the `code_challenge` and state parameters, in addition to the other required parameters. In production you should use a random string for the `code_challenge`. **Step 2: GET oauth2/authorize** Have the user authenticate and send the application an authorization code. If you have enabled OAuth 2.0 for your App you can find your Client ID inside your App’s “Keys and Tokens” page. An example URL to redirect the user to would look like this: ``` https://x.com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20follows.write&state=state&code_challenge=challenge&code_challenge_method=plain ``` An example URL with offline\_access would look like this: ``` https://x.com/i/oauth2/authorize?response_type=code&client_id=M1M5R3BMVy13QmpScXkzTUt5OE46MTpjaQ&redirect_uri=https://www.example.com&scope=tweet.read%20users.read%20follows.read%20offline.access&state=state&code_challenge=challenge&code_challenge_method=plain ``` Upon successful authentication, the redirect\_uri  you would receive a request containing the auth\_code parameter. Your application should verify the state parameter. An example request from client’s redirect would be: ``` https://www.example.com/?state=state&code=VGNibzFWSWREZm01bjN1N3dicWlNUG1oa2xRRVNNdmVHelJGY2hPWGxNd2dxOjE2MjIxNjA4MjU4MjU6MToxOmFjOjE ``` **Step 3: POST oauth2/token - Access Token** At this point, you can use the authorization code to create an access token and refresh token (only if `offline.access` scope is requested). You can make a POST request to the following endpoint: ``` https://api.x.com/2/oauth2/token ``` You will need to pass in the `Content-Type` of `application/x-www-form-urlencoded` via a header.  Additionally, you should have in your request: `code`, `grant_type`, `client_id` and `redirect_uri`, and the `code_verifier`. Here is an example token request for a public client: ```json curl --location --request POST 'https://api.x.com/2/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'code=VGNibzFWSWREZm01bjN1N3dicWlNUG1oa2xRRVNNdmVHelJGY2hPWGxNd2dxOjE2MjIxNjA4MjU4MjU6MToxOmFjOjE' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ' \ --data-urlencode 'redirect_uri=https://www.example.com' \ --data-urlencode 'code_verifier=challenge' ``` Here is an example using a confidential client:  ```json curl --location --request POST 'https://api.x.com/2/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic V1ROclFTMTRiVWhwTWw4M2FVNWFkVGQyTldNNk1UcGphUTotUm9LeDN4NThKQThTbTlKSXQyZm1BanEzcTVHWC1icVozdmpKeFNlR3NkbUd0WEViUA=='\ --data-urlencode 'code=VGNibzFWSWREZm01bjN1N3dicWlNUG1oa2xRRVNNdmVHelJGY2hPWGxNd2dxOjE2MjIxNjA4MjU4MjU6MToxOmFjOjE' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'redirect_uri=https://www.example.com' \ --data-urlencode 'code_verifier=challenge' ``` **Step 4: Connect to the APIs** You are now ready to connect to the endpoints using OAuth 2.0. To do so, you will request the API as you would using [Bearer Token authentication](/resources/fundamentals/authentication/oauth-2-0/application-only). Instead of passing your Bearer Token, you’ll want to use the access token you generated in the last step. As a response, you should see the appropriate payload corresponding to the endpoint you are requesting. This request is the same for both public and confidential clients.  An example of the request you would make would look as follows: ```json curl --location --request GET 'https://api.x.com/2/tweets?ids=1261326399320715264,1278347468690915330' \ --header 'Authorization: Bearer Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE' ``` **Step 5: POST oauth2/token - refresh token** A refresh token allows an application to obtain a new access token without prompting the user. You can create a refresh token by making a POST request to the following endpoint: [https://api.x.com/2/oauth2/token](https://api.x.com/2/oauth2/token) You will need to add in the `Content-Type` of `application/x-www-form-urlencoded` via a header. In addition, you will also need to pass in your refresh\_token, set your grant\_type to be a `refresh_token`, and define your `client_id`. This request will work for public clients: ```json POST 'https://api.x.com/2/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'refresh_token=bWRWa3gzdnk3WHRGU1o0bmRRcTJ5VUxWX1lZTDdJSUtmaWcxbTVxdEFXcW5tOjE2MjIxNDc3NDM5MTQ6MToxOnJ0OjE' \ --data-urlencode 'grant_type=refresh_token' \ --data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ' ``` Here is an example of one for confidential clients: ```json POST 'https://api.x.com/2/oauth2/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic V1ROclFTMTRiVWhwTWw4M2FVNWFkVGQyTldNNk1UcGphUTotUm9LeDN4NThKQThTbTlKSXQyZm1BanEzcTVHWC1icVozdmpKeFNlR3NkbUd0WEViUA=='\ --data-urlencode 'refresh_token=bWRWa3gzdnk3WHRGU1o0bmRRcTJ5VUxWX1lZTDdJSUtmaWcxbTVxdEFXcW5tOjE2MjIxNDc3NDM5MTQ6MToxOnJ0OjE'\ --data-urlencode 'grant_type=refresh_token' ``` **Step 6: POST oauth2/revoke - Revoke Token** A revoke token invalidates an access token or refresh token. This is used to enable a "log out" feature in clients, allowing you to clean up any security credentials associated with the authorization flow that may no longer be necessary. The revoke token is for an App to revoke a token and not a user. You can create a revoke token request by making a POST request to the following URL if the App wants to programmatically revoke the access given to it: ``` https://api.x.com/2/oauth2/revoke ``` You will need to pass in the `Content-Type` of `application/x-www-form-urlencoded` via a header, your token, and your client\_id. In some cases, a user may wish to revoke access given to an App, they can revoke access by visiting the [connected Apps page](https://x.com/settings/connected_apps). ```bash curl --location --request POST 'https://api.x.com/2/oauth2/revoke' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'token=Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE' \ --data-urlencode 'client_id=rG9n6402A3dbUJKzXTNX4oWHJ' ``` This request will work for confidential clients: ```bash curl --location --request POST 'https://api.x.com/2/oauth2/revoke' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic V1ROclFTMTRiVWhwTWw4M2FVNWFkVGQyTldNNk1UcGphUTotUm9LeDN4NThKQThTbTlKSXQyZm1BanEzcTVHWC1icVozdmpKeFNlR3NkbUd0WEViUA=='\ --data-urlencode 'token=Q0Mzb0VhZ0V5dmNXSTEyNER2MFNfVW50RzdXdTN6STFxQlVkTGhTc1lCdlBiOjE2MjIxNDc3NDM5MTQ6MToxOmF0OjE' ``` # Authentication Source: https://docs.x.com/resources/fundamentals/authentication/overview export const Button = ({href, children}) => { return ; }; X APIs handle enormous amounts of data. The way we ensure this data is secured for developers and users alike is through authentication. There are a few methods for authentication, each listed below. Most developers will not need to deal with the complexities surrounding authentication since client libraries automatically handle these difficulties. You can find a list of available client libraries on our [Tools and libraries](/resources/tools-and-libraries) page. ## Authentication methods OAuth 1.0a allows an authorized X developer App to access private account information or perform a X action on behalf of a X account.
[**Learn More**](/resources/fundamentals/authentication/oauth-1-0a/api-key-and-secret) App only Access Token allows a X developer app to access information publicly available on X.
[**Learn More**](/resources/fundamentals/authentication/oauth-2-0/overview) Many of X's enterprise APIs require the use of HTTP Basic Authentication.
[**Learn More**](/resources/fundamentals/authentication/basic-auth) OAuth 2.0 User Context allows you to authenticate on behalf of another account with greater control over an application's scope, and authorization flows across multiple devices.
[**Learn More**](/resources/fundamentals/authentication/oauth-2-0/authorization-code) **Note:** Your App's API Keys and App only Access Token, as well as your personal Access Token and Access Token Secret can be obtained from the [X developer Apps](/resources/fundamentals/developer-apps) section found in the [developer portal](/resources/fundamentals/developer-portal). **If you would like to make requests on behalf of another user**, you will need to generate a separate set of Access Tokens for that user using the [3-legged OAuth flow](https://developer.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens), and pass that user's tokens with your OAuth 1.0a User Context or OAuth 2.0 user context requests. ## Additional resources Learn how to generate tokens and authenticate requests using our integration guides. Review our reference guides for our authentication endpoints. Make sure you protect yourself and understand the best practices for storing your keys and tokens. Question? Visit our FAQs. # Counting characters when composing Tweets Source: https://docs.x.com/resources/fundamentals/counting-characters This page describes how characters are treated when composing Tweets and across the X API. For more information on the implementation, X provides an Open Source [twitter-text](http://github.com/twitter/twitter-text) library that can be found on [GitHub](https://github.com/twitter). ## Background X began as an SMS text-based service. This limited the original Tweet length to 140 characters (which was partly driven by the 160 character limit of SMS, with 20 characters reserved for commands and usernames). Over time as X evolved, the maximum Tweet length grew to 280 characters - still short and brief, but enabling more expression. ## Definition of a Character In most cases, the text content of a Tweet can contain up to 280 characters or [Unicode](https://unicode.org/) glyphs. Some glyphs will count as more than one character. We refer to whether a glyph counts as one or more characters as its weight. The exact definition of which characters have weights greater than one character is found in the [configuration file](https://github.com/twitter/twitter-text/tree/master/config) for the [twitter-text Tweet parsing library](https://github.com/twitter/twitter-text). The current version of the configuration file defines a default two-character weight and four ranges of [Unicode code points](https://unicode.org/charts/About.html) that are weighted differently. Currently code points in these ranges are all counted as a single character. * The first range covers characters across the Latin-1 code pages. (U+0000 - U+10FF). * The second range is general punctuation up to and including the Zero Width Joiner (used to combine emoji and other glyphs) (U+2000-U+200D). * The third range is general punctuation excluding U+200E and U+200F, which are Unicode directional marks (U+2010-U+201F). * The final range covers quotation marks (U+2032-U+2037). Examples of Tweet text and lengths calculated by the twitter-text library can be found in the library's [validate.yml](https://github.com/twitter/twitter-text/blob/master/conformance/validate.yml) test configuration file. **Examples** | Displayed character | Length | Description | Unicode sequence | | :------------------ | :----- | :--------------------------------------------- | :--------------- | | a | 1 | Latin Small Letter a | U+0061 | | á | 1 | Latin Small Letter A with acute | U+00E1 | | ӑ | 1 | Cyrillic Small Letter A with breve | U+04D1 | | Ồ | 1 | Latin Small Letter o with circumflex and acute | U+1ED2 | ## Emojis Emoji supported by [twemoji](https://twemoji.x.com/) always count as two characters, regardless of combining modifiers. This includes emoji which have been modified by [Fitzpatrick skin tone](https://emojipedia.org/modifiers/) or [gender modifiers](https://blog.emojipedia.org/unicode-and-the-emoji-gender-gap/), even if they are composed of significantly more Unicode code points. Emoji weight is defined by a regular expression in twitter-text that looks for sequences of standard emoji combined with one or more Unicode Zero Width Joiners (U+200D). **Examples** | Displayed Emoji | Length | Description | Unicode sequence | | :-------------- | :----- | :------------------------------------------------------------------ | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 👾 | 2 | Default length of known emoji | -- | | 🙋🏽 | 2 | Emoji with skin tone modifier | 🙋 U+1F64B, 🏽 U+1F3FD | | 👨‍🎤 | 2 | Emoji sequence using combining glyph (zero-width joiner) | [👨 U+1F468](https://emojipedia.org/emoji/%F0%9F%91%A8/), [U+200D](https://emojipedia.org/emoji/%E2%80%8D/), [🎤 U+1F3A4](https://emojipedia.org/emoji/%F0%9F%8E%A4/) | | 👨‍👩‍👧‍👦 | 2 | Emoji sequence using multiple combining glyphs (zero-width joiners) | [👨 U+1F468](https://emojipedia.org/emoji/%F0%9F%91%A8/), [U+200D](https://emojipedia.org/emoji/%E2%80%8D/), [👩 U+1F469](https://emojipedia.org/emoji/%F0%9F%91%A9/), [U+200D](https://emojipedia.org/emoji/%E2%80%8D/), [👧 U+1F467](https://emojipedia.org/emoji/%F0%9F%91%A7/), [U+200D](https://emojipedia.org/emoji/%E2%80%8D/), [👦 U+1F466](https://emojipedia.org/emoji/%F0%9F%91%A6/) | ## Chinese / Japanese / Korean Glyphs Glyphs used in CJK (Chinese / Japanese / Korean) languages also count as two characters. Therefore, a Tweet composed of only CJK text can only have a maximum of 140 of these types of glyphs. ## Entity Objects Tweets can contain [Entity Objects](/x-api/fundamentals/data-dictionary), some of which impact the length of a Tweet. URLs: [All URLs are wrapped in t.co links](https://developer.x.com/content/developer-twitter/en/docs/basics/tco). This means a URL's length is defined by the `transformedURLLength` parameter in the [twitter-text configuration file](https://github.com/twitter/twitter-text/tree/master/config). The current length of a URL in a Tweet is 23 characters, even if the length of the URL would normally be shorter. Replies: @names that auto-populate at the start of a reply Tweet will not count towards the character limit. New non-reply Tweets starting with a @mention will count, as will @mentions added explicitly by the user in the body of the Tweet. Media: media attached to a Tweet, represented as a pic.x.com URL, if posted from an official client, counts for 0 characters. For more on Entity Objects, see the [developer documentation](/x-api/fundamentals/data-dictionary). ## X Character Encoding X API endpoints only accept UTF-8 encoded text. All other encodings must be converted to UTF-8 before sending the the text to the API. X counts the length of a Tweet using the Normalization Form C (NFC) version of the text. As an example: the word "café". There are two byte sequences that visually look and read the same, but use a different number of bytes: | | | | | :--- | :---------------------------- | :------------------------------------------------------ | | café | 0x63 0x61 0x66 0xC3 0xA9 | Using the "é" character, the "composed character". | | café | 0x63 0x61 0x66 0x65 0xCC 0x81 | Using the combining diacritical, which overlaps the "e" | Normalization Form C favors the use of a fully combined character (0xC3 0xA9 from the café example) over the long-form version (0x65 0xCC 0x81). X counts the number of code points in the text, rather than UTF-8 bytes. The 0xC3 0xA9 from the café example is one code point (U+00E9) that is encoded as two bytes in UTF-8, whereas 0x65 0xCC 0x81 is two code points encoded as three bytes. # Developer Apps Source: https://docs.x.com/resources/fundamentals/developer-apps ## Overview If you have existing Apps, you can view, edit, or delete them via the [developer portal's App page](https://developer.x.com/en/portal/projects-and-apps). Accessing the X API and X Ads API requires a set of [authentication](/resources/fundamentals/authentication) credentials, also known as keys and tokens, that you must pass with each request. These credentials can come in different forms depending on the type of authentication that is required by the specific endpoint that you are using. Here are the different credentials that you can generate in your App and how to use them: * **[API Key and Secret](/resources/fundamentals/authentication#api-key-and-secret):** Essentially the username and password for your App. You will use these to authenticate requests that require [OAuth 1.0a User Context](/resources/fundamentals/authentication#oauth-1-0a-2), or to generate other tokens such as user Access Tokens or App Access Token. * **[Access Token and Secret](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow):** In general, Access Tokens represent the user that you are making the request on behalf of. The ones that you can generate via the developer portal represent the user that owns the App. You will use these to authenticate requests that require [OAuth 1.0a User Context](/resources/fundamentals/authentication#oauth-1-0a-2). If you would like to make requests on behalf of another user, you will need to use the 3-legged OAuth flow for them to authorize you. * **[Client ID and Client Secret](/resources/fundamentals/authentication#oauth-2-0):** These credentials are used to obtain a user Access Token with OAuth 2.0 authentication. Similar to OAuth 1.0a, the user Access Tokens are used to authenticate requests that provide private user account information or perform actions on behalf of another account but, with fine-grained scope for greater control over what access the client application has on the user. * **[App only Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only):** You will use this token when making requests to endpoints that responds with information publicly available on X. In addition to generating the keys and tokens necessary to make X API requests, you will also be able to set access [permissions](/resources/fundamentals/developer-apps#app-permissions), document the use case or purpose for the App, define a [callback URL](/resources/fundamentals/developer-apps#callback-urls), and modify other settings related to your App developer environment from within the [management dashboard](https://developer.x.com/en/portal/projects-and-apps). ### Apps and Projects You can use Apps and [Projects](/resources/fundamentals/projects) to help organize your work with the X Developer Platform by use case. Each Project can contain a single App if you have Essential access, and up to three Apps if you have Elevated or greater access. If you would like to access the new [X API v2](/x-api/introduction) endpoints, you will be required to use keys and tokens from an App that is associated with a Project. If you have Apps that were created before we launched Projects, they will be visible in the section entitled "Standalone Apps". Standalone Apps are Apps outside of the Project structure. If you attach a Standalone App to a Project, it will then be able to make requests to the v2 endpoints. ### Developer portal dashboard You can [visit the dashboard](https://developer.x.com/content/developer-twitter/en/apps) to manage the Apps associated with your account. To learn more, please visit our documentation page on the [developer portal](/resources/fundamentals/developer-portal). The dashboard allows developers to quickly and easily perform the following tasks: * View your existing Standalone Apps and their associated App ID. * Create a new Project, App, or standalone App. * Delete an unused Project or App. * Review or update a specific App's settings, including updating name, description, website, callback URL, and [permissions](/resources/fundamentals/developer-apps#app-permissions). * Regenerate App specific credentials like API Key & Secret, App Access Token, and the App owner's user Access Tokens. ### Signing up for access If you have existing X Apps, you can view and edit your Apps via the X [App dashboard](https://developer.x.com/content/developer-twitter/en/portal/projects-and-apps) if you are logged into your X account on developer.x.com. Please note you will **not** need to sign up for an account to manage any and all Apps that were previously created on developer.x.com. If you need to create a new X App, you will need to have [signed up for a developer account](https://developer.x.com/en/portal/petition/essential/basic-info). If you are a member of a [team account](/resources/fundamentals/developer-portal#team-management), you must be assigned an admin role to create a new App. ### Automated Account labeling for bots You can add an Automated Account label to your bot accounts to let users on X know that your bot is an automated account. These bots perform programmed actions through the X API. When you add an Automated Account label to your bot, you build trust with your audience, legitimize your account, and set yourself apart from spammy bots. This helps people on X better understand your account's purpose when interacting with your bot. To attach a label to your bot account, follow these steps: 1. Go to your account settings 2. Select "Your account" 3. Select "Automation" 4. Select "Managing account" 5. Next, select the X account, which runs your bot account 6. Enter your password to log in 7. Finally, you should see confirmation that the label has been applied to your account. *** ## App management ### Introduction The [X App dashboard](https://developer.x.com/en/portal/projects-and-apps) allows developers to quickly and easily perform the following tasks: * View your existing Apps and [Projects](/resources/fundamentals/projects) and their associated App ID. * Create a new Project or standalone App. * Delete a Project, App, or standalone App. * Open up a specific App's settings by clicking into the App's settings. Within the settings, you can see the App details, keys and tokens, and permissions. * Update your App's user authentication settings to use either OAuth 1.0a or OAuth 2.0. **Note:** All App keys and tokens are no longer viewable within the Developer Portal and must be saved securely once generated. We recommend using a password manager to store your keys and tokens. You can reveal an API Key hint to help you match your credential to their corresponding App. ### App Settings #### App details Here you can edit the App icon, App name, App description, your website URL, [callback URLs/redirect URIs](/resources/fundamentals/developer-apps#callback-urls), terms of service URL, privacy policy URL, organization name, organization URL, and purpose or use case of the App. OAuth 2.0 and OAuth 1.0a are authentication methods that allow users to sign in to your App with X. They also allow your App to make specific requests on behalf of authenticated users. You can turn on one, or both methods for your App. It is important to keep this information up to date. Your App name and website URL will be shown as the source within metadata for any Tweets created programmatically by your application. If you change the use case of a X App, be sure to update the use case in these settings in order to ensure you are in compliance with the [Developer Terms](https://developer.x.com/content/developer-twitter/en/developer-terms/agreement-and-policy). If your application has a tag showing 'suspended' this is because your app is in violation of one or more of X's [developer terms](https://developer.x.com/en/developer-terms.html) such as our [automation rules](https://help.x.com/en/rules-and-policies/twitter-automation). The developer platform policy team will communicate with developers through the email address set up on the App owner's X account, to review this email address please review your [X account settings](https://x.com/settings/your_twitter_data/account). Notification emails about suspensions will be sent to this email address with the title similar to "Application suspension notice" and will have specific information on what to do next. To work with the X team to address suspensions, please check your email for specific instructions, or use our [platform help form](https://help.x.com/forms/platform). #### Keys and tokens Inside of an App in a Project or via a standalone App you can view, regenerate, or revoke the following tokens: * [API Key (Consumer Key) and API Secret (Consumer Secret)](/resources/fundamentals/authentication#api-key-and-secret) * [App Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) * [User Access Token and Access Token Secret](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) - The Access Token and Secret available within the developer portal relates to the user that owns the App. **Please note** - If you would like to make requests on behalf of a different user (in other words, not the user that owns the App), you will have to use either the [OAuth 1.0a 3-legged OAuth flow](https://developer.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens) or OAuth 2.0 [Authorization Code with PKCE flow](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) to generate a set of user Access Tokens. You will then use these user-specific tokens in your request to the API. #### User Authentication Settings You can select your App's authentication settings to be OAuth 1.0a or OAuth 2.0. OAuth 2.0 can be used with the X API v2 only. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user. OAuth 1.0a can be used with X API v1.1 and v2 and uses broad authorization with coarse scopes. #### OAuth 1.0a Application-user Permissions If you are the App owner, you can adjust the permissions of the App (read-only; read and write; or read, write and direct messages). This controls which resources and events you have access to via X APIs (note: some resources require further permission from X directly). You can also toggle on and off your Apps' ability to ask for user email addresses on this page (this requires a Terms of Service URL and a Privacy Policy URL to be present on the "App details" page). #### OAuth 2.0 Type of App If you select OAuth 2.0 as your user authentication method you will need to select the type of App you are creating. Your options are Native App, Single page App, Web App, Automated App or bot. Native App and Single page Apps are public clients and Web App and Automated App or bots are confidential clients. Confidential clients securely authenticate with the authorization server. They keep your client secret safe. Public clients are applications usually running in a browser or on a mobile device and are unable to use your client secrets. If you select a type of App that is a confidential client, you will be provided with a client secret. *** ## App permissions ### OAuth 1.0a App permissions App permissions describe the access level for OAuth 1.0a application-user authentication. App permissions are configured per application within your [X App](/resources/fundamentals/developer-apps) settings. There are three levels of permission available: 1. Read only 2. Read and write 3. Read, write and access Direct Messages An additional permission exists to request visibility of a user's email address - this can be combined with any of the three levels listed above. If a permission level is changed, any user tokens already issued to that X app must be discarded and users must re-authorize the App in order for the token to inherit the updated permissions. A good practice is to request *only the minimum level of access* to a user's account data that an application or service requires. ### Read only This permission level permits read access to X resources, including (for example) a user's Tweets, home timeline, and profile information. It does not allow access to read a user's Direct Messages, and it does not allow to update any element or object. ### Read and write This permission level permits read and write access to X resources. In addition to allowing read access, it also allow to post Tweets, follow users, or update elements of a user's profile information. It also allow to hide replies on behalf of the authenticating user. This permission level does not allow any access to Direct Messages (including read, write, or delete). ### Read, write and access Direct Messages This permission level includes access to all of the above and adds the ability to read, write and delete Direct Messages on behalf of a user. * [POST /2/dm\_conversations/:dm\_conversation\_id/messages](/x-api/direct-messages/send-a-new-message-to-a-dm-conversation) * [POST /2/dm\_conversations/](/x-api/direct-messages/create-a-new-dm-conversation) * [POST /2/dm\_conversations/with/:participant\_id/messages](/x-api/direct-messages/send-a-new-message-to-a-user) * [GET /2/dm\_conversations/with/:user\_id/dm\_events](/x-api/direct-messages/get-dm-events-for-a-dm-conversation) * [GET /2/dm\_conversations/:dm\_conversation\_id/dm\_events](/x-api/direct-messages/get-dm-events-for-a-dm-conversation-1) * [GET /2/dm\_events](/x-api/direct-messages/get-recent-dm-events) ### Determining permissions All authenticated API requests return an `x-access-level` header in the HTTP response. The value of the header shows the current permission level in use. Possible values are read, read-write, and read-write-directmessages. *** ## Callback URLs The OAuth 1.0a User Context and OAuth 2.0 Authorization Code with PKCE authentication methods enable developers to make requests on behalf of different X users that have worked through a specific sign-in flow. Currently, there are two flows that you can use to enable users to authorize your application: * [OAuth 2.0 authorization code flow with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) * [OAuth 1.0a 3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) (and separately, the [Sign in with X flow](/resources/fundamentals/authentication#log-in-with-x)) As users work through these flows, they need a web page or location to be sent to after they have successfully logged in and provided authorization to the developer's App. This follow-up webpage or location is called a callback URL. When setting up these flows for their potential users to work through, developers must pass a callback URL with their requests to the authentication endpoints that make up the flows mentioned earlier. For example, developers using OAuth 1.0a User Context must pass the `callback_url` parameter when making a request to the [GET oauth/request\_token](/resources/fundamentals/authentication#post-oauth-request-token) endpoint. Similarly, developers using OAuth 2.0 Authorization Code with PKCE must pass the `redirect_uri` parameter with their request to the GET oauth2/authorize endpoint. In addition to using these parameters, the developer must also make sure that the callback URL has also been added to their [App's](/resources/fundamentals/developer-apps) callback URL allowlist, which can be found on the [developer portal's](/resources/fundamentals/developer-portal) App settings page. If set up properly, developers will be directed to the callback URL after successfully signing in to X as part of these flows. ### Things to keep in mind When you are setting up your callback URLs, there are a few things that you should keep in mind: **HTTP encode your query parameters** Since you are passing the callback URL as a query parameter with the `callback_url` or `redirect_uri` parameters, please make sure that you HTTP encode the URL. **Callback URL limits** There is a hard limit of 10 callback URLs in the X Apps dashboard. Your callback URL should always be an exact match between your allow listed callback URL that you add to the Apps dashboard and the parameter you add in the authorization flow. If you wish to include request-specific data in the callback URL, you can use the `state` parameter to store data that will be included after the user is redirected. It can either encode the data in the `state` parameter itself or use the parameter as a session ID to store the state on the server. **Don't use localhost as a callback URL** Instead of using localhost, please use a custom host locally or http(s)://127.0.0.1 **Custom protocol URLs** If you would like to take advantage of mobile deep linking, you can utilize custom protocol URLs with a path and domain part, such as twitter://callback/path. However, we do have a list of disallowed protocols that you will need to avoid. You can review the list of disallowed protocols below. **Disallowed protocols** | | | | :----------- | :----------- | | `vbscript` | `ldap` | | `javascript` | `mailto` | | `vbs` | `mmst` | | `data` | `mmsu` | | `mocha` | `msbd` | | `keyword` | `rtsp` | | `livescript` | `mso-offdap` | | `ftp` | `snews` | | `file` | `news` | | `gopher` | `nntp` | | `acrobat` | `outlook` | | `callto` | `stssync` | | `daap` | `rlogin` | | `itpc` | `telnet` | | `itms` | `tn3270` | | `firefoxurl` | `shell` | | `hcp` | `sip` | ### Error Example If you use a callback URL that hasn't been properly added to your App's settings in the developer portal, you will receive the following error message: **OAuth 1.0a** ```json HTTP 403 - Forbidden { "errors": [ { "code":415,"message":"Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings." } ] } ``` OR ```xml Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings /oauth/request_token ``` **OAuth 2.0** ```json HTTP 400 { "error": "invalid_request", "error_description": "Value passed for the redirect uri did not match the uri of the authorization code." } ``` **Troubleshooting** If you receive an error, please make sure that the callback URL that you are using in your authentication requests is HTTP encoded, and that it matches a callback URL that has been added to the allowlist for the App whose keys and tokens you are using in your request. *** # Developer portal Source: https://docs.x.com/resources/fundamentals/developer-portal export const Button = ({href, children}) => { return ; }; ## Overview ### Introduction The X developer portal contains a set of self-serve tools that developers can use to manage their access to the X API and X Ads API. In the portal, you have the opportunity to: * Create and manage your X [Projects](/resources/fundamentals/projects) and [Apps](/resources/fundamentals/developer-apps) (and the authentication keys and tokens that they provide). * Manage your access levels and integrations with the X API standard v1.1 and v2 endpoints. * Learn more about different endpoints and features available. ### Ready to get access? You can get started using the X API by signing up for an account. If you need additional functionality or higher [Tweet caps](/x-api/fundamentals/post-cap), you can purchase Basic or Pro within the developer portal. For those interested in Enterprise, please apply [here](https://docs.google.com/forms/d/e/1FAIpQLScO3bczKWO2jFHyVZJUSEGfdyfFaqt2MvmOfl_aJp0KxMqtDA/viewform). ## What to expect within the developer portal ### Onboarding The onboarding wizard guides you through the process of setting up your first [Project](/resources/fundamentals/projects) and [App](/resources/fundamentals/developer-apps). You will need to create a Project and App to receive the credentials required to authenticate your API requests. You will see the wizard if you are accessing your developer account for the first time. Through this process, you will receive a set of authentication keys and tokens, which you can learn more about on our [App overview page](/resources/fundamentals/developer-apps#overview). To learn more about what is needed to authenticate with the X API, take a look at the [authentication section](/resources/fundamentals/authentication). **Please note:** You will need to [store your keys and tokens in a secure location](/resources/fundamentals/authentication/guides/authentication-best-practices) so you can access them later on. There is no way to reference these credentials without regenerating them. ### Project and App management One of the primary roles of the developer account is to enable to you [manage your Projects and Apps](/resources/fundamentals/developer-apps#app-management). Developers can both create and manage X Projects and Apps from the Dashboard in the developer portal. This is where you can find your App IDs; edit an App's setting, permissions, and callback URLs; and generate and revoke keys and tokens. ### Learn more about what's available with X API v2 The developer portal hosts a products section where you can go to learn more about the different versions and access levels of the X API. The X API v2 product section contains important information about the Free, Basic, Pro, and Enterprise access tiers. This page contains details on Project-level App limitations, Tweet cap, and costs, as well as endpoint-specific rate limits and special attributes. You can also compare and contrast the different access levels and apply for additional access if available. Review [all v2 access levels](/x-api/introduction#access-levels). *** ## Team management **Only available to Enterprise v2 accounts.** **[View the "team" page within the developer portal](https://developer.twitter.com/en/portal/teams).** ### Why use team functionality? Team functionality facilitates collaborative development of Projects and Apps within the X Developer Platform. Often, teams have different people responsible for access control, billing/payments, and this allows you to invite those people to contribute to your project. ### Inviting team members In order to invite someone to join a team, an admin can invite them via their X handle. They will receive an email and they can accept it via that email invitation. Once they accept, they will need to agree to the Developer Agreement & Policy, and can then access the main account's team page. **Please note:** Team management does not currently grant/limit API access based on [App](/resources/fundamentals/developer-apps) credentials. It is not possible to share App management across your team. Apps (keys/tokens) cannot be edited, created, or deleted by non-owners. ### Team dashboard On the "members" tab of the team dashboard, you will view all the members and their roles. If you are an administrator of a team, you will be able to manage developer access and edit the roles of each member. Administrators also have access to the "pending" tab of the team dashboard. Here, admins can view the details and manage each invitation that has been sent out. ### Team roles **Administrator role** * Ability to manage team projects and apps * Ability to manage all app environments * Ability to choose/upgrade subscriptions * Ability to update billing/payment methods * Ability to add/remove team members * Ability to edit roles of team members **Developer role** * Ability to manage own projects and apps * Read-only access to team projects and apps * Ability to leave the team # Projects Source: https://docs.x.com/resources/fundamentals/projects ## Introduction Projects allow you to organize your work based on how you intend to use the X API so you can effectively manage your access to the API and monitor your usage. Each Project can contain one or multiple [Apps](/resources/fundamentals/developer-apps) depending on your access level (described later on this page). You will use these Apps to generate [authentication](/resources/fundamentals/authentication) credentials such as [API Keys and Secrets](/resources/fundamentals/authentication#api-key-and-secret), user [Access Tokens](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow), and [App Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only). While you can use these keys and tokens from any App to access the X API or X Ads API (you must [apply for additional access](/x-ads-api/getting-started/step-by-step-guide) to use the Ads API), you must use keys and tokens from an App associated with a Project to be able to use the [X API v2](/x-api/introduction) endpoints. If you have a developer account, you can view and manage your Projects on the [Projects & Apps](https://developer.x.com/en/portal/projects-and-apps) page within the developer portal. [Sign up](https://developer.x.com/en/portal/petition/essential/basic-info) for an account if you don't have one already. ### Projects and X API access levels At this time, there are 4 different tiers of access that are applied at the Project-level: * Free * Basic * Pro * Enterprise To learn more about what each of these access levels provides, please visit the [about X API](/x-api/getting-started/about-x-api) page. You can only have one Project with either Free, Basic, or Pro. We will describe a few Project-specific differences here for you: #### Free This access tier is provided to anyone who has [signed up](https://developer.twitter.com/en/portal/petition/essential/basic-info) for a developer account. Number of Apps within that Project: 1 [Tweet consumption cap](/x-api/fundamentals/post-cap): 1,500 Tweets per month Authentication methods: * [OAuth 2.0 with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) * App only #### Basic This access tier is provided to anyone who has subscribed for Basic access via the developer portal. Number of Apps within that Project: 2 [Tweet consumption cap](/x-api/fundamentals/post-cap): 10,000 Tweets per month Authentication methods: * [OAuth 2.0 with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) * [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) * App only #### Pro This access tier is provided to anyone who has subscribed for Pro access via the developer portal. Number of Apps within that Project: 3 [Tweet consumption cap](/x-api/fundamentals/post-cap): 1 million Tweets per month Authentication methods: * [OAuth 2.0 with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) * [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) * App only #### Enterprise This access tier is provided to anyone who has applied for Enterprise, been approved by our team, and signed a monthly auto renew contract via X account manager. [Apply here](https://docs.google.com/forms/d/e/1FAIpQLScO3bczKWO2jFHyVZJUSEGfdyfFaqt2MvmOfl_aJp0KxMqtDA/viewform). Number of Apps within that Project: 3+ [Tweet consumption cap](/x-api/fundamentals/post-cap): 50 million+ Tweets per month Authentication methods: * [OAuth 2.0 with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) * [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) * App only ### Tweet caps and Projects Tweet consumption caps apply at the Project-level, effectively limiting the volume of Tweets you can retrieve from certain X API v2 endpoints within a given month. Learn more about [Tweet caps](/x-api/fundamentals/post-cap). ### Configuring Projects #### Creating a Project To create a Project, click on "New Project" in your [dashboard](https://developer.twitter.com/en/portal/dashboard) or the [Projects & Apps](https://developer.twitter.com/en/portal/projects-and-apps) page within the developer portal. You'll only be able to see this option if you haven't already created a Project. You will be prompted to create a Project name, description, and use case. You will also be asked to create a new App or connect an existing standalone App. #### Creating or Connecting an App for your Project If your Project doesn't include an App, you can add one by clicking on the Project name in the dashboard. From there, you can either create a new App or select an existing standalone App to connect to your Project. The App is where you can generate the authentication keys and tokens listed at the beginning of this guide. #### Editing a Project To edit a Project, click on the name of your Project from the dashboard or Projects & Apps page within the developer portal. From there you will see the details of your Project and can select "edit" to make changes. ### Standalone Apps Standalone Apps are Apps that exist outside of the Project structure. The authentication credentials associated with these standalone Apps can make successful requests to X's API's standard v1.1, premium v1.1, enterprise, or to the X Ads API. Standalone Apps will fail when trying to make requests to the X API v2 endpoints unless you connect them to a Project. If you created an App before August 2020, they will be visible in the "Standalone Apps" section of the developer portal under [Projects & Apps](https://developer.twitter.com/en/portal/projects-and-apps). You will be limited to ten Apps in total, including those that are connected to your Project. If you're part of a team account, you will see the Apps that you own under Standalone Apps. If a teammate owns an App that's part of a Project, you will be able to see the App's name and owner's info, but you will not be able to change its settings, access its keys and tokens, or regenerate its keys and tokens. You should contact the App owner to make any changes to their App. *** # Rate limits Source: https://docs.x.com/resources/fundamentals/rate-limits Everyday many thousands of developers make requests to the X developer platform. To help manage the sheer volume of these requests, limits are placed on the number of requests that can be made. These limits help us provide the reliable and scalable API that our developer community relies on. Each of our APIs use rate limits in different ways. To learn more about these differences between platforms, please review the specific rate limit pages within our specific API sections: * [X API v2](/x-api/fundamentals/rate-limits) * [X API: Enterprise](/x-api/enterprise-gnip-2.0/fundamentals/rate-limits) * [X Ads API](/x-ads-api/fundamentals/rate-limiting) # Security Source: https://docs.x.com/resources/fundamentals/security We believe privacy is a right, not a privilege, and it is built into the foundations of our company. By using the X developer platform and abiding by our developer policy, you play a critical role in making sure the platform serves the public conversation on X and safeguards our commitment to privacy. We want to remind you of the importance of building securely in order to protect both your own and your apps' users' data. It is your responsibility to protect against the threat of security breaches, and we have a shared responsibility to protect the people who use X. This page describes expectations around building secure applications and keeping data and access as safe as possible. Please be aware of the security technologies available for the X Developer Platform including [authentication](/resources/fundamentals/authentication), TLS, and [app permissions](/resources/fundamentals/developer-apps#app-permissions), as well as from the X user perspective for [using third party applications and sessions](https://help.x.com/en/managing-your-account/connect-or-revoke-access-to-third-party-apps). ## Reporting security issues X Developer Platform users must notify X no more than 48 hours after initial suspicion a security incident has occurred, through the [X's vulnerability reporting program](https://hackerone.com/twitter). ## Security best practices Please keep them in mind as you build on the X developer platform, and elsewhere across the internet. ### Security by design Consider hiring security professionals to do a threat model audit and/or penetration test. A good security firm will dig deep to uncover issues. Read more about how X has adopted this mindset [here in our blog post](https://blog.x.com/en_us/topics/company/2019/privacy_data_protection.html). Additionally, X holds all partners accountable for the following: * Maintain code within a secure repository. * Perform risk analysis throughout the Systems development life cycle (SDLC) process. * Ensure security issues are identified and mitigated throughout SDLC. * Ensure there exists segregation of environments throughout the SDLC process. * Ensure all test defects are fixed, re-tested and closed out. ### Monitor and get alerted If you think there's an issue with your web app, how do you find out for sure? Be sure to keep good logs, and that you are notified of critical exceptions and errors. You may want to put together a dashboard of critical statistics so that you can see at a glance if something is going wrong. ### Create a reporting channel Make it easy for your users to contact you about potential security issues that they've experienced with your app. If an issue is discovered which affects X users and data, it's your responsibility to [report this issue to X](#report) as well. Have an action plan/process ready for notifying affected users, should a security incident occur. ### Adequate testing Ensure that your end-to-end tests are thorough and updated to include expected failures for security scenarios such as unauthorized access. Put yourself in an attacker's mindset and set up system tests that are expected to block an attacker gaining unauthorized access to X data or authorized functionality. ### Securing API keys and tokens As a developer on the X platform, you have programmatic access to both your data and your users data stored by X, assuming they've authorized your developer App. All API requests must be [authenticated](/resources/fundamentals/authentication) using OAuth with your developer App's key and secret and in some cases an authorizing user's [access tokens](/resources/fundamentals/authentication). It is your responsibility to keep your credentials safe. Some suggested best practices include the following: * Create a password/token refresh rotation. * Always encrypt sensitive data as needed and to not decrypt data too far upstream. * Store your users' access tokens in an encrypted store. * [Regenerate](/resources/fundamentals/authentication#regenerate-api-keys-and-tokens) or [invalidate](/resources/fundamentals/authentication#post-oauth2-invalidate-token) keys and tokens if you believe they have been compromised. For more discussion on debugging and building with OAuth for X please visit the community forum's [security category](https://devcommunity.x.com/c/oauth/12). ### Input validation Don't assume that your users will provide you with valid, trustworthy data. Sanitize all data coming from your users that can end up in X API requests. Allowlist the types of input that are acceptable to your application and discard everything that isn't on the allowlist. ### Encrypted communication X requires all API requests to be made over TLS. Communication made to your own servers should also be encrypted wherever possible. ### Exposed debugging information Be sure that you're not exposing sensitive X data or credentials through debugging screens/logs. Some web frameworks make it easy to access debugging information if your application is not properly configured. For desktop and mobile developers, it's easy to accidentally ship a build with debugging flags or symbols enabled. Build checks for these configurations into your deployment/build process. Additionally, if sharing stack traces or crash dumps for reporting, ensure that private X users' data are redacted. ### Unfiltered input, unescaped output One easy-to-remember approach to input validation is FIEO: Filter Input, Escape Output Filter anything from outside your application, including X API data, cookie data, user-supplied form input, URL parameters, data from databases, etc. Escape all output being sent by your application, including SQL sent to your database server, HTML to you send to users' browsers, JSON output sent to other systems, and commands sent to shell programs. ### Cross-site scripting (XSS) [XSS](https://owasp.org/) attacks are, by most measures, the most common form of security problem on the web. If an attacker can get their own JavaScript code into your application, they can do bad things. Anywhere you store and display untrusted, user-supplied data needs to be checked, sanitized, and HTML escaped. Getting this right is hard, because hackers have [many different ways to land XSS attacks](https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting). Your language or web development framework probably has a popular, well-tested mechanism for defending against cross-site scripting; please make use of it. ### SQL injection If your application makes use of a database, you need to be aware of [SQL injection](http://en.wikipedia.org/wiki/SQL_injection). Anywhere you accept input is a potential target for an attacker to break out of their input field and into your database. Use database libraries that protect against SQL injection in a systematic way. If you break out of that approach and write custom SQL, write aggressive tests to be sure you aren't exposing yourself to this form of attack. The two main approaches to defending against SQL injection are escaping before constructing your SQL statement, and using parameterized input to create statements. The latter is recommended, as it's less prone to programmer error. ### Cross-site request forgery (CSRF) Are you sure that requests to your application are coming from your application? [CSRF](http://en.wikipedia.org/wiki/Cross-site_request_forgery) attacks exploit this lack of knowledge by forcing logged-in users of your site to silently open URLs that perform actions. In the case of a developer App, this could mean that attackers are using your app to force users to post unwanted Tweets or follow spam accounts. The most thorough way to deal with CSRF is to include a random token in every form that's stored someplace trusted; if a form doesn't have the right token, throw an error. Modern web frameworks have systematic ways of handling this, and might even be doing it by default if you're lucky. A simple preventative step (but by no means the only step you should take) is to make any actions that create, modify, or destroy data require a POST request. ### Lack of rate limiting Use CAPTCHAs where appropriate to slow down potential spammers and attackers. *** If you've discovered a security issue that directly affects X itself, we have a [bug bounty program for vulnerabilities](https://hackerone.com/twitter). # X IDs Source: https://docs.x.com/resources/fundamentals/x-ids Each object within X - a Tweet, Direct Message, User, List, and so on - has a unique ID. At the very beginning of the platform, these IDs were small enough numbers that they could be generated sequentially. Over time, to accommodate growth, the IDs moved from being 32-bit, to 64-bit. Today, X IDs are unique 64-bit unsigned integers, which are based on time, instead of being sequential. The full ID is composed of a timestamp, a worker number, and a sequence number. X developed an internal service known as "Snowflake" in order to consistently generate these IDs ([read more about this on the X blog](https://blog.x.com/engineering/en_us/a/2010/announcing-snowflake.html)). Numbers as large as 64-bits can cause issues with programming languages that represent integers with fewer than 64-bits. An example of this is JavaScript, where integers are limited to 53-bits in size. In order to provide a workaround for this, in the original designs of the X API (v1/1.1), ID values were returned in two formats: both as integers, and as strings. ```json {"id": 10765432100123456789, "id_str": "10765432100123456789"} ``` If you run the command `(10765432100123456789).toString()` in a browser JavaScript console, the result will be `"10765432100123458000"` - the 64-bit integer loses accuracy as a result of the translation (this is sometimes called "munging" - a destructive change to a piece of data). In X APIs up to version 1.1, you should always use the string representation of the number to avoid losing accuracy. In newer versions of the API, all large integer values are represented as strings by default. # Subscribe to developer news Source: https://docs.x.com/resources/newsletter export const Form = ({src, width = "500", height = "1000"}) => { return ; }; Sign up for emails about the latest news, product updates, and events from the X Developer team. # Platform overview Source: https://docs.x.com/resources/platform-overview export const Button = ({href, children}) => { return ; }; ## Get started with the X Developer Platform X Developer Platform enables you to harness the power of X's open, global, real-time and historical platform within your own applications. The platform provides tools, resources, data and API products for you to integrate, and expand X's impact through research, solutions and more. This section can help you get acquainted with the platform’s organization. ### How the platform is organized The X developer platform is organized into three different products. We have put together a different getting started section for each of these product pages since they have different requirements.    #### X API The X API is a set of programmatic endpoints that can be used to understand or build the conversation on X.  This API allows you to find and retrieve, engage with, or create a variety of different resources including the following: * Tweets * Users * Spaces * Direct Messages * Lists * Trends * Media * Places
#### X Ads API The X Ads API is the direct connection to the X Ads platform. Integrate with the X Ads API to enhance the X Ads experience with additional innovation and efficiencies for your business. * Create, schedule, and manage ad campaigns * Create targeting criteria and custom audiences * Plan and create ad creatives * Pull ad analytics To apply for X Ads API access, a developer account with Elevated access is required.
#### X for Websites X for Websites allows you to embed X's live content into your product, direct from the source. Make the most out of X on your website to increase followers, drive engagement, and grow your business Bring your pick of content from X into your website or app. Use our tools to embed Tweets in your stories and articles on the web. Include a stream of Tweets in your website or app in a compact, linear view. Configure Tweet timelines to automatically display live updates from people, trends, and places right in your app. Allow people who visit your website or app to engage with your X account and share content with their followers. Enhance links to your website shared on X with Cards and X buttons. ### Documentation organization Our technical documentation has separate sections to help you work with each of these different products. In each section, you will find guides, libraries, API references, and other resources to help you get started. The [X API](/x-api/introduction) and [X Ads API](/x-ads-api/introduction) products share similar fundamentals, and even include some common endpoint functionality. These shared concepts are discussed in the platform fundamentals section, including the following: For content display and X actions on websites, the X for Websites product consists of web embeds and tools to optimize X links. You can learn more about the fundamentals of this product by navigating to the [X for Websites](https://developer.x.com/en/docs/twitter-for-websites) section of the docs. The documentation also includes tutorials, integration guides, developer tools, and use case examples to help you as you integrate with the platform. We welcome you to utilize these resources and engage with the developer community to get inspired and build something new.   ### Tools and libraries Find both X-maintained and open-source community client libraries and other developer tools that can help you integrate X into your system more quickly.
### Tutorials Learn how to use X’s developer tools to build a solution around a use case with one of our tutorials: ### Troubleshooting and support Debugging an error? Have a question? Head over to our support section to find troubleshooting tips, contact details, live API status monitor, and other helpful information. ### Community * Join the X Developer Community online through our [forum](https://devcommunity.x.com) * Subscribe to the [X Developer Newsletter](https://docs.x.com/resources/newsletter) for monthly developer community updates ### How to stay informed The following pages and resources can help provide you with important details on API outages, updates, and other news relevant to developers on the platform. * Review our [API status page](https://docs.x.com/status#x-developer-platform-status) to receive updates on known platform inconsistencies that could affect your integration. * Check out our [changelog](https://docs.x.com/changelog) to see the recent changes that we've made to the platform, as well as a list of important upcoming dates. All of these resources and more are listed on our [stay informed](https://developer.x.com/en/updates/stay-informed) page.  *** For more information on how to get started, please visit the specific getting started page for the product that matches your use case.
[Learn more](/x-api/getting-started/about-x-api)
[Learn more](/x-ads-api/getting-started/step-by-step-guide)
[Learn more](https://developer.x.com/en/docs/twitter-for-websites.html) # Tools and libraries Source: https://docs.x.com/resources/tools-and-libraries The X API is a set of programmatic tools that can be used to learn from and engage with the conversation on X.
[Explore tools](/x-api/tools-and-libraries/overview) The X Ads API allows you to programmatically integrate with the X Ads platform.

[Explore tools](/x-ads-api/tools-and-libraries) The X for Websites suite allows you to embed X’s live content into your product and optimize links to your site on X.
[Explore tools](https://developer.x.com/docs/twitter-for-websites/tools-and-libraries) ## General Tools A command line tool that can be used across the X APIs, and handles authentication for you.



[Learn more](https://github.com/xdevplatform/xurl) [Postman](https://www.getpostman.com/) is a REST client that allows us to make requests to APIs inside of a user interface. Use this guide to get started with this tool.
[Learn more](/tutorials/postman-getting-started) Use our embed generator to automatically build an embeddable Tweet, timeline, or button that you can add to your web property.

[Visit publish.x.com](https://publish.x.com/#) *** # Tutorials Source: https://docs.x.com/resources/tutorials Instructions and examples to help you get started. Programmatically monitor and manage your API usage.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/usage-monitoring-and-management) Learn how to explore a user's Tweets and mentions using the user Tweet timeline and user mention timeline endpoints from the last 7 days.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/explore-a-users-tweets) Learn how to start using Postman to make requests to the X API and X Ads API




[**View tutorial**](/tutorials/postman-getting-started) Learn about using R to connect to the user lookup endpoint and how to work with JSON returned from X API v2.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/getting-started-with-r-and-v2-of-the-twitter-api) Learn to use the full-archive search endpoint to search the complete history of public X data, build a dataset by retrieving geo-tagged Tweets, and how to page through the available Tweets for a query.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/getting-historical-tweets-using-the-full-archive-search-endpoint) This guide gives a high-level overview on how to ingest Tweets at scale, and “slice and dice” those Tweets via metadata to narrow them down to a specific category, or sub-categories.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/developer-guide--twitter-api-toolkit-for-google-cloud1) Learn how to build a basic chatbot using webhooks and REST API endpoints




[**View tutorial**](https://developer.x.com/en/docs/tutorials/customer-engagement-application-playbook) Learn the basics about the X API and Tweet annotations in addition to gaining experience in Google Cloud, Analytics, and data science foundations.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/developer-guide--twitter-api-toolkit-for-google-cloud1) Learn more about creating a X bot with Python and OAuth 2.0 using X API v2.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/creating-a-twitter-bot-with-python--oauth-2-0--and-v2-of-the-twi) Use the Account Activity API to configure a webhook, set up OAuth, and send a message for replying in real time.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/how-to-build-a-complete-twitter-autoresponder-autohook) Learn how to build an app in Java that publishes links to Tweets based on user defined interests.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/get-customized-tweet-notifications-where-you-want-them) Learn about taking rules articulated in English and transform them into filtering rules using the appropriate X premium operators and syntax.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/translating-plain-language-to-pt-rules) This is a detailed walkthrough of all the basic steps for getting started with X API v2 from sign up to endpoint request.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/step-by-step-guide-to-making-your-first-request-to-the-twitter-api-v2) Learn about X's webhook-based Account Activity API to get started with securing webhooks, authentication, and receiving events.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/getting-started-with-the-account-activity-api) Use Python to get started with the X API and engage with the public conversation by creating a X Bot.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/kickstart-your-twitter-bot-with-our-glitch-example-written-in-py) Use the X API Toolkit for Google Cloud: Enterprise API to install a trend detection framework in under an hour.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/developer-guide--twitter-api-toolkit-for-google-cloud11) Learn the basics about X API as well as Google Cloud, Analytics, and the foundations of data science.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/developer-guide--twitter-api-toolkit-for-google-cloud) How to build a chatbot that privately receives scores and Tweets out leaderboard updates.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/building-a-live-leaderboard-on-twitter) Build a simple tool to understand how users’ Tweets are performing in the world.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/measure-tweet-performance) Learn more about the steps that you will go through when accessing our one-time Historical PowerTrack offering.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/one-time-historical-powertrack-jobs) Learn how to create moments of delight informed by customer context.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/choosing-historical-api) Learn how to quickly and easily retrieve all usernames mentioned in a thread of replies on X
[**View tutorial**](https://developer.x.com/en/docs/tutorials/retrieve-user-mentions-from-thread) Learn about the four different types of Tweets and how to programmatically detect them.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/determining-tweet-types) Learn how to analyze the sentiment of your Tweet timeline.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/how-to-analyze-the-sentiment-of-your-own-tweets) Learn how to filter Tweets by location.



[**View tutorial**](https://developer.x.com/en/docs/tutorials/filtering-tweets-by-location) Build a real-time Tweet streaming app to listen for and display Tweets based on your own topics of interest.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/building-an-app-to-stream-tweets) Learn about the different authentication methods necessary to access the X enterprise APIs.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/authenticating-with-twitter-api-for-enterprise) Search for topics or keywords and analyze the related conversation using the v2 recent search endpoint
[**View tutorial**](https://developer.x.com/en/docs/tutorials/analyze-past-conversations) Learn how to use twurl to upload a video and use this to create a video app card and Draft Tweet
[**View tutorial**](https://developer.x.com/en/docs/tutorials/uploading-video-and-creating-draft-tweet) Listen for events that matter to you so that you can trigger appropriate actions or notifications.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/listen-for-important-events) Learn to consume X API filtered stream endpoint data and store it into a Google Sheets


[**View tutorial**](https://developer.x.com/en/docs/tutorials/how-to-store-streaming-tweets-in-a-google-sheet) Learn how to build robust rulesets to effectively filter large volumes of X data and identify meaningful insights with PowerTrack
[**View tutorial**](https://developer.x.com/en/docs/tutorials/building-powerful-enterprise-filters) Tips for consuming streaming data.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/consuming-streaming-data) Learn how to use twurl to make requests to the X Ads API
[**View tutorial**](https://developer.x.com/en/docs/tutorials/using-twurl) Learn how I used the Search X API along with Twilio to build a text message alert whenever the @NYCASP account Tweets about alternate side of the street parking information.
[**View tutorial**](https://developer.x.com/en/docs/tutorials/nyc-parking) Search for topics, and then output the returned data into CSV format.


[**View tutorial**](https://developer.x.com/en/docs/tutorials/five-ways-to-convert-a-json-object-to-csv) Learn more about the available geo data, operators, and how to build effective filters to target both Tweet level and account level geo in Tweets
[**View tutorial**](https://developer.x.com/en/docs/tutorials/advanced-filtering-for-geo-data) Learn how to use twurl to upload media to an account

[**View tutorial**](https://developer.x.com/en/docs/tutorials/uploading-media) Surface and stream Tweets and conversations as they happen.

[**View tutorial**](https://developer.x.com/en/docs/tutorials/stream-tweets-in-real-time) # Consistency Source: https://docs.x.com/x-api/fundamentals/consistency ## Consistency across the X API v2 endpoints One of the main aspects of the new v2 version of the X API is consistency across endpoints. This means that objects returned, features, and behaviors of the API are uniform across similar endpoints. You can expect the following elements to be the same across all endpoints: ### Path naming Path naming always includes the endpoint [version](/x-api/fundamentals/versioning), followed by the **resource**. Beyond that, the path can contain an **ID** that relates to the earlier resource, a **selection verb** which helps to determine which data to return (e.g., `search` or `sample`), a **delivery verb** which helps to determine how the data will deliver (e.g., `stream`), or other resources that have a **relationship** with the primary resource (e.g., `/user/12/tweets`). Finally, you can append a **query parameter** to the end if the endpoint includes any query parameters. Here are some examples of how these path and query items could be organized: `/version/resource/id?param1=value¶m2=value /version/resource/delivery/selection?param1=value¶m2=value` Examples of actual requests: `/2/tweets/1067094924124872705?expansions=attachments.media_keys&tweet.fields=author_id /2/users/2244994945?user.fields=created_at,description /2/tweets/search/stream /2/tweets/search/recent?query=snow` ### JSON Schema Responses to requests are defined using [JSON Schema](http://json-schema.org/). This means that requests consistently return sets of objects as arrays, with each element having an ID. Requests do not return maps with IDs as keys. ### Response object and parameters The default object returned is the same for each endpoint of that object type: * `id` objects are always strings. * Parameters and response fields consistently use American-English spelling. * Fields are empty or not returned if there is no value. * The `entities` object only contains entities sourced from the Post text: this includes `urls`, `hashtags`, `mentions`, and `cashtags`. * All cards-related information, including the `media_keys` and `poll_ids` fields, are returned in the `attachments` object. Here is an example response object from the [single Post lookup](/x-api/posts/post-lookup-by-post-id) endpoint (with the [tweet.fields](/x-api/fundamentals/data-dictionary#tweet) parameter set to `author_id`, `entities`): ```json { "data": { "id": "1278747501642657792", "text": "It's been a year since Twitter's Developer Labs launched.\n\nAs we build towards the next generation of the #TwitterAPI (coming VERY soon), see what we've learned and changed along the way. https://t.co/WvjuEWCa6G", "author_id": "2244994945", "entities": { "urls": [ { "start": 188, "end": 211, "url": "https://t.co/WvjuEWCa6G", "expanded_url": "https://blog.x.com/developer/en_us/topics/tools/2020/a-year-with-twitter-developer-labs.html", "display_url": "blog.x.com/developer/en_u…", "images": [ { "url": "https://pbs.twimg.com/news_img/1278747527043362816/7HQRkQeV?format=jpg&name=orig", "width": 1600, "height": 600 }, { "url": "https://pbs.twimg.com/news_img/1278747527043362816/7HQRkQeV?format=jpg&name=150x150", "width": 150, "height": 150 } ], "status": 200, "title": "A year with Twitter Developer Labs: What we've learned and changed", "description": "Labs has been invaluable in helping us understand what works well and what doesn’t, what you liked and what you didn’t.", "unwound_url": "https://blog.x.com/developer/en_us/topics/tools/2020/a-year-with-twitter-developer-labs.html" } ], "hashtags": [ { "start": 106, "end": 117, "tag": "TwitterAPI" } ] } } } ``` ### Authentication All X API v2 endpoints require authentication. Many of them accept the [OAuth 2.0 Bearer Token](/resources/fundamentals/authentication#oauth-2-0) method, requiring a Bearer Token with the request to the endpoint to make a successful request. For endpoints requiring authorization to create, manipulate, or retrieve data on behalf of another user, use [OAuth 1.0a User Context](/resources/fundamentals/authentication). This means providing your [developer App’s](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) [API keys and tokens](/resources/fundamentals/authentication#api-key-and-secret) as well as a set of user [Access Tokens](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) that you generate for the user on behalf of whom you’re making a request. The [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) can help you retrieve Access Tokens. Use a [tool or library](/x-api/tools-and-libraries/overview) that automatically builds this authorization header. More information on authentication can be found in our documentation on [authentication](/resources/fundamentals/authentication). *** ### Fields The object returned on each endpoint is condensed. To allow developers more customization in the response they get back from the API, the [`fields`](/x-api/fundamentals/fields) parameter is used to request the fields desired. Fields will remain consistent across endpoints. The Post object will return the same fields across all endpoints where the Post object is returned. The same set of fields can be queried across similar endpoints. For example, the same Post fields can be queried in the [Posts lookup](/x-api/posts/lookup/introduction) and for the expanded pinned Post in the [Users lookup](/x-api/users/lookup/introduction). *** ### Expansions Where appropriate, [expansions](/x-api/fundamentals/expansions) are available for all nested id fields (e.g., all fields named `*_id`, such as `author_id`). Expansions are also available for all fields that have an id that is not the top-level identifier of the current object. For example, in the [Posts lookup](/x-api/posts/lookup/introduction), the Post is the current object with field `id` as the top-level identifier. The `author_id` or `referenced_tweets.id` fields are available to expand into complete user or Post objects by adding these comma-separated values to the `expansions` parameter. Please [report any inconsistencies](https://twitterdevfeedback.uservoice.com/) that you notice, related to these fields. # Conversation ID Source: https://docs.x.com/x-api/fundamentals/conversation-id ### Conversation threads using the X API If you look at how conversations evolve on X, one Post can spark several conversation threads, each of which can grow in length and complexity as more people chime in. Identifying relationships between Posts and understanding conversation threads is a feature of the X API v2 payload and search capabilities. When Posts are posted in response to a Post (known as a reply), or in response to a reply, there is now a defined `conversation_id` on each reply, which matches the Post ID of the original Post that started the conversation. Replies to a given Post, as well as replies to those replies, are all included in the conversation stemming from the single original Post. Regardless of how many reply threads result, they will all share a common `conversation_id` to the original Post that sparked the conversation. Using the X API v2, you can retrieve and reconstruct an entire conversation thread, allowing you to understand what is being said and how conversations and ideas evolve. #### Example conversation thread Below is an example conversation thread involving five different people, including one reply to a reply. ```json { "data": [ { "conversation_id": "1279944223114900000", "in_reply_to_user_id": "1102323333", "author_id": "63044444", "created_at": "2020-07-06T15:58:10.000Z", "id": "1280169177479744444", "referenced_tweets": [ { "type": "replied_to", "id": "1280155225706433333" } ], "text": "@ThirdPerson333 @OriginalPerson000 Reply to the third reply!" }, { "conversation_id": "1279944223114900000", "in_reply_to_user_id": "3001960000", "author_id": "1102323333", "created_at": "2020-07-06T15:02:44.000Z", "id": "1280155225706433333", "referenced_tweets": [ { "type": "replied_to", "id": "1279944223114900000" } ], "text": "@OriginalPerson000 Third reply" }, { "conversation_id": "1279944223114900000", "in_reply_to_user_id": "3001960000", "author_id": "199562222", "created_at": "2020-07-06T15:02:36.000Z", "id": "1280155190306340864", "referenced_tweets": [ { "type": "replied_to", "id": "1279944223114900000" } ], "text": "@OriginalPerson000 Second Reply" } ], "includes": { "users": [ { "name": "Original person", "id": "3001960000", "username": "OriginalPerson000" }, { "name": "First person", "id": "179201111", "username": "FirstPerson111" } ] }, "meta": { "newest_id": "1280169177479744444", "oldest_id": "1279945722494811111", "result_count": 4 } } ``` Retrieving `conversation_id` as a `tweet.fields` parameter To request the `conversation_id` for all Posts returned on a v2 endpoint, add the tweet.fields=conversation\_id field to the request parameters. The conversation\_id field is always the Post ID of the original Post in the conversation reply thread. All Posts within the same reply thread, including reply threads that are created from earlier reply threads, will show the same conversation\_id. ### Request with `conversation_id` parameter ``` curl --request GET \ --url 'https://api.x.com/2/tweets?ids=1225917697675886593&tweet.fields=author_id,conversation_id,created_at,in_reply_to_user_id,referenced_tweets&expansions=author_id,in_reply_to_user_id,referenced_tweets.id&user.fields=name,username' \ --header 'Authorization: Bearer $ACCESS_TOKEN' ``` ### Response ``` { "data": [ { "id": "1225917697675886593", "text": "@TwitterEng *ahem* https://t.co/aroJHt2zQ1", "created_at": "2020-02-07T23:02:10.000Z", "author_id": "2244994945", "in_reply_to_user_id": "6844292", "conversation_id": "1225912275971657728", "referenced_tweets": [ { "type": "quoted", "id": "1200517737669378053" }, { "type": "replied_to", "id": "1225912275971657728" } ] } ], "includes": { "users": [ { "username": "TwitterDev", "name": "Twitter Dev", "id": "2244994945" }, { "username": "TwitterEng", "name": "Twitter Engineering", "id": "6844292" } ], "tweets": [ { "id": "1200517737669378053", "text": "| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄|\n don't push \n to prod on \n Fridays \n|___________| \n(\\__/)", "created_at": "2019-11-29T20:51:47.000Z", "author_id": "2244994945", "conversation_id": "1200517737669378053" } ] } } ``` ### Using `conversation_id` as a filter operator The `conversation_id` can be used as a search query parameter in recent search or as an operator within a rule for [filtered stream](/x-api/posts/filtered-stream/introduction). This will return the entire conversation thread of Posts either in real-time through filtered stream or in reverse chronological order from [search Tweets](/x-api/posts/search/introduction). You can also get a count of the Posts in a conversation using this operator with [Posts counts](/x-api/posts/counts/introduction). ## Request to query by `conversation_id` ``` curl --request GET \ --url 'https://api.x.com/2/tweets/search/recent?query=conversation_id:1279940000004973111&tweet.fields=in_reply_to_user_id,author_id,created_at,conversation_id' \ --header 'Authorization: Bearer $ACCESS_TOKEN' ``` ### Response *Note: Results for search Posts are in reverse chronological order.* ``` { "data": [ { "id": "1280169000000704333", "text": "@attributeisland @iterationjoe What beautiful creatures! Happy #seaturtleweek", "conversation_id": "1279940000004973111", "public_metrics": { "retweet_count": 0, "reply_count": 0, "like_count": 7, "quote_count": 0 } } ], "meta": { "newest_id": "1280169000000704333", "oldest_id": "1279940000004973111", "result_count": 5 } } ``` # X API v2 data dictionary Source: https://docs.x.com/x-api/fundamentals/data-dictionary ## Object Model ### Tweet Tweets are the basic building block of all things Twitter. The Tweet object has a long list of ‘root-level’ fields, such as `id`, `text`, and `created_at`. Tweet objects are also the ‘parent’ object to several child objects including `user`, `media`, `poll`, and `place`. Use the field parameter `tweet.fields` when requesting these root-level fields on the Tweet object. The Tweet object that can be found and expanded in the user resource. Additional Tweets related to the requested Tweet can also be found and expanded in the Tweet resource. The object is available for expansion with `?expansions=pinned_tweet_id` in the user resource or `?expansions=referenced_tweets.id` in the Tweet resource to get the object with only default fields. Use the expansion with the field parameter: `tweet.fields` when requesting additional fields to complete the object. | Field Value | Type | Description | How it Can Be Used | | :-------------------------------------- | :-------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------- | | **id (default)** | string | The unique identifier of the requested Tweet. | Use this to programmatically retrieve a specific Tweet. | | **text (default)** | string | The actual UTF-8 text of the Tweet. See [twitter-text](https://github.com/twitter/twitter-text/) for details on valid characters. | Keyword extraction and sentiment analysis/classification. | | **edit\_history\_tweet\_ids (default)** | object | Unique identifiers indicating all versions of a Tweet. For Tweets with no edits, there will be one ID. For Tweets with an edit history, there will be multiple IDs. | Use this information to find the edit history of a Tweet. | | **attachments** | object | Specifies the type of attachments (if any) present in this Tweet. | Understanding the objects returned for requested expansions. | | **author\_id** | string | The unique identifier of the User who posted this Tweet. | Hydrating User object, sharing dataset for peer review. | | **context\_annotations** | array | Contains context annotations for the Tweet. | Entity recognition/extraction, topical analysis. | | **conversation\_id** | string | The Tweet ID of the original Tweet of the conversation (which includes direct replies, replies of replies). | Use this to reconstruct the conversation from a Tweet. | | **created\_at** | date (ISO 8601) | Creation time of the Tweet. | Useful for time-series analysis and understanding when a Tweet was created. | | **edit\_controls** | object | Indicates how much longer the Tweet can be edited and the number of remaining edits. | Use this to determine if a Tweet is eligible for editing. | | **entities** | object | Entities that have been parsed out of the text of the Tweet. See entities in Twitter Objects. | Provides additional information about hashtags, URLs, mentions, etc. | | **in\_reply\_to\_user\_id** | string | If the represented Tweet is a reply, this field will contain the original Tweet’s author ID. | Determine if a Tweet was in reply to another Tweet. | | **lang** | string | Language of the Tweet, if detected by Twitter. | Classify Tweets by spoken language. | | **non\_public\_metrics** | object | Non-public engagement metrics for the Tweet at the time of the request. Requires user context authentication. | Determine total impressions generated for the Tweet. | | **organic\_metrics** | object | Engagement metrics, tracked in an organic context, for the Tweet at the time of the request. Requires user context authentication. | Measure organic engagement for the Tweet. | | **possibly\_sensitive** | boolean | Indicates if the content may be recognized as sensitive. | Study circulation of certain types of content. | | **promoted\_metrics** | object | Engagement metrics, tracked in a promoted context, for the Tweet at the time of the request. Requires user context authentication. | Measure engagement for the Tweet when it was promoted. | | **public\_metrics** | object | Public engagement metrics for the Tweet at the time of the request. | Measure Tweet engagement. | | **referenced\_tweets** | array | A list of Tweets this Tweet refers to, such as Retweets, quoted Tweets, or replies. | Understand conversational aspects of retweets, etc. | | **reply\_settings** | string | Shows who can reply to a given Tweet. Options are "everyone", "mentioned\_users", and "followers". | Determine conversation reply settings for the Tweet. | | **withheld** | object | Contains withholding details for [withheld content](https://help.x.com/en/rules-and-policies/tweet-withheld-by-country). | | **Retrieving a Tweet Object** **Sample Request** In the following request, we are requesting fields for the Tweet on the [Tweets lookup](/resources/fundamentals/rate-limits) endpoint. Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication). ```bash curl --request GET 'https://api.x.com/2/tweets?ids=1212092628029698048&tweet.fields=attachments,author_id,context_annotations,created_at,entities,geo,id,in_reply_to_user_id,lang,possibly_sensitive,public_metrics,referenced_tweets,text,withheld&expansions=referenced_tweets.id' --header 'Authorization: Bearer $BEARER_TOKEN' ``` **Sample Response** ``` { "data": [ { "text": "We believe the best future version of our API will come from building it with YOU. Here’s to another great year with everyone who builds on the Twitter platform. We can’t wait to continue working with you in the new year. https://t.co/yvxdK6aOo2", "edit_history_tweet_ids": [ "1212092628029698048" ], "lang": "en", "in_reply_to_user_id": "2244994945", "entities": { "urls": [ { "start": 222, "end": 245, "url": "https://t.co/yvxdK6aOo2", "expanded_url": "https://x.com/LovesNandos/status/1211797914437259264/photo/1", "display_url": "pic.x.com/yvxdK6aOo2", "media_key": "16_1211797899316740096" } ], "annotations": [ { "start": 42, "end": 44, "probability": 0.5359, "type": "Other", "normalized_text": "API" }, { "start": 144, "end": 150, "probability": 0.9832, "type": "Other", "normalized_text": "Twitter" } ] }, "author_id": "2244994945", "referenced_tweets": [ { "type": "replied_to", "id": "1212092627178287104" } ], "id": "1212092628029698048", "public_metrics": { "retweet_count": 7, "reply_count": 3, "like_count": 38, "quote_count": 1 }, "context_annotations": [ { "domain": { "id": "29", "name": "Events [Entity Service]", "description": "Real world events. " }, "entity": { "id": "1186637514896920576", "name": " New Years Eve" } }, { "domain": { "id": "29", "name": "Events [Entity Service]", "description": "Real world events. " }, "entity": { "id": "1206982436287963136", "name": "Happy New Year: It’s finally 2020 everywhere!", "description": "Catch fireworks and other celebrations as people across the globe enter the new year.\nPhoto via @GettyImages " } }, { "domain": { "id": "119", "name": "Holiday", "description": "Holidays like Christmas or Halloween" }, "entity": { "id": "1186637514896920576", "name": " New Years Eve" } }, { "domain": { "id": "119", "name": "Holiday", "description": "Holidays like Christmas or Halloween" }, "entity": { "id": "1206982436287963136", "name": "Happy New Year: It’s finally 2020 everywhere!", "description": "Catch fireworks and other celebrations as people across the globe enter the new year.\nPhoto via @GettyImages " } }, { "domain": { "id": "30", "name": "Entities [Entity Service]", "description": "Entity Service top level domain, every item that is in Entity Service should be in this domain" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "131", "name": "Unified Twitter Taxonomy", "description": "A taxonomy of user interests. " }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "131", "name": "Unified Twitter Taxonomy", "description": "A taxonomy of user interests. " }, "entity": { "id": "847868745150119936", "name": "Family & relationships", "description": "Hobbies and interests" } }, { "domain": { "id": "131", "name": "Unified Twitter Taxonomy", "description": "A taxonomy of user interests. " }, "entity": { "id": "1196446161223028736", "name": "Social media" } }, { "domain": { "id": "29", "name": "Events [Entity Service]", "description": "Real world events. " }, "entity": { "id": "1206982436287963136", "name": "Happy New Year: It’s finally 2020 everywhere!", "description": "Catch fireworks and other celebrations as people across the globe enter the new year.\nPhoto via @GettyImages " } }, { "domain": { "id": "119", "name": "Holiday", "description": "Holidays like Christmas or Halloween" }, "entity": { "id": "1206982436287963136", "name": "Happy New Year: It’s finally 2020 everywhere!", "description": "Catch fireworks and other celebrations as people across the globe enter the new year.\nPhoto via @GettyImages " } } ], "created_at": "2019-12-31T19:26:16.000Z", "attachments": { "media_keys": [ "16_1211797899316740096" ] }, "possibly_sensitive": false } ], "includes": { "tweets": [ { "text": "These launches would not be possible without the feedback you provided along the way, so THANK YOU to everyone who has contributed your time and ideas. Have more feedback? Let us know ⬇️ https://t.co/Vxp4UKnuJ9", "edit_history_tweet_ids": [ "1212092627178287104" ], "lang": "en", "in_reply_to_user_id": "2244994945", "entities": { "urls": [ { "start": 187, "end": 210, "url": "https://t.co/Vxp4UKnuJ9", "expanded_url": "https://twitterdevfeedback.uservoice.com/forums/921790-twitter-developer-labs", "display_url": "twitterdevfeedback.uservoice.com/forums/921790-…", "status": 200, "title": "Updates on our feedback channels", "description": "We build our developer platform in the open, with your input and feedback. Over the past year, hearing directly from you and the users of your apps has helped us build developer products that cater to the use case you helped us identify. We want to make this the way we build products, and moving forward, we are consolidating our feedback channels. Meeting you where you are Effective today, we are going to retire our UserVoice feedback channel in favor of more frequent direct engagements with y...", "unwound_url": "https://devcommunity.x.com/t/updates-on-our-feedback-channels/169706" } ] }, "author_id": "2244994945", "referenced_tweets": [ { "type": "replied_to", "id": "1212092626247110657" } ], "id": "1212092627178287104", "public_metrics": { "retweet_count": 2, "reply_count": 1, "like_count": 19, "quote_count": 0 }, "created_at": "2019-12-31T19:26:16.000Z", "possibly_sensitive": false } ] } ``` ### User The user object contains Twitter user account metadata describing the referenced user. The user object is the primary object returned in the [users lookup](/x-api/users/lookup/introduction) endpoint. When requesting additional user fields on this endpoint, simply use the fields parameter `user.fields`. The user object can also be found as a child object and expanded in the Tweet object. The object is available for expansion with `?expansions=author_id` or `?expansions=in_reply_to_user_id` to get the condensed object with only default fields. Use the expansion with the field parameter: `user.fields` when requesting additional fields to complete the object.   | Field value | Type | Description | How it can be used | | :------------------ | :-------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | id (default) | string | The unique identifier of this user.

`"id": "2244994945"` | Use this to programmatically retrieve information about a specific Twitter user. | | name (default) | string | The name of the user, as they’ve defined it on their profile. Not necessarily a person’s name. Typically capped at 50 characters, but subject to change.

`"name": "Twitter Dev"` | | | username (default) | string | The Twitter screen name, handle, or alias that this user identifies themselves with. Usernames are unique but subject to change. Typically a maximum of 15 characters long, but some historical accounts may exist with longer names.

`"username": "TwitterDev"` | | | confirmed\_email | string | The confirmed email of the authenticated user. | | | connection\_status | array | Provides a list of relation between the authenticating user and the user being looked up such as following, followed, follow request sent, follow request received, blocking, muting

"connection\_status": \[
           "follow\_request\_received",
           "follow\_request\_sent",
           "blocking",
           "followed\_by",
           "following",
           "muting"
] | Can be used to determine the connection status between the authenticating user and the user being looked up. | | created\_at | date (ISO 8601) | The UTC datetime that the user account was created on Twitter.

`"created_at": "2013-12-14T04:35:55.000Z"` | Can be used to determine how long a someone has been using Twitter | | description | string | The text of this user's profile description (also known as bio), if the user provided one.

`"description": "The voice of the X Dev team and your official source for updates, news, and events, related to the X API."` | | | entities | object | Contains details about text that has a special meaning in the user's description.

`"entities": {
       "url": {
           "urls": [
               {
                   "start": 0,
                   "end": 23,
                   "url": "https://t.co/3ZX3TNiZCY",
                   "expanded_url": "/content/developer-twitter/en/community",
                   "display_url": "developer.x.com/en/community"
               }
           ]
       },
       "description": {
           "urls": [
               {
                   "start": 0,
                   "end": 23,
                   "url": "https://t.co/3ZX3TNiZCY",
                   "expanded_url": "/content/developer-twitter/en/community",
                   "display_url": "developer.x.com/en/community"
               },
           "hashtags": [
               {
                   "start": 23,
                   "end": 30,
                   "tag": "DevRel"
               },
               {
                   "start": 113,
                   "end": 130,
                   "tag": "BlackLivesMatter"
               },
           "mentions": [
               {
                   "start": 0,
                   "end": 10,
                   "tag": "TwitterDev"
               },
           "cashtags": [
               {
                   "start": 12,
                   "end": 16,
                   "tag": "twtr"
               }
           ]
       }
   }` | Entities are JSON objects that provide additional information about hashtags, urls, user mentions, and cashtags associated with the description. Reference each respective entity for further details.

All user ******start****** indices are inclusive, while all user ******end****** indices are exclusive. | | location | string | The location specified in the user's profile, if the user provided one. As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.

`"location": "127.0.0.1"` | | | pinned\_tweet\_id | string | Unique identifier of this user's pinned Tweet.

`"pinned_tweet_id": "1255542774432063488"` | Determine the Tweet pinned to the top of the user’s profile. Can potentially be used to determine the user’s language. | | profile\_image\_url | string | The URL to the profile image for this user, as shown on the user's profile.

`"profile_image_url": "https://pbs.twimg.com/profile_images/1267175364003901441/tBZNFAgA_normal.jpg"` | Can be used to download this user's profile image. | | protected | boolean | Indicates if this user has chosen to protect their Tweets (in other words, if this user's Tweets are private).

`"protected": false` | | | public\_metrics | object | Contains details about activity for this user.

`"public_metrics": {             "followers_count": 507902,             "following_count": 1863,             "tweet_count": 3561,             "listed_count": 1550         }` | Can potentially be used to determine a Twitter user’s reach or influence, quantify the user’s range of interests, and the user’s level of engagement on Twitter. | | url | string | The URL specified in the user's profile, if present.

`"url": "https://t.co/3ZX3TNiZCY"` | A URL provided by a Twitter user in their profile. This could be a homepage, but is not always the case. | | verified | boolean | Indicates if this user is a verified Twitter User.

`"verified": true` | Indicates whether or not this Twitter user has a verified account. A verified account lets people know that an account of public interest is authentic. | | withheld | object | Contains withholding details for [withheld content](https://help.x.com/en/rules-and-policies/tweet-withheld-by-country), if applicable. | | **Retrieving a user object** **Sample Request** In the following request, we are requesting fields for the user on the [users lookup](/x-api/users/lookup/introduction) endpoint. Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token).   ```{ curl --request GET 'https://api.x.com/2/users? ids=2244994945&user.fields=created_at,description,entities,id,location,name,pinned_tweet_id,profile_image_url,protected,url,username,verified,withheld&expansions=pinned_tweet_id' --header 'Authorization: Bearer $BEARER_TOKEN' } ``` **Sample Response** ```{ "data": [ { "id": "2244994945", "name": "Twitter Dev", "username": "TwitterDev", "location": "127.0.0.1", "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "/content/developer-twitter/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 23, "end": 30, "tag": "DevRel" }, { "start": 113, "end": 130, "tag": "BlackLivesMatter" } ] } }, "verified": true, "description": "The voice of Twitter's #DevRel team, and your official source for updates, news, & events about Twitter's API. \n\n#BlackLivesMatter", "url": "https://t.co/3ZX3TNiZCY", "profile_image_url": "https://pbs.twimg.com/profile_images/1267175364003901441/tBZNFAgA_normal.jpg", "protected": false, "pinned_tweet_id": "1255542774432063488", "created_at": "2013-12-14T04:35:55.000Z" } ], "includes": { "tweets": [ { "id": "1255542774432063488", "text": "During these unprecedented times, what’s happening on Twitter can help the world better understand & respond to the pandemic. \n\nWe're launching a free COVID-19 stream endpoint so qualified devs & researchers can study the public conversation in real-time. https://t.co/BPqMcQzhId" } ] } } ``` ### Space Spaces allow expression and interaction via live audio conversations. The Space data dictionary contains relevant metadata about a Space; all the details are updated in real time. User objects can be found and expanded in the user resource. These objects are available for expansion by adding at least one of `host_ids`, `creator_id`, `speaker_ids`, `mentioned_user_ids` to the `expansions` query parameter. Unlike Tweets, Spaces are ephemeral and become unavailable after they end or when they are canceled by their creator. When your app handles Spaces data, you are responsible for returning the most up-to-date information and must remove data that is no longer available from the platform. The [Spaces lookup endpoints](/x-api/spaces/lookup/introduction) can help you ensure you respect the users’ expectations and intent. | Field Value | Type | Description | How it can be used | | :----------------- | :-------------- | :------------------------------------------------------------------------------------------ | :------------------------------------------------------ | | id (default) | string | The unique identifier of the requested Space.
`"id": "1zqKVXPQhvZJB"` | Uniquely identify a Space returned in the response. | | state (default) | string | Indicates if the Space has started, will start, or has ended.
`"state": "live"` | Filter live or scheduled Spaces. | | created\_at | date (ISO 8601) | Creation time of this Space.
`"created_at": "2021-07-04T23:12:08.000Z"` | Understand when a Space was created and sort by time. | | ended\_at | date (ISO 8601) | Time when the Space ended, if applicable.
`"ended_at": "2021-07-04T00:11:44.000Z"` | Determine when a live Space ended for runtime duration. | | host\_ids | array | Unique identifiers of the Space hosts.
`"host_ids": ["2244994945", "6253282"]` | Expand User objects, understand engagement. | | lang | string | Language of the Space, if detected.
`"lang": "en"` | Classify Spaces by language. | | is\_ticketed | boolean | Indicates if this is a ticketed Space.
`"is_ticketed": false` | Highlight content of interest. | | invited\_user\_ids | array | List of user IDs invited as speakers.
`"invited_user_ids": ["2244994945", "6253282"]` | Expand User objects, understand engagement. | | participant\_count | integer | Number of users in the Space, including Hosts and Speakers.
`"participant_count": 420` | Understand engagement, create reports. | | subscriber\_count | integer | Number of people who set a reminder for a Space.
`"subscriber_count": 36` | Understand event interest. | | scheduled\_start | date (ISO 8601) | Scheduled start time of the Space.
`"scheduled_start": "2021-07-14T08:00:00.000Z"` | Integrate with calendar notifications. | | speaker\_ids | array | List of users who spoke at any point.
`"speaker_ids": ["2244994945", "6253282"]` | Expand User objects, understand engagement. | | started\_at | date (ISO 8601) | Actual start time of a Space.
`"started_at": "2021-07-14T08:00:12.000Z"` | Determine Space start time. | | title | string | Title of the Space.
`"title": "Say hello to the Space data object!"` | Understand keywords, hashtags, mentions. | | topic\_ids | array | IDs of topics selected by the Space creator.
`"topic_ids": ["2244994945", "6253282"]` | Understand keywords, hashtags, mentions. | | updated\_at | date (ISO 8601) | Last update to Space metadata.
`"updated_at": "2021-07-11T14:44:44.000Z"` | Keep information up to date. | \*\*Retrieving a Space Object \*\* **Sample Request** In the following request, we are requesting fields for the Space on the [Spaces lookup endpoint](/x-api/spaces/lookup/introduction). Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token). ```bash curl "https://api.x.com/2/spaces/1DXxyRYNejbKM?space.fields=created_at,creator_id,created_athost_ids,lang,is_ticketed,invited_user_ids,participant_count,scheduled_start,speaker_ids,started_at,state,title,updated_at&expansions=creator_id,host_ids,invited_user_ids,speaker_ids" --header "Authorization: Bearer $BEARER_TOKEN" ``` \*\* Sample Response \*\* ``` { "data": { "id": "1zqKVXPQhvZJB", "state": "live", "created_at": "2021-07-04T23:12:08.000Z", "host_ids": [ "2244994945", "6253282" ], "lang": "en", "is_ticketed": false, "invited_user_ids": [ "2244994945", "6253282" ], "participant_count": 420, "scheduled_start": "2021-07-14T08:00:00.000Z", "speaker_ids": [ "2244994945", "6253282" ], "started_at": "2021-07-14T08:00:12.000Z", "title": "Say hello to the Space data object!", "updated_at": "2021-07-11T14:44:44.000Z" }, "includes": { "users": [ { "id": "2244994945", "name": "Twitter Dev", "username": "TwitterDev" }, { "id": "6253282", "name": "Twitter API", "username": "TwitterAPI" } ] } } ``` ### List The list object contains [Twitter Lists](https://help.x.com/en/using-twitter/twitter-lists) metadata describing the referenced List. The List object is the primary object returned in the List lookup endpoint. When requesting additional List fields on this endpoint, simply use the fields parameter `list.fields`. The List object is not found as a child of other data objects. However, user objects can be found and expanded in the user resource. These objects are available for expansion by adding `owner_id` to the `expansions` query parameter. Use this expansion with the `list.fields` field parameter when requesting additional fields to complete the primary List object and `user.fields` to complete the expansion object. | Field Value | Type | Description | How it can be used | | :-------------- | :-------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------- | | id (default) | string | The unique identifier of this List.
`"id": "2244994945"` | Use this to programmatically retrieve information about a specific List. | | name (default) | string | The name of the List, as defined when creating the List.
`"name": "Twitter Lists"` | | | created\_at | date (ISO 8601) | The UTC datetime when the List was created.
`"created_at": "2013-12-14T04:35:55.000Z"` | Determine how long a List has been on Twitter. | | description | string | A brief description to inform users about the List.
`"description": "People that are active members of the Bay area cycling community on Twitter."` | | | follower\_count | integer | Shows how many users follow this List.
`"follower_count": 198` | | | member\_count | integer | Shows how many members are part of this List.
`"member_count": 60` | | | private | boolean | Indicates if the List is private.
`"private": false` | | | owner\_id | string | Unique identifier of this List's owner.
`"owner_id": "1255542774432063488"` | Can be used to find out if this user owns other Lists and expand User objects. | **Retrieving a User Object** **Sample Request** In the following request, we are requesting fields for the user on the [List lookup by ID](/x-api/lists/list-lookup/introduction) endpoint. Replace `$BEARER_TOKEN` with your generated [Bearer Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only). ```bash curl --request GET 'https://api.x.com/2/lists/1355797419175383040?list.fields=created_at,description,private,follower_count,member_count,owner_id&expansions=owner_id' --header 'Authorization: Bearer $BEARER_TOKEN' ``` \*\* Sample Response\*\* ``` { "data": { "name": "Twitter Comms", "member_count": 60, "id": "1355797419175383040", "private": false, "description": "", "follower_count": 198, "owner_id": "257366942", "created_at": "2021-01-31T08:37:48.000Z" }, "includes": { "users": [ { "created_at": "2011-02-25T07:51:26.000Z", "name": "Ashleigh Hay 🤸🏼‍♀️", "id": "257366942", "username": "shleighhay", "verified": false } ] } } ``` ### Media Media refers to any image, GIF, or video attached to a Tweet. The media object is not a primary object on any endpoint, but can be found and expanded in the Tweet object. The object is available for expansion with `?expansions=attachments.media_keys` to get the condensed object with only default fields. Use the expansion with the field parameter: `media.fields` when requesting additional fields to complete the object. | Field value | Type | Description | How it can be used | | :------------------- | :------ | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------- | | media\_key (default) | string | Unique identifier of the expanded media content.
` "media_key": "13_1263145212760805376"` | Can be used to programmatically retrieve media | | type (default) | string | Type of content (animated\_gif, photo, video).
` "type": "video"` | Classify the media as a photo, GIF, or video | | url | string | A direct URL to the media file on Twitter. | Returns a Media object with a URL field for photos | | duration\_ms | integer | Available when type is video. Duration in milliseconds of the video.
` "duration_ms": 46947` | | | height | integer | Height of this content in pixels.
` "height": 1080` | | | non\_public\_metrics | object | Non-public engagement metrics for the media content at the time of the request. Requires user context authentication.
` "non_public_metrics": { "playback_0_count": 1561, "playback_100_count": 116, "playback_25_count": 559, "playback_50_count": 305, "playback_75_count": 183,}` | Determine video engagement: how many users played through to each quarter of the video. | | organic\_metrics | object | Engagement metrics for the media content, tracked in an organic context, at the time of the request. Requires user context authentication.
` "organic_metrics": { "playback_0_count": 1561, "playback_100_count": 116, "playback_25_count": 559, "playback_50_count": 305, "playback_75_count": 183, "view_count": 629}` | Determine organic media engagement. | | preview\_image\_url | string | URL to the static placeholder preview of this content.
` "preview_image_url": "https://pbs.twimg.com/media/EYeX7akWsAIP1_1.jpg"` | | | promoted\_metrics | object | Engagement metrics for the media content, tracked in a promoted context, at the time of the request. Requires user context authentication.
` "promoted_metrics": { "playback_0_count": 259, "playback_100_count": 15, "playback_25_count": 113, "playback_50_count": 57, "playback_75_count": 25, "view_count": 124}` | Determine media engagement when the Tweet was promoted. | | public\_metrics | object | Public engagement metrics for the media content at the time of the request.
` "public_metrics": { "view_count": 6865141}` | Determine total number of views for the video attached to the Tweet. | | width | integer | Width of this content in pixels.
` "width": 1920` | | | alt\_text | string | A description of an image to enable and support accessibility. Can be up to 1000 characters long. Alt text can only be added to images at the moment.
` "alt_text": "Rugged hills along the Na Pali coast on the island of Kauai"` | Can be used to provide a written description of an image in case a user is visually impaired. | | variants | array | Each media object may have multiple display or playback variants, with different resolutions or formats.
` "variants": [{ "bit_rate": 632000, "content_type": "video/mp4", "url": "https://video.twimg.com/ext_tw_video/1527322141724532740/pu/vid/320x568/lnBaR2hCqE-R_90a.mp4?tag=12"}]` | | **Retrieving a media object** **Sample Request** In the following request, we are requesting fields for the media object attached to the Tweet on the [Tweet lookup](/x-api/posts/lookup/introduction) endpoint. Since media is a child object of a Tweet, the `attachment.media_keys` expansion is required. Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only). ```bash curl --request GET 'https://api.x.com/2/tweets?ids=1263145271946551300&expansions=attachments.media_keys&media.fields=duration_ms,height,media_key,preview_image_url,public_metrics,type,url,width,alt_text' --header 'Authorization: Bearer $BEARER_TOKEN' ``` ``` { "data": [ { "text": "Testing, testing...\n\nA new way to have a convo with exactly who you want. We’re starting with a small % globally, so keep your 👀 out to see it in action. https://t.co/pV53mvjAVT", "id": "1263145271946551300", "attachments": { "media_keys": [ "13_1263145212760805376" ] } } ], "includes": { "media": [ { "duration_ms": 46947, "type": "video", "height": 1080, "media_key": "13_1263145212760805376", "public_metrics": { "view_count": 6909260 }, "preview_image_url": "https://pbs.twimg.com/media/EYeX7akWsAIP1_1.jpg", "width": 1920 } ] } } ``` ### Poll A poll included in a Tweet is not a primary object on any endpoint, but can be found and expanded in the Tweet object. The object is available for expansion with `?expansions=attachments.poll_ids` to get the condensed object with only default fields. Use the expansion with the field parameter: `poll.fields` when requesting additional fields to complete the object. | Field value | Type | Description | | :---------------- | :-------------- | :-------------------------------------------------------------------------------------------------------------------------------- | | id (default) | string | Unique identifier of the expanded poll. | | | | `{"id": "1199786642791452673"}` | | options (default) | array | Contains objects describing each choice in the referenced poll. | | | | `{"options": [ { "position": 1, "label": "“C Sharp”", "votes": 795 }, { "position": 2, "label": "“C Hashtag”", "votes": 156 } ]}` | | duration\_minutes | integer | Specifies the total duration of this poll. | | | | `{"duration_minutes": 1440}` | | end\_datetime | date (ISO 8601) | Specifies the end date and time for this poll. | | | | `{"end_datetime": "2019-11-28T20:26:41.000Z"}` | | voting\_status | string | Indicates if this poll is still active and can receive votes, or if the voting is now closed. | | | | `{"voting_status": "closed"}` | **Retrieving a poll object** **Sample Request** In the following request, we are requesting fields for the poll object attached to the Tweet on the [Tweets lookup](/x-api/posts/lookup/introduction) endpoint. Since poll is a child object of a Tweet, the `attachments.poll_id` expansion is required. Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only). ```bash curl --request GET 'https://api.x.com/2/tweets?ids=1199786642791452673&expansions=attachments.poll_ids&poll.fields=duration_minutes,end_datetime,id,options,voting_status' --header 'Authorization: Bearer $BEARER_TOKEN' ``` **Sample Response** ``` { "data": [ { "text": "C#", "id": "1199786642791452673", "attachments": { "poll_ids": [ "1199786642468413448" ] } } ], "includes": { "polls": [ { "id": "1199786642468413448", "voting_status": "closed", "duration_minutes": 1440, "options": [ { "position": 1, "label": "“C Sharp”", "votes": 795 }, { "position": 2, "label": "“C Hashtag”", "votes": 156 } ], "end_datetime": "2019-11-28T20:26:41.000Z" } ] } } ``` ### Place The place tagged in a Tweet is not a primary object on any endpoint, but can be found and expanded in the Tweet resource. The object is available for expansion with `?expansions=geo.place_id` to get the condensed object with only default fields. Use the expansion with the field parameter: `place.fields` when requesting additional fields to complete the object. | Field value | Type | Description | How it can be used | | :------------------- | :----- | :------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------- | | full\_name (default) | string | A longer-form detailed place name. | Classify a Tweet by a specific place name | | | | `"full_name": "Manhattan, NY"` | | | id (default) | string | The unique identifier of the expanded place, if this is a point of interest tagged in the Tweet. | Use this to programmatically retrieve a place | | | | `"id": "01a9a39529b27f36"` | | | contained\_within | array | Returns the identifiers of known places that contain the referenced place. | | | country | string | The full-length name of the country this place belongs to. | Classify a Tweet by country name | | | | `"country": "United States"` | | | country\_code | string | The ISO Alpha-2 country code this place belongs to. | Classify a Tweet by country code | | | | `"country_code": "US"` | | | geo | object | Contains place details in GeoJSON format. | | | | | \`\`\`json | | | | | "geo": | | | | | "type": "Feature", | | | | | "bbox": \[ | | | | | -74.026675, | | | | | 40.683935, | | | | | -73.910408, | | | | | 40.877483 | | | | | ], | | | | | "properties": {} | | | | | } | | | | | \`\`\` | | | name | string | The short name of this place. | Classify a Tweet by a specific place name | | | | `"name": "Manhattan"` | | | place\_type | string | Specified the particular type of information represented by this place information, such as a city name, or a point of interest. | Classify a Tweet by a specific type of place | | | | `"place_type": "city"` | | **Retrieving a place object** **Sample Request** In the following request, we are requesting fields for the place object attached to the Tweet on the [Tweets lookup](/x-api/posts/lookup/introduction) endpoint. Since place is a child object of a Tweet, the `geo.place_id` expansion is required. Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only). ```bash curl --request GET 'https://api.x.com/2/tweets?ids=1136048014974423040&expansions=geo.place_id&place.fields=contained_within,country,country_code,full_name,geo,id,name,place_type' --header 'Authorization: Bearer $BEARER_TOKEN' ``` **Sample Response** ``` { "data": [ { "text": "We’re sharing a live demo of the new Twitter Developer Labs program, led by a member of our DevRel team, @jessicagarson #TapIntoTwitter https://t.co/ghv7f4dW5M", "id": "1136048014974423040", "geo": { "place_id": "01a9a39529b27f36" } } ], "includes": { "places": [ { "geo": { "type": "Feature", "bbox": [ -74.026675, 40.683935, -73.910408, 40.877483 ], "properties": {} }, "country_code": "US", "name": "Manhattan", "id": "01a9a39529b27f36", "place_type": "city", "country": "United States", "full_name": "Manhattan, NY" } ] } } ``` ### Direct Message events Direct Message (DM) conversations are made up of events. The X API v2 currently supports three event types: MessageCreate, ParticipantsJoin, and ParticipantsLeave. DM event objects are returned by the [Direct Message lookup](/x-api/direct-messages/lookup/introduction) endpoints, and a MessageCreate event is created when Direct Messages are successfully created with the [Manage Direct Messages](/x-api/direct-messages/lookup/introduction) endpoints. When requesting DM events, there are three default event object attributes, or fields, included: id, event\_type, and text. To receive additional event fields, use the [fields](/x-api/fundamentals/fields) parameter dm\_event.fields to select others. Other available event fields include the following: dm\_conversation\_id, created\_at, sender\_id, attachments, participant\_ids, and referenced\_tweets. Several of these fields provide the IDs of other X objects related to the Direct Message event: * sender\_id - The ID of the account that sent the message, or who invited a participant to a group conversation * partricipants\_ids - An array of account IDs. For ParticipantsJoin and ParticipantsLeave events this array will contain a single ID of the account that created the event * attachments - Provides media IDs for content that has been uploaded to Twitter by the sender * referenced\_tweets - If a Tweet URL is found in the text field, the ID of that Tweet is included in the response The sender\_id, participant\_ids, referenced\_tweets.id, and attachments.media\_keys [expansions](/x-api/fundamentals/expansions) are available to expand on these Twitter object IDs. | | | | | | :-------------------- | :----------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Field value** | **Type** | **Description** | **How it can be used** | | id (default) | string | The unique identifier of the event.

"id": "1050118621198921728" | Use this to programmatically retrieve a specific conversation event (available with v1.1 endpoints). | | event\_type (default) | string | Describes the type of event. Three types are currently supported: 

\* MessageCreate

\* ParticipantsJoin

\* ParticipantsLeave


"event\_type": "MessageCreate" | When retrieving a conversation's history, understanding when messages were created, and for group conversations, understanding when participants joined and left. All GET methods support filtering on specific event types with the event\_type= query parameter. . | | text (default) | string | The actual UTF-8 text of the Direct Message. 

"text": "Hello, just you!" | With chatbots, this can be used to analyze message contents and determining automated responses. Could be used to build conversation search features. | | sender\_id | string | ID of the User creating the event. To expand this object in the response, include sender\_id as an expansion  and use the user.fields query parameter to specify User object attributes of interest.

"sender\_id": "906948460078698496" | Retrieve the User object of who created the MessageCreate or ParticipantsJoin event. | | participant\_id | array (of strings) | IDs of the participants joining and leaving a group conversation. Also used when creating new group conversations. To expand this object in the response, include participant\_ids as an expansion and use the user.fields query parameter to specify User object attributes of interest.

"participant\_ids": \[

     "906948460078698496"

] | Used to retrieve User objects for participants joining and leaving group conversations. | | dm\_conversation\_id | string | The unique identifier of the conversation the event is apart of.

"dm\_conversation\_id": "1584988213961031680" | Use this to programmatically retrieve events from a conversation, and add Direct Messages to it. | | created\_at | date (ISO 8601) | Creation time (UTC) of the Tweet.

"created\_at": "2019-06-04T23:12:08.000Z" | This field can be used to understand when a Direct Message was created or when conversation participants joined or left. | | referenced\_tweets | array | ID for any Tweet mentioned in the Direct Message text. To expand this object in the response, include referenced\_tweets.id as an expansion and use the tweet.fields query parameter to specify Tweet object attributes of interest.

"referenced\_tweets": \[

   

"id": "1578868150510456833"

   

] | When Direct Messages reference a Tweet, these IDs can be used to lookup the Tweet's details. | | attachments | object | For Direct Messages with attached Media, provides the media key of the uploaded content (photo, video, or GIF). To expand this object in the response, include attachments.media\_keys as an expansion and use the media.fields query parameter to specify media object attributes of interest. Currently, one attachment is supported. 

"attachments":

    "media\_keys": \[

        "3\_1136048009270239232"

    ]

| Understanding the media objects attached to Direct Messages. | **Retrieving a Direct Message event object** **Sample Request** For this example, we will build a request that retrieves events associated with a one-to-one conversation. This request will return fundamental Direct Message event fields, along with additional fields for referenced Tweets and their authors. Let's build a query that asks for: * Fundamental event attributes such as when it was created and what conversation it is part of (dm\_conversation). * The account ID and description of who sent the Direct Message. * The text of any referenced Tweet, and when it was posted. * The account ID and description of any referenced Tweet author. To return those attributes, your request query would include the following: `?dm_event.fields=id,sender_id,text,created_at,dm_conversation_id&expansions=sender_id,referenced_tweets.id&tweet.fields=created_at,text,author_id&user.fields=description` ```bash curl --request GET 'https://api.x.com/2/dm_conversations/with/:participant_id/dm_events?tweet.fields=created_at,text,author_id&user.fields=description&expansions=sender_id,participant_ids,referenced_tweets.id&dm_event.fields=id,sender_id,text,participant_ids,created_at,' --header 'Authorization: Bearer $BEARER_TOKEN' ``` Be sure to replace \$BEARER\_TOKEN with your own generated [Bearer Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token). **Sample Response** ``` { "data": [{ "id": "1585047616894574596", "sender_id": "944480690", "text": "Hello, just you!", "created_at": "2022-10-25T23:16:15.000Z", "event_type": "MessageCreate", "dm_conversation_id": "944480690-906948460078698496" }, { "id": "1581048670673260549", "sender_id": "944480690", "text": "Simple Tweet link: https://t.co/IYFbRIdXHg", "referenced_tweets": [{ "id": "1578900353814519810" }], "created_at": "2022-10-14T22:25:52.000Z", "event_type": "MessageCreate", "dm_conversation_id": "944480690-906948460078698496" }, { "id": "1580705121553420292", "sender_id": "944480690", "text": "Adding a new 1-to-1 Direct Message.", "created_at": "2022-10-13T23:40:43.000Z", "event_type": "MessageCreate", "dm_conversation_id": "944480690-906948460078698496" } ], "includes": { "users": [{ "name": "API Demos", "description": "Hosting TwitterDev integrations... @TwitterDev #DevRel", "id": "944480690", "username": "FloodSocial" }, { "name": "the SnowBot", "description": "Home of the @TwitterDev SnowBot... Serving snow reports, snow photos, and snow research links... Chatbot is currently being remodeled for Twitter APIv2.", "id": "906948460078698496", "username": "SnowBotDev" } ], "tweets": [{ "text": "Feeling kind of bad that I didn’t wish everybody a happy new Colorado Water Year…\n\nHappy Water Year to all my Colorado friends and colleagues, new and old… \n\nMay this be a generous water year, although not too generous…", "id": "1578900353814519810", "created_at": "2022-10-09T00:09:13.000Z", "author_id": "944480690", "edit_history_tweet_ids": [ "1578900353814519810" ] } ] }, "meta": { "result_count": 3, "next_token": "18LAA581J5II7LA00C00ZZZZ", "previous_token": "1BLC45G1H8CAL5DG0G00ZZZZ" } } ``` ### Community Communities are dedicated places for X users to connect, share, and get closer to the discussions they care about most. Posts in Communities can be seen by anyone on X, but only others within the Community itself can engage and participate in the discussion. The Community object contains relevant metadata about a Community. | Field value | Type | Description | | | :------------ | :-------------- | :------------------------------------------------------------- | :- | | created\_at | date (ISO 8601) | Creation time of the Community. | | | id | string | The unique identifier of the Community. | | | name | string | The name of the Community. | | | description | string | The text of the Community’s description, if provided. | | | access | string | The access level of the Community.

Can be one of: | | | | | - `Public` | | | | | - `Closed` | | | join\_policy | string | The join policy for the Community.

Can be one of: | | | | | - `Open` | | | | | - `RestrictedJoinRequestsDisabled` | | | | | - `RestrictedJoinRequestsRequireAdminApproval` | | | | | - `RestrictedJoinRequestsRequireModeratorApproval` | | | | | - `SuperFollowRequired` | | | member\_count | integer | The number of members that have joined the Community. | | **Retrieving Community objects** **Sample Request** In the following request, we are requesting specific fields while searching for a list of Communities based on a provided keyword. Be sure to replace `$BEARER_TOKEN` with your own generated [Bearer Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only). ```bash curl --location 'https://api.x.com/2/communities/search?query=anime&community.fields=access,created_at,description,id,join_policy,member_count,name' --header 'Authorization: $BEARER_TOKEN' ``` **Sample Response** ``` { "data": [ { "id": "Q29tbXVuaXR5OjE3NTg3NDc4MTc2NDI3MDA5MjI=", "description": "Welcome to the Anime Community! Where anime fans gather to share their favorite shows and discuss everything anime-related.", "join_policy": "Open", "access": "Public", "member_count": 39915, "name": "Anime Community", "created_at": "2024-02-17T06:58:50.000Z" }, { "id": "Q29tbXVuaXR5OjE1MDY3OTM5NTMxMDYwNDI4OTE=", "description": "Join and text about anime 🥰", "join_policy": "Open", "access": "Public", "member_count": 26019, "name": "Anime World 🌸", "created_at": "2022-03-24T00:44:07.000Z" }, { "id": "Q29tbXVuaXR5OjE0OTY3NzYyMTU5Mzk1MzQ4NDk=", "description": "For all anime lovers and creators!", "join_policy": "Open", "access": "Public", "member_count": 5612, "name": "Anime", "created_at": "2022-02-24T09:17:13.000Z" } ], "meta": { "next_token": "7140dibdnow9c7btw481s8m561gat797rboud5r80xvzm" } } ``` ## How to use fields and expansions By default, the X API v2 data objects include a small number of default fields when making a request without the use of the [fields](/x-api/fundamentals/fields) or [expansions](/x-api/fundamentals/expansions) parameters. This guide will show you how to use the `fields` and `expansions` query parameters in your request to receive additional objects and fields in your response. In this guide, we will be requesting several fields in the following Tweet screenshot.   ![This image includes a screenshot of a Tweet posted by @X. You can see the Tweet text, username, published date and time, source, and public metrics. It also includes a video. ](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/ScreenShotDataDictionaryGuide.png.twimg.1920.png) As you can see in the screenshot, there are several visible pieces of information related to the Tweet, including the Tweet author, Tweet metrics, created timestamp, video, and video view count. There are also several pieces of data that are not visible within the screenshot, but are still available to request.  When making a request to the API, the default response is simple, containing only the default Tweet fields (id and text). You will also only receive the primary object that returns with the given endpoint that you are using, and not any of the associated data objects that might relate to the primary object. This simplicity, along with the fields and expansions parameters, enable you to request only those fields you require, depending on your use case.    #### Requesting additional fields and objects. First off, we will be requesting a [Tweet object](/x-api/fundamentals/data-dictionary#tweet) using a Tweet ID and the [GET /tweets endpoint](/x-api/posts/lookup/introduction). Request: ```bash curl --request GET --url 'https://api.x.com/2/tweets?ids=1260294888811347969' \ --header 'Authorization: Bearer $BEARER_TOKEN' ``` Response: ``` { "data": [ { "id": "1260294888811347969", "text": "Don’t miss the Tweets about your Tweet. \n\nNow on iOS, you can see Retweets with comments all in one place. https://t.co/oanjZfzC6y" } ] } ``` The following step-by-step guide will show you how to retrieve the additional data we can see in the screenshot. 1. Identify the additional fields that you would like to request by using our [object model](/x-api/fundamentals/data-dictionary#tweet), or by reviewing the list of fields in the endpoints’ API reference pages. In this case, we will be requesting the following additional fields: attachments, author\_id, created\_at, public\_metrics. 2. Build the `tweet.fields` query parameter with the above fields as its value using a comma-separated list: `?tweet.fields=attachments,author_id,created_at,public_metrics` 3. Add the query parameter to the GET /tweets request that you made earlier. Request: `curl --request GET --url 'https://api.x.com/2/tweets?ids=1260294888811347969&tweet.fields=attachments,author_id,created_at,public_metrics' \ --header 'Authorization: Bearer $BEARER_TOKEN'` Response:   ``` { "data": [ { "id": "1260294888811347969", "text": "Don’t miss the Tweets about your Tweet. \n\nNow on iOS, you can see Retweets with comments all in one place. https://t.co/oanjZfzC6y", "author_id": "783214", "public_metrics": { "retweet_count": 5219, "reply_count": 1828, "like_count": 17141, "quote_count": 3255 }, "attachments": { "media_keys": [ "13_1260294804770041858" ] }, "created_at": "2020-05-12T19:44:51.000Z" } ] } ``` 4. Next, we are going to request fields related to the video that was included in the Tweet. To do so, we will use the `expansions` parameter with `attachments.media_keys` as the value, and add this to the request. ?expansions=attachments.media\_keys Request:   ```bash curl --request GET --url 'https://api.x.com/2/tweets?ids=1260294888811347969&tweet.fields=attachments,author_id,created_at,public_metrics&expansions=attachments.media_keys' \ --header 'Authorization: Bearer $BEARER_TOKEN' ``` Response, with the media object represented in the includes object:   ``` { "data": [ { "id": "1260294888811347969", "text": "Don’t miss the Tweets about your Tweet. \n\nNow on iOS, you can see Retweets with comments all in one place. https://t.co/oanjZfzC6y", "public_metrics": { "retweet_count": 5219, "reply_count": 1828, "like_count": 17141, "quote_count": 3255 }, "created_at": "2020-05-12T19:44:51.000Z", "attachments": { "media_keys": [ "13_1260294804770041858" ] }, "author_id": "783214" } ], "includes": { "media": [ { "media_key": "13_1260294804770041858", "type": "video" } ] } } ``` 5. And finally, we are going to request the view count and duration of the video. These aren’t default fields so we have to specifically request them. Use the `media.fields` parameter with the comma-separated values, `public_metrics` and `duration_ms` in your request. ?media.fields=public\_metrics,duration\_ms Request:   `curl --request GET --url 'https://api.x.com/2/tweets?ids=1260294888811347969&tweet.fields=attachments,author_id,created_at,public_metrics&expansions=attachments.media_keys&media.fields=duration_ms,public_metrics' --header 'Authorization: Bearer $BEARER_TOKEN'` Response, which now includes all the data that can be seen in the Tweet screenshot:   ``` { "data": [ { "id": "1260294888811347969", "text": "Don’t miss the Tweets about your Tweet. \n\nNow on iOS, you can see Retweets with comments all in one place. https://t.co/oanjZfzC6y", "author_id": "783214", "public_metrics": { "retweet_count": 5219, "reply_count": 1828, "like_count": 17141, "quote_count": 3255 }, "created_at": "2020-05-12T19:44:51.000Z", "attachments": { "media_keys": [ "13_1260294804770041858" ] } } ], "includes": { "media": [ { "duration_ms": 36503, "media_key": "13_1260294804770041858", "public_metrics": { "view_count": 1534703 }, "type": "video" } ] } } ``` In total, we included the following parameters in this example: * ids=1260294888811347969 * tweet.fields=attachments,author\_id,created\_at,public\_metrics * expansions=attachments.media\_keys * media.fields=public\_metrics,duration\_ms   When tied together, here is what the full query string looks like: ``` ?ids=1260294888811347969&tweet.fields=attachments,author\_id,created\_at,public\_metrics&expansions=attachments.media\_keys&media.fields=public\_metrics,duration\_ms ``` ## X API v2 Example payloads ### Tweet ```json { "data": [ { "conversation_id": "1304102743196356610", "id": "1307025659294674945", "possibly_sensitive": false, "public_metrics": { "retweet_count": 11, "reply_count": 2, "like_count": 70, "quote_count": 1 }, "entities": { "urls": [ { "start": 74, "end": 97, "url": "https://t.co/oeF3ZHeKQQ", "expanded_url": "https://dev.to/twitterdev/understanding-the-new-tweet-payload-in-the-twitter-api-v2-1fg5", "display_url": "dev.to/twitterdev/und…", "images": [ { "url": "https://pbs.twimg.com/news_img/1317156296982867969/2uLfv-Bh?format=jpg&name=orig", "width": 1128, "height": 600 }, { "url": "https://pbs.twimg.com/news_img/1317156296982867969/2uLfv-Bh?format=jpg&name=150x150", "width": 150, "height": 150 } ], "status": 200, "title": "Understanding the new Tweet payload in the X API v2", "description": "X recently announced the new X API v2, rebuilt from the ground up to deliver new features...", "unwound_url": "https://dev.to/twitterdev/understanding-the-new-tweet-payload-in-the-twitter-api-v2-1fg5" } ] }, "text": "Here’s an article that highlights the updates in the new Tweet payload v2 https://t.co/oeF3ZHeKQQ", "in_reply_to_user_id": "2244994945", "created_at": "2020-09-18T18:36:15.000Z", "author_id": "2244994945", "referenced_tweets": [ { "type": "replied_to", "id": "1304102743196356610" } ], "lang": "en", "source": "Twitter Web App" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "id": "2244994945", "verified": true, "location": "127.0.0.1", "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "pinned_tweet_id": "1293593516040269825", "username": "TwitterDev", "public_metrics": { "followers_count": 513961, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "name": "Twitter Dev", "url": "https://t.co/3ZX3TNiZCY", "protected": false } ], "tweets": [ { "conversation_id": "1304102743196356610", "id": "1304102743196356610", "possibly_sensitive": false, "public_metrics": { "retweet_count": 31, "reply_count": 12, "like_count": 104, "quote_count": 4 }, "entities": { "mentions": [ { "start": 146, "end": 158, "username": "suhemparack" } ], "urls": [ { "start": 237, "end": 260, "url": "https://t.co/CjneyMpgCq", "expanded_url": "https://x.com/TwitterDev/status/1304102743196356610/video/1", "display_url": "pic.x.com/CjneyMpgCq" } ], "hashtags": [ { "start": 8, "end": 19, "tag": "TwitterAPI" } ] }, "attachments": { "media_keys": [ "13_1303848070984024065" ] }, "text": "The new #TwitterAPI includes some improvements to the Tweet payload. You’re probably wondering — what are the main differences? 🧐\n\nIn this video, @SuhemParack compares the v1.1 Tweet payload with what you’ll find using our v2 endpoints. https://t.co/CjneyMpgCq", "created_at": "2020-09-10T17:01:37.000Z", "author_id": "2244994945", "lang": "en", "source": "Twitter Media Studio" } ] } } ``` ### Tweet reply ```json { "data": [ { "lang": "en", "conversation_id": "1296887091901718529", "text": "See how @PennMedCDH are using Twitter data to understand the COVID-19 health crisis 📊\n\nhttps://t.co/1tdA8uDWes", "referenced_tweets": [ { "type": "replied_to", "id": "1296887091901718529" } ], "possibly_sensitive": false, "entities": { "annotations": [ { "start": 30, "end": 36, "probability": 0.6318, "type": "Product", "normalized_text": "Twitter" } ], "mentions": [ { "start": 8, "end": 19, "username": "PennMedCDH" } ], "urls": [ { "start": 87, "end": 110, "url": "https://t.co/1tdA8uDWes", "expanded_url": "https://developer.x.com/en/use-cases/success-stories/penn", "display_url": "developer.x.com/en/use-cases/s…", "status": 200, "title": "Penn Medicine Center for Digital Health", "description": "Penn Med Center for Digital Health has created a COVID-19 Twitter map that includes charts detailing sentiment, symptoms reported, state-by-state data cuts, and border data on the COVID-19 outbreak. In addition, their Penn Med With You initiative uses aggregate regional information from Twitter to inform their website and text-messaging service. The service uses this information to disseminate relevant and timely resources.", "unwound_url": "https://developer.x.com/en/use-cases/success-stories/penn" } ] }, "id": "1296887316556980230", "public_metrics": { "retweet_count": 9, "reply_count": 3, "like_count": 26, "quote_count": 2 }, "author_id": "2244994945", "in_reply_to_user_id": "2244994945", "context_annotations": [ { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "123", "name": "Ongoing News Story", "description": "Ongoing News Stories like 'Brexit'" }, "entity": { "id": "1220701888179359745", "name": "COVID-19" } } ], "source": "Twitter Web App", "created_at": "2020-08-21T19:10:05.000Z" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "protected": false, "username": "TwitterDev", "verified": true, "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "pinned_tweet_id": "1293593516040269825", "public_metrics": { "followers_count": 513962, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "location": "127.0.0.1", "name": "Twitter Dev", "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "url": "https://t.co/3ZX3TNiZCY" }, { "created_at": "2013-07-23T16:58:03.000Z", "id": "1615654896", "protected": false, "username": "PennMedCDH", "verified": false, "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/7eS9RuwIb9", "expanded_url": "http://centerfordigitalhealth.upenn.edu/", "display_url": "centerfordigitalhealth.upenn.edu" } ] }, "description": { "mentions": [ { "start": 0, "end": 13, "username": "PennMedicine" } ] } }, "description": "@PennMedicine's Center for Digital Health advances science by researching the implications of the advancement of digital health technology in health care.", "public_metrics": { "followers_count": 1348, "following_count": 455, "tweet_count": 1288, "listed_count": 92 }, "location": "Philadelphia, PA", "name": "Penn Med CDH", "profile_image_url": "https://pbs.twimg.com/profile_images/1067488849725726723/MoO3FQ44_normal.jpg", "url": "https://t.co/7eS9RuwIb9" } ], "tweets": [ { "lang": "en", "conversation_id": "1296887091901718529", "text": "Dr. @RainaMerchant and her team at the Penn Medicine CDH are helping build the future of health care.\n\nThe team is using insights from social data in many different ways — ranging from uncovering risk factors to shedding light on public sentiment. 🔎", "possibly_sensitive": false, "entities": { "annotations": [ { "start": 39, "end": 55, "probability": 0.8274, "type": "Organization", "normalized_text": "Penn Medicine CDH" } ], "mentions": [ { "start": 4, "end": 18, "username": "RainaMerchant" } ] }, "id": "1296887091901718529", "public_metrics": { "retweet_count": 9, "reply_count": 7, "like_count": 32, "quote_count": 0 }, "author_id": "2244994945", "source": "Twitter Web App", "created_at": "2020-08-21T19:09:12.000Z" } ] } } ``` ### Extended Tweet ```json { "data": [ { "conversation_id": "1296121314218897408", "id": "1296121314218897408", "possibly_sensitive": false, "public_metrics": { "retweet_count": 54, "reply_count": 9, "like_count": 172, "quote_count": 23 }, "entities": { "urls": [ { "start": 192, "end": 215, "url": "https://t.co/khXhTurm9x", "expanded_url": "https://devcommunity.x.com/t/hide-replies-now-available-in-the-new-twitter-api/140996", "display_url": "devcommunity.com/t/hide-replies…", "images": [ { "url": "https://pbs.twimg.com/news_img/1296121315514957825/3CI24hSI?format=png&name=orig", "width": 400, "height": 400 }, { "url": "https://pbs.twimg.com/news_img/1296121315514957825/3CI24hSI?format=png&name=150x150", "width": 150, "height": 150 } ], "status": 200, "title": "Hide replies now available in the new Twitter API", "description": "Today, we’re happy to announce the general availability of the hide replies endpoint in the new Twitter API. The hide replies endpoint allows you to build tools that help people hide or unhide replies to their Tweets. People manage their replies for many reasons, including to give less attention to comments that are abusive, distracting, misleading, or to make conversations more engaging. Through this endpoint, you can build tools to help people on Twitter hide or unhide replies faster and more...", "unwound_url": "https://devcommunity.x.com/t/hide-replies-now-available-in-the-new-twitter-api/140996" } ], "hashtags": [ { "start": 178, "end": 189, "tag": "TwitterAPI" } ] }, "text": "The hide replies endpoint is launching today! \n\nDevelopers can hide replies to Tweets - a crucial way developers can help improve the health of the public conversation using the #TwitterAPI.\n\nhttps://t.co/khXhTurm9x", "created_at": "2020-08-19T16:26:16.000Z", "context_annotations": [ { "domain": { "id": "65", "name": "Interests and Hobbies Vertical", "description": "Top level interests and hobbies groupings, like Food or Travel" }, "entity": { "id": "848920371311001600", "name": "Technology", "description": "Technology and computing" } }, { "domain": { "id": "66", "name": "Interests and Hobbies Category", "description": "A grouping of interests and hobbies entities, like Novelty Food or Destinations" }, "entity": { "id": "848921413196984320", "name": "Computer programming", "description": "Computer programming" } } ], "author_id": "2244994945", "lang": "en", "source": "Twitter Web App" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "id": "2244994945", "verified": true, "location": "127.0.0.1", "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "pinned_tweet_id": "1293593516040269825", "username": "TwitterDev", "public_metrics": { "followers_count": 513962, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "name": "Twitter Dev", "url": "https://t.co/3ZX3TNiZCY", "protected": false } ] } } ``` ### Tweet with media ```json { "data": [ { "lang": "en", "conversation_id": "1293593516040269825", "text": "It’s finally here! 🥁 Say hello to the new #TwitterAPI.\n\nWe’re rebuilding the X API v2 from the ground up to better serve our developer community. And today’s launch is only the beginning.\n\nhttps://t.co/32VrwpGaJw https://t.co/KaFSbjWUA8", "attachments": { "media_keys": [ "7_1293565706408038401" ] }, "possibly_sensitive": false, "entities": { "annotations": [ { "start": 78, "end": 88, "probability": 0.4381, "type": "Product", "normalized_text": "Twitter API" } ], "hashtags": [ { "start": 42, "end": 53, "tag": "TwitterAPI" } ], "urls": [ { "start": 195, "end": 218, "url": "https://t.co/32VrwpGaJw", "expanded_url": "https://blog.x.com/developer/en_us/topics/tools/2020/introducing_new_twitter_api.html", "display_url": "blog.x.com/developer/en_u…", "images": [ { "url": "https://pbs.twimg.com/news_img/1336475659279818754/_cmRh7QE?format=jpg&name=orig", "width": 1200, "height": 627 }, { "url": "https://pbs.twimg.com/news_img/1336475659279818754/_cmRh7QE?format=jpg&name=150x150", "width": 150, "height": 150 } ], "status": 200, "title": "Introducing a new and improved X API", "description": "Introducing the new X API - rebuilt from the ground up to deliver new features faster so developers can help the world connect to the public conversation happening on Twitter.", "unwound_url": "https://blog.x.com/developer/en_us/topics/tools/2020/introducing_new_twitter_api.html" }, { "start": 219, "end": 242, "url": "https://t.co/KaFSbjWUA8", "expanded_url": "https://x.com/TwitterDev/status/1293593516040269825/video/1", "display_url": "pic.x.com/KaFSbjWUA8" } ] }, "id": "1293593516040269825", "public_metrics": { "retweet_count": 958, "reply_count": 171, "like_count": 2848, "quote_count": 333 }, "author_id": "2244994945", "context_annotations": [ { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "65", "name": "Interests and Hobbies Vertical", "description": "Top level interests and hobbies groupings, like Food or Travel" }, "entity": { "id": "848920371311001600", "name": "Technology", "description": "Technology and computing" } }, { "domain": { "id": "66", "name": "Interests and Hobbies Category", "description": "A grouping of interests and hobbies entities, like Novelty Food or Destinations" }, "entity": { "id": "848921413196984320", "name": "Computer programming", "description": "Computer programming" } } ], "source": "Twitter Web App", "created_at": "2020-08-12T17:01:42.000Z" } ], "includes": { "media": [ { "height": 720, "duration_ms": 34875, "media_key": "7_1293565706408038401", "type": "video", "preview_image_url": "https://pbs.twimg.com/ext_tw_video_thumb/1293565706408038401/pu/img/66P2dvbU4a02jYbV.jpg", "public_metrics": { "view_count": 279438 }, "width": 1280 } ], "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "protected": false, "username": "TwitterDev", "verified": true, "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "pinned_tweet_id": "1293593516040269825", "public_metrics": { "followers_count": 513962, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "location": "127.0.0.1", "name": "Twitter Dev", "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "url": "https://t.co/3ZX3TNiZCY" } ] } }` ### Retweet `{ "data": [ { "public_metrics": { "retweet_count": 19, "reply_count": 0, "like_count": 0, "quote_count": 0 }, "conversation_id": "1229851574555508737", "id": "1229851574555508737", "entities": { "annotations": [ { "start": 28, "end": 38, "probability": 0.261, "type": "Product", "normalized_text": "Alexa Skill" }, { "start": 44, "end": 50, "probability": 0.7332, "type": "Product", "normalized_text": "Twitter" } ], "mentions": [ { "start": 3, "end": 15, "username": "suhemparack" } ] }, "text": "RT @suhemparack: I built an Alexa Skill for Twitter using APL that allows you to view Tweets and Trends on the echo show!\n\nCheck it out her…", "created_at": "2020-02-18T19:33:59.000Z", "possibly_sensitive": false, "author_id": "2244994945", "referenced_tweets": [ { "type": "retweeted", "id": "1229843515603144704" } ], "context_annotations": [ { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10026792024", "name": "Amazon" } }, { "domain": { "id": "48", "name": "Product", "description": "Products created by Brands. Examples: Ford Explorer, Apple iPhone." }, "entity": { "id": "968221983803494400", "name": "Amazon - Alexa", "description": "Alexa" } }, { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } } ], "source": "Twitter Web App", "lang": "en" } ], "includes": { "users": [ { "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "username": "TwitterDev", "name": "Twitter Dev", "location": "127.0.0.1", "url": "https://t.co/3ZX3TNiZCY", "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "id": "2244994945", "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "verified": true, "public_metrics": { "followers_count": 513962, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "pinned_tweet_id": "1293593516040269825", "created_at": "2013-12-14T04:35:55.000Z", "protected": false }, { "profile_image_url": "https://pbs.twimg.com/profile_images/1230703695051935747/TbQKe91L_normal.jpg", "username": "suhemparack", "name": "Suhem Parack", "location": "Seattle, WA", "url": "https://t.co/8IkCzClPCz", "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/8IkCzClPCz", "expanded_url": "https://developer.x.com", "display_url": "developer.x.com" } ] }, "description": { "mentions": [ { "start": 42, "end": 50, "username": "Twitter" } ] } }, "id": "857699969263964161", "description": "Developer Relations for Academic Research @Twitter. Talk to me about research with Twitter data. Previously: Amazon Alexa. Views are my own", "verified": false, "public_metrics": { "followers_count": 738, "following_count": 512, "tweet_count": 460, "listed_count": 12 }, "pinned_tweet_id": "1296498078233571329", "created_at": "2017-04-27T20:56:22.000Z", "protected": false } ], "tweets": [ { "public_metrics": { "retweet_count": 19, "reply_count": 1, "like_count": 71, "quote_count": 6 }, "conversation_id": "1229843515603144704", "id": "1229843515603144704", "entities": { "annotations": [ { "start": 11, "end": 21, "probability": 0.3342, "type": "Product", "normalized_text": "Alexa Skill" }, { "start": 27, "end": 33, "probability": 0.6727, "type": "Product", "normalized_text": "Twitter" } ], "urls": [ { "start": 127, "end": 150, "url": "https://t.co/l5J8wq748G", "expanded_url": "https://dev.to/twitterdev/building-an-alexa-skill-for-twitter-using-alexa-presentation-language-1aj0", "display_url": "dev.to/twitterdev/bui…", "status": 200, "unwound_url": "https://dev.to/twitterdev/building-an-alexa-skill-for-twitter-using-alexa-presentation-language-1aj0" } ] }, "text": "I built an Alexa Skill for Twitter using APL that allows you to view Tweets and Trends on the echo show!\n\nCheck it out here 👇\n\nhttps://t.co/l5J8wq748G", "created_at": "2020-02-18T19:01:58.000Z", "possibly_sensitive": false, "author_id": "857699969263964161", "context_annotations": [ { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10026792024", "name": "Amazon" } }, { "domain": { "id": "48", "name": "Product", "description": "Products created by Brands. Examples: Ford Explorer, Apple iPhone." }, "entity": { "id": "968221983803494400", "name": "Amazon - Alexa", "description": "Alexa" } }, { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } } ], "source": "Twitter Web App", "lang": "en" } ] } }` ### Quote Tweet `{ "data": [ { "lang": "en", "conversation_id": "1328399838128467969", "text": "As planned, the Labs v2 endpoints referenced below have now been retired. Please let us know in the forums if you have questions or need help with the X API v2! https://t.co/JaxttUMmjX", "referenced_tweets": [ { "type": "quoted", "id": "1327011423252144128" } ], "possibly_sensitive": false, "entities": { "annotations": [ { "start": 151, "end": 157, "probability": 0.8115, "type": "Product", "normalized_text": "Twitter" } ], "urls": [ { "start": 167, "end": 190, "url": "https://t.co/JaxttUMmjX", "expanded_url": "https://x.com/TwitterDev/status/1327011423252144128", "display_url": "twitter.com/TwitterDev/sta…" } ] }, "id": "1328399838128467969", "public_metrics": { "retweet_count": 7, "reply_count": 4, "like_count": 29, "quote_count": 1 }, "author_id": "2244994945", "context_annotations": [ { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "65", "name": "Interests and Hobbies Vertical", "description": "Top level interests and hobbies groupings, like Food or Travel" }, "entity": { "id": "848920371311001600", "name": "Technology", "description": "Technology and computing" } }, { "domain": { "id": "66", "name": "Interests and Hobbies Category", "description": "A grouping of interests and hobbies entities, like Novelty Food or Destinations" }, "entity": { "id": "848921413196984320", "name": "Computer programming", "description": "Computer programming" } } ], "source": "Twitter Web App", "created_at": "2020-11-16T18:09:36.000Z" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "protected": false, "username": "TwitterDev", "verified": true, "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "pinned_tweet_id": "1293593516040269825", "public_metrics": { "followers_count": 513962, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "location": "127.0.0.1", "name": "Twitter Dev", "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "url": "https://t.co/3ZX3TNiZCY" } ], "tweets": [ { "lang": "en", "conversation_id": "1327011423252144128", "text": "👋 Friendly reminder that Twitter Developer Labs v2 hide replies and recent search will be retired next Monday, November 16! We encourage you to migrate to the new hide replies and recent search endpoints now available in the v2 #TwitterAPI. Details: https://t.co/r6z6CI7kEy", "possibly_sensitive": false, "entities": { "annotations": [ { "start": 26, "end": 50, "probability": 0.4387, "type": "Product", "normalized_text": "Twitter Developer Labs v2" } ], "hashtags": [ { "start": 228, "end": 239, "tag": "TwitterAPI" } ], "urls": [ { "start": 250, "end": 273, "url": "https://t.co/r6z6CI7kEy", "expanded_url": "https://devcommunity.x.com/t/retiring-labs-v2-recent-search-and-hide-replies/145795", "display_url": "devcommunity.com/t/retiring-lab…", "images": [ { "url": "https://pbs.twimg.com/news_img/1327011425240313856/PkurOyu1?format=jpg&name=orig", "width": 1200, "height": 630 }, { "url": "https://pbs.twimg.com/news_img/1327011425240313856/PkurOyu1?format=jpg&name=150x150", "width": 150, "height": 150 } ], "status": 200, "title": "Retiring Labs v2 recent search and hide replies", "description": "As we said in our Early Access and hide replies announcements, the following Twitter Developer Labs v2 endpoints will be retired on November 16th. Labs v2 recent search Labs v2 hide replies If called, these endpoints will respond with an HTTP 410 status and return no data. Based on your feedback from Labs, we incorporated corresponding functionality into the X API v2. The relevant documentation can be found using the links below. Click here to enroll in v2 access if you haven’t already...", "unwound_url": "https://devcommunity.x.com/t/retiring-labs-v2-recent-search-and-hide-replies/145795" } ] }, "id": "1327011423252144128", "public_metrics": { "retweet_count": 8, "reply_count": 2, "like_count": 33, "quote_count": 4 }, "author_id": "2244994945", "context_annotations": [ { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "65", "name": "Interests and Hobbies Vertical", "description": "Top level interests and hobbies groupings, like Food or Travel" }, "entity": { "id": "848920371311001600", "name": "Technology", "description": "Technology and computing" } }, { "domain": { "id": "66", "name": "Interests and Hobbies Category", "description": "A grouping of interests and hobbies entities, like Novelty Food or Destinations" }, "entity": { "id": "848921413196984320", "name": "Computer programming", "description": "Computer programming" } } ], "source": "Twitter Web App", "created_at": "2020-11-12T22:12:32.000Z" } ] } } ``` ### Retweeted quote Tweet ``` { "data": [ { "lang": "en", "conversation_id": "1225470895902412800", "text": "RT @AureliaSpecker: 📣 If you enjoyed the London commute tutorial I wrote in November last year, check out the refactored version that uses…", "referenced_tweets": [ { "type": "retweeted", "id": "1224709550214873090" } ], "possibly_sensitive": false, "entities": { "annotations": [ { "start": 42, "end": 47, "probability": 0.6999, "type": "Place", "normalized_text": "London" } ], "mentions": [ { "start": 3, "end": 18, "username": "AureliaSpecker" } ] }, "id": "1225470895902412800", "public_metrics": { "retweet_count": 12, "reply_count": 0, "like_count": 0, "quote_count": 0 }, "author_id": "2244994945", "context_annotations": [ { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "65", "name": "Interests and Hobbies Vertical", "description": "Top level interests and hobbies groupings, like Food or Travel" }, "entity": { "id": "848920371311001600", "name": "Technology", "description": "Technology and computing" } }, { "domain": { "id": "66", "name": "Interests and Hobbies Category", "description": "A grouping of interests and hobbies entities, like Novelty Food or Destinations" }, "entity": { "id": "848921413196984320", "name": "Computer programming", "description": "Computer programming" } } ], "source": "Twitter for iPhone", "created_at": "2020-02-06T17:26:44.000Z" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "protected": false, "username": "TwitterDev", "verified": true, "entities": { "url": { "urls": [ { "start": 0, "end": 23, "url": "https://t.co/3ZX3TNiZCY", "expanded_url": "https://developer.x.com/en/community", "display_url": "developer.x.com/en/community" } ] }, "description": { "hashtags": [ { "start": 17, "end": 28, "tag": "TwitterDev" }, { "start": 105, "end": 116, "tag": "TwitterAPI" } ] } }, "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "pinned_tweet_id": "1293593516040269825", "public_metrics": { "followers_count": 513962, "following_count": 2039, "tweet_count": 3635, "listed_count": 1672 }, "location": "127.0.0.1", "name": "Twitter Dev", "profile_image_url": "https://pbs.twimg.com/profile_images/1283786620521652229/lEODkLTh_normal.jpg", "url": "https://t.co/3ZX3TNiZCY" }, { "created_at": "2013-01-18T23:45:43.000Z", "id": "1102321381", "protected": false, "username": "AureliaSpecker", "verified": false, "entities": { "description": { "mentions": [ { "start": 7, "end": 17, "username": "TwitterUK" }, { "start": 86, "end": 95, "username": "_dormrod" } ] } }, "description": "devrel @TwitterUK • Swiss in London • mother of houseplants • personal hairdresser to @_dormrod", "pinned_tweet_id": "1253069421322567681", "public_metrics": { "followers_count": 1036, "following_count": 1330, "tweet_count": 855, "listed_count": 26 }, "location": "London, UK", "name": "Aurelia Specker", "profile_image_url": "https://pbs.twimg.com/profile_images/1137517534104772608/8FBYgc6G_normal.jpg", "url": "" } ], "tweets": [ { "lang": "en", "conversation_id": "1224709550214873090", "text": "📣 If you enjoyed the London commute tutorial I wrote in November last year, check out the refactored version that uses Twitter's new search endpoint 🚇 https://t.co/87XIPZmZBJ\n\n#DEVcommunity #Pythontutorial @TwitterDev @TwitterAPI https://t.co/dXrJYvn3hY", "referenced_tweets": [ { "type": "quoted", "id": "1195000047089389573" } ], "possibly_sensitive": false, "entities": { "annotations": [ { "start": 22, "end": 27, "probability": 0.7075, "type": "Place", "normalized_text": "London" }, { "start": 120, "end": 126, "probability": 0.7355, "type": "Product", "normalized_text": "Twitter" } ], "mentions": [ { "start": 206, "end": 217, "username": "TwitterDev" }, { "start": 218, "end": 229, "username": "TwitterAPI" } ], "hashtags": [ { "start": 176, "end": 189, "tag": "DEVcommunity" }, { "start": 190, "end": 205, "tag": "Pythontutorial" } ], "urls": [ { "start": 151, "end": 174, "url": "https://t.co/87XIPZmZBJ", "expanded_url": "https://bit.ly/2OrnrCC", "display_url": "bit.ly/2OrnrCC", "status": 200, "unwound_url": "https://dev.to/twitterdev/migrate-to-twitter-s-newly-released-labs-recent-search-endpoint-3npe" }, { "start": 230, "end": 253, "url": "https://t.co/dXrJYvn3hY", "expanded_url": "https://x.com/AureliaSpecker/status/1195000047089389573", "display_url": "twitter.com/AureliaSpecker…" } ] }, "id": "1224709550214873090", "public_metrics": { "retweet_count": 12, "reply_count": 0, "like_count": 43, "quote_count": 2 }, "author_id": "1102321381", "context_annotations": [ { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } }, { "domain": { "id": "65", "name": "Interests and Hobbies Vertical", "description": "Top level interests and hobbies groupings, like Food or Travel" }, "entity": { "id": "848920371311001600", "name": "Technology", "description": "Technology and computing" } }, { "domain": { "id": "66", "name": "Interests and Hobbies Category", "description": "A grouping of interests and hobbies entities, like Novelty Food or Destinations" }, "entity": { "id": "848921413196984320", "name": "Computer programming", "description": "Computer programming" } } ], "source": "Twitter Web App", "created_at": "2020-02-04T15:01:25.000Z" } ] } } ``` # Edit Posts Source: https://docs.x.com/x-api/fundamentals/edit-posts # Introduction The X API v2 endpoints provide edited Post metadata. The *Edit Posts* feature was first introduced for testing among X employees on September 1, 2022. Starting on that date, eligible Posts are editable for 30 minutes and up to 5 times. *All objects for Posts created since September 29, 2022* include Post edit metadata, even if the Post was never edited. Each time a Post is edited, a new Post ID is created. A Post's edit history can be described by chaining these IDs together, starting with the original ID.  Additionally, if any Post in the edit chain is deleted, all Posts in that chain are deleted as well. Using the X API v2, a developer can find out: * If a Post was edit eligible at the time of creation. Some Posts, such as those with polls or scheduled Posts, can not be edited. * Posts are editable for 30 minutes, and can be edited up to 5 times. For editable POsts you can see if time for editing remains and how many more edits are possible. * If you are viewing an edited version of a Post (in most cases the API will return the most recent version of a Post, unless a specific past version is requested by Post ID). * The entire edit history of the Post. * The engagement attributed to each version of the Post. There are three components to a Post's edit history: 1. By default, the Post payload will contain an array of Post IDs that are part of a Post's edit history. This information is specified by the `edit_history_tweet_ids`, which is a default field in the Post payload. This array will contain at least one ID, the ID of the original, unedited Post. When there is only one ID that means the Post has no edit history.  2. You can get information such as whether a Post was editable at the time it was created, how much time, if any, is remaining for a Post to be edited, and how many edits remain by specifying `edit_controls` in your [tweet.fields](/x-api/fundamentals/fields) parameter. 3. Finally, you can get the Post objects for each Post in a Post's edit history, by specifying the `edit_history_tweet_ids` using the [expansion](/x-api/fundamentals/expansions) parameter Most Posts are eligible for editing. However, the following types of Posts are not:  * Post is promoted * Post has a poll * Post is a non-self-thread reply * Post is a Retweet (note that Quote Tweets are eligible for edit) * Post is nullcast * Community Post * Superfollow Post * Collaborative Post Examples *** The examples below demonstrate how a developer can request edited Post metadata using the X API v2.  **Note:** The examples below use the User Post Timeline endpoint, but you can request this metadata using the same parameters (with fields and expansions) for all endpoints that return Posts (e.g. Posts lookup, search, filtered stream,  etc.) ### Default behavior By default, an API request to any endpoint that returns Post objects in the X API v2, you get: * The Post ID * The Post Text * An array of Post IDs that are part of a Post's edit history. If there is only one ID provided, that means the Post has not been edited. **Request:** `curl --request GET 'https://api.x.com/2/users/:id/tweets' --header 'Authorization: Bearer $BEARER_TOKEN'` **Sample Response:** ```{ "data": [ { "id": "1514991667853602823", "text": "we have an edit button", "edit_history_tweet_ids": ["1514991667853602822", "1514991667853602823"] } ] } ``` ### Getting additional data with edit\_controls If you want additional edited Post metadata such as whether a Post was eligible to be edited when it was created and how much time is remaining for a Post to be editable, you can request this information using the tweet.fields parameter and setting it to edit\_control. **Request:** `curl --request GET 'https://api.x.com/2/users/:id/tweets?tweet.fields=edit_control' --header 'Authorization: Bearer $BEARER_TOKEN'` **Sample Response:** ``` { "data": [ { "id": "1514991667853602823", "text": "we have an edit button", "edit_history_tweet_ids": ["1514991667853602822", "1514991667853602823"], "edit_controls": { "is_edit_eligible": true, "editable_until": "2022-04-21 09:35:20.311", "edits_remaining": 4 } } ] } ``` ### Getting Post objects for all Posts in a Post's edit history The examples above provide an array of Post IDs in a Post's edit history. If you want the actual Post object for each of these Post IDs, you can use the expansion parameter and set it to `edit_history_tweet_ids`. The Post objects that make up the edit history will be provided in the "includes" object.  **Request:** ```bash curl --location --request GET 'https://api.x.com/2/users/:id/tweets?tweet.fields=edit_control&expansions=edit_history_tweet_ids' --header 'Authorization: Bearer $BEARER_TOKEN'` ``` **Sample Response:** ``` { "data": [ { "id": "1514991667853602823", "text": "we have an edit button", "edit_history_tweet_ids": ["1514991667853602822", "1514991667853602823"], "edit_controls": { "is_edit_eligible": true, "editable_until": "2022-04-21 09:35:20.311", "edits_remaining": 4 } } ], "includes": { "tweets": [ { "id": "1514991667853602822", "text": "we need an eidt button", "edit_history_tweet_ids": [ "1514991667853602822", "1514991667853602823" ], "edit_controls": { "is_edit_eligible": true, "editable_until": "2022-04-21 09:35:20.311", "edits_remaining": 4 } } ] } } ``` # Expansions Source: https://docs.x.com/x-api/fundamentals/expansions With expansions, developers can expand objects referenced in the payload. Objects available for expansion are referenced by ID. For example, the `referenced_tweets.id` and `author_id` fields returned in the [Posts lookup](/x-api/posts/lookup/introduction) payload can be expanded into complete objects. If you would like to request fields related to the user that posted that Post, or the media, poll, or place that was included in that Post, you will need to pass the related expansion query parameter in your request to receive that data in your response. Currently, v2 endpoints that return Posts, Users, Lists, Spaces, and Direct Message event objects all support expansions (see examples below). When including an expansion in your request, we will include that expanded object’s default fields within the same response. It helps return additional data in the same response without the need for separate requests. If you would like to request additional [fields](/x-api/fundamentals/fields) related to the expanded object, you can include the field parameter associated with that expanded object, along with a comma-separated list of fields that you would like to receive in your response. Please note fields are not always returned in the same order they were requested in the query. The Post payload below contains reference IDs for complementary objects we can expand on, including the `author_id` of who posted the Post, the `id` of a *referenced* Post, and a `media_key` for a media attachment. ```json { "data": { "attachments": { "media_keys": ["16_1211797899316740096"] }, "author_id": "2244994945", "id": "1212092628029698048", "referenced_tweets": [ { "type": "replied_to", "id": "1212092627178287104" } ], "text": "We believe the best future version of our API will come from building it with YOU. Here’s to another great year with everyone who builds on the Twitter platform. We can’t wait to continue working with you in the new year. https://t.co/yvxdK6aOo2" } } ``` ### Available Expansions for Post Payloads | Expansion | Description | | :------------------------------- | :------------------------------------------------------------------------------------------------ | | `author_id` | Returns a user object representing the Post's author | | `referenced_tweets.id` | Returns a Post object that this Post is referencing (either as a Retweet, Quoted Tweet, or reply) | | `edit_history_tweet_ids` | Returns Post objects that are part of a Post's edit history | | `in_reply_to_user_id` | Returns a user object representing the Post author this requested Post is a reply of | | `attachments.media_keys` | Returns a media object representing the images, videos, GIFs included in the Post | | `attachments.poll_ids` | Returns a poll object containing metadata for the poll included in the Post | | `geo.place_id` | Returns a place object containing metadata for the location tagged in the Post | | `entities.mentions.username` | Returns a user object for the user mentioned in the Post | | `referenced_tweets.id.author_id` | Returns a user object for the author of the referenced Post | ### Available Expansion for User Payloads | Expansion | Description | | :---------------- | :---------------------------------------------------------------------------------- | | `pinned_tweet_id` | Returns a Post object representing the Post pinned to the top of the user’s profile | ### Available Expansions for Direct Message Event Payloads | Expansion | Description | | :----------------------- | :--------------------------------------------------------------------------------------------------------------------- | | `attachments.media_keys` | Returns a Media object that was attached to a Direct Message | | `referenced_tweets.id` | Returns a Post object that was referenced in a Direct Message | | `sender_id` | Returns a User object representing the author of a Direct Message and who invited a participant to join a conversation | | `participant_ids` | Returns a User object representing a participant that joined or left a conversation | ### Available Expansions for Spaces Payloads | Expansion | Description | | :----------------- | :------------------------------------------------------------------- | | `invited_user_ids` | Returns User objects representing what accounts were invited | | `speaker_ids` | Returns User objects representing what accounts spoke during a Space | | `creator_id` | Returns a User object representing what account created the Space | | `host_ids` | Returns User objects representing what accounts were set up as hosts | | `topics_ids` | Returns topic descriptions that were set up by the creator | ### Available Expansion for Lists Payloads | Expansion | Description | | :--------- | :----------------------------------------------------------------------------- | | `owner_id` | Returns a User object representing what account created and maintains the List | ## Expanding the Media Object In the following request, we are requesting the `geo.place_id` expansion to include alongside the default Post fields: **Sample Request** ``` {`curl 'https://api.x.com/2/tweets/:ID?expansions=geo.place_id' --header 'Authorization: Bearer $ACCESS_TOKEN'`} ``` **Sample Response** ``` {`{ "data": { "geo": { "place_id": "01a9a39529b27f36" }, "id": "ID", "text": "Test" }, "includes": { "places": [ { "full_name": "Manhattan, NY", "id": "01a9a39529b27f36" } ] } }`} ``` ## Expanding the Poll Object In the following request, we are requesting the `attachments.poll_ids` expansion to include alongside the default Post fields: **Sample Request** {`curl 'https://api.x.com/2/tweets/1199786642791452673?expansions=attachments.poll_ids' --header 'Authorization: Bearer $ACCESS_TOKEN'`} **Sample Response** ``` {`{ "data": { "attachments": { "poll_ids": ["1199786642468413448"] }, "id": "1199786642791452673", "text": "C#" }, "includes": { "polls": [ { "id": "1199786642468413448", "options": [ { "position": 1, "label": "“C Sharp”", "votes": 795 }, { "position": 2, "label": "“C Hashtag”", "votes": 156 } ] } ] } }`} ``` ## Expanding the Place Object In the following request, we are requesting the `geo.place_id` expansion to include alongside the default Post fields: **Sample Request** {`curl 'https://api.x.com/2/tweets/:ID?expansions=geo.place_id' --header 'Authorization: Bearer $ACCESS_TOKEN'`} **Sample Response** ```s {`{ "data": { "geo": { "place_id": "01a9a39529b27f36" }, "id": "ID", "text": "Test" }, "includes": { "places": [ { "full_name": "Manhattan, NY", "id": "01a9a39529b27f36" } ] } }`} ``` # Fields Source: https://docs.x.com/x-api/fundamentals/fields The X API v2 endpoints are equipped with a set of parameters called *fields*, which allows you to select just the data that you want from each of the objects in your endpoint response. By default, the Post object only returns the `id` and the `text` fields, and for Posts created since September 29, 2022, the `edit_history_tweet_ids` field. If you need the Post's created date or public metrics, you will need to use the `tweet.fields` parameters to request them. This provides a higher degree of customization by enabling you to only request the fields you require depending on your use case. For example, you would include this query string in your request: `?tweet.fields=created_at,public_metrics` Each object has its own parameter which is used to specifically request the fields that are associated with that object. Here are the different fields parameters that are currently available: * [Post](/x-api/fundamentals/data-dictionary#tweet) → `tweet.fields` * [User](/x-api/fundamentals/data-dictionary#user) → `user.fields` * [Media](/x-api/fundamentals/data-dictionary#media) → `media.fields` * [Poll](/x-api/fundamentals/data-dictionary#poll) → `poll.fields` * [Place](/x-api/fundamentals/data-dictionary#place) → `place.fields` When using an endpoint that primarily returns a particular object, simply use the matching field parameter and specify the field(s) desired in a comma-separated list as the value to that parameter to retrieve those fields in the response. ### Example If you are using the [GET /tweets/search/recent](/x-api/posts/recent-search) endpoint, you will primarily receive [Tweet objects](/x-api/fundamentals/data-dictionary#tweet) in that response. Without specifying any fields parameters, you will just receive the default values, `id` and `text`. If you are interested in receiving the public metrics of the Posts that are returned in the response, you will want to include the `tweet.fields` parameter in your request, with `public_metrics` set as the value. This request would look like the following. If you would like to use this request, make sure to replace `$BEARER_TOKEN` with your [Bearer Token](/resources/fundamentals/authentication) and send it using your command line tool. ```bash curl --request GET \ --url 'https://api.x.com/2/tweets/search/recent?query=from%3Atwitterdev&tweet.fields=public_metrics' \ --header 'Authorization: Bearer $BEARER_TOKEN' ``` If you send this request in your terminal, then each of the Posts that return will include the following fields: ``` { "data": { "id": "1263150595717730305", "public_metrics": { "retweet_count": 12, "reply_count": 14, "like_count": 49, "quote_count": 7 }, "text": "Do you 👀our new Tweet settings?\n\nWe want to know how and why you’d use a feature like this in the API. Get the details and let us know what you think👇\nhttps://t.co/RtMhhfAcIB https://t.co/8wxeZ9fJER" } } ``` If you would like to retrieve a set of fields from a secondary object that is associated with the primary object returned by an endpoint, you will need to include an additional expansions parameter. For example, if you were using the same GET search/tweets/recent endpoint as earlier, and you wanted to retrieve the author's profile description, you will have to pass the `expansions=author_id` and `user.fields=description` with your request. Here is an example of what this might look like. If you would like to try this request, make sure to replace the `$BEARER_TOKEN` with your [Bearer Token](/resources/fundamentals/authentication) before pasting it into your command line tool. ```bash curl --request GET \ --url 'https://api.x.com/2/tweets/search/recent?query=from%3Atwitterdev&tweet.fields=public_metrics&expansions=author_id&user.fields=description' \ --header 'Authorization: Bearer $BEARER_TOKEN' ``` If you specify this in the request, then each of the Posts that deliver will have the following fields, and the related [user object's](/x-api/fundamentals/data-dictionary#user) default and specified fields will return within `includes`. The user object can be mapped back to the corresponding Post(s) by matching the `tweet.author_id` and `users.id fields`. ``` { "data": [ { "id": "1263150595717730305", "author_id": "2244994945", "text": "Do you 👀our new Tweet settings?\n\nWe want to know how and why you’d use a feature like this in the API. Get the details and let us know what you think👇\nhttps://t.co/RtMhhfAcIB https://t.co/8wxeZ9fJER", "public_metrics": { "retweet_count": 12, "reply_count": 13, "like_count": 51, "quote_count": 7 } } ], "includes": { "users": [ { "id": "2244994945", "username": "TwitterDev", "description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.", "name": "Twitter Dev" } ] } } ``` Bear in mind that you cannot request specific subfields (for example, `public_metrics.retweet_count`). All subfields will be returned when the top-level field (`public_metrics`) is specified. We have listed all possible fields that you can request in each endpoints' API reference page's parameters table.  A full list of fields are listed in the [object model](/x-api/fundamentals/data-dictionary#tweet). To expand and request fields on an object that is not that endpoint’s primary resource, use the [expansions](/x-api/fundamentals/expansions) parameter with fields. # Metrics Source: https://docs.x.com/x-api/fundamentals/metrics ## Overview The metrics field allows developers to access public and private engagement metrics for Post and media objects. Public metrics are accessible by anyone with a developer account, while private metrics are accessible from owned/authorized accounts (definition below). Metrics include the total count of impressions, Retweets, Quote Tweets, likes, replies, video views, video view quartiles, URL and profile link clicks for each Post specified in the request. There is also the option to view a breakdown of metrics earned in an organic or promoted context, if the Post was promoted as an [Ad](https://ads.x.com/). Public metrics can be requested with [App-only Token](/resources/fundamentals/authentication#oauth-2-0) authentication. Non-public metrics can be requested for owned/authorized Posts only, meaning developers need to authenticate using [OAuth 2.0](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) or [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) user context authorization. **Non-public, organic, and promoted metrics are only available for Posts created within the last 30 days.** ### Terminology * **Authorized account**: An X account that has authorized your [X developer app](/resources/fundamentals/developer-apps) by granting it access to that account (any [app permission level](/resources/fundamentals/developer-apps#app-permissions) will permit access to Post metrics). * **Owned account**: An X account linked to your [X developer app](/resources/fundamentals/developer-apps). * **Public metrics**: Totals that are available for anyone to access on [X](https://x.com/home), such as the number of likes and number of Retweets. * **Non-public metrics**: Totals not available for public viewing on [X](https://x.com/home), such as the number of impressions and video view quartiles. Requires [OAuth 2.0](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) or [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) user context authentication. * **Organic metrics**: A grouping of public and non-public metrics attributed to an organic context (posted and viewed in a regular manner). Requires [OAuth 2.0](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) or [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) user context authentication. * **Promoted metrics**: A grouping of public and non-public metrics attributed to a promoted context (posted or viewed as part of an Ads campaign). Requires [OAuth 2.0](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) or [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) user context authentication and that the Post was promoted in an Ad. ## Available Metrics | Metric | API Representations | Description | | :----------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Impressions** | `data.non_public_metrics.impression_count`, `data.organic_metrics.impression_count`, `data.promoted_metrics.impression_count` | A count of how many times the Post has been viewed (not unique by user). A view is counted if any part of the Post is visible on the screen. Requires OAuth 1.0a User Context authentication. | | **Retweets** | `data.public_metrics.retweet_count`, `data.organic_metrics.retweet_count`, `data.promoted_metrics.retweet_count` | A count of how many times the Post has been Retweeted. Does not include Quote Tweets (“Retweets with comment”). To get the "Retweets and comments" total as displayed on X clients, add `retweet_count` and `quote_count`. | | **Quote Tweets** | `data.public_metrics.quote_count` | A count of how many times the Post has been Retweeted with a new comment (message). There are no Quote Tweets from a paid context, so all Quote Tweets are organic. | | **Likes** | `data.public_metrics.like_count`, `data.organic_metrics.like_count`, `data.promoted_metrics.like_count` | A count of how many times the Post has been liked. The `public_metrics` field returns the total count of likes from both organic and paid contexts to maintain consistency with counts shown publicly on X. | | **Replies** | `data.public_metrics.reply_count`, `data.organic_metrics.reply_count`, `data.promoted_metrics.reply_count` | A count of how many times the Post has been replied to. The `public_metrics` field returns the total count of replies from both organic and paid contexts. | | **URL Link Clicks** | `data.non_public_metrics.url_link_clicks`, `data.organic_metrics.url_link_clicks`, `data.promoted_metrics.url_link_clicks` | A count of the number of times a user clicks on a URL link or URL preview card in a Post. Requires OAuth 1.0a User Context authentication. | | **User Profile Clicks** | `data.non_public_metrics.user_profile_clicks`, `data.organic_metrics.user_profile_clicks`, `data.promoted_metrics.user_profile_clicks` | A count of the number of times a user clicks on portions of a Post: display name, user name, profile picture. Requires OAuth 1.0a User Context authentication. | | **Video views** | `includes.media.public_metrics.view_count`, `includes.media.organic_metrics.view_count`, `includes.media.promoted_metrics.view_count` | A count of how many times the video included in the Post has been viewed. This is the number of video views aggregated across all Posts in which the given video has been posted. Requires media expansion `expansions=attachment.media_keys`. | | **Video view quartiles** | `includes.media.non_public_metrics.playback_0_count`, `includes.media.non_public_metrics.playback_25_count`, `includes.media.non_public_metrics.playback_50_count`, `includes.media.non_public_metrics.playback_75_count`, `includes.media.non_public_metrics.playback_100_count` | The number of users who played through each quartile in a video. Requires OAuth 1.0a User Context authentication and media expansion `expansions=attachment.media_keys`. | ## Requesting Metrics ### Public Metrics In the following request, we are requesting public metrics on the Post and on the attached video with the following fields and expansion. Be sure to replace `$BEARER_TOKEN` with your own generated bearer token. * `tweet.fields=public_metrics` * `expansions=attachments.media_keys&media.fields=public_metrics` #### Sample Request ```bash curl 'https://api.x.com/2/tweets?ids=1204084171334832128&tweet.fields=public_metrics&expansions=attachments.media_keys&media.fields=public_metrics' --header 'Authorization: Bearer $BEARER_TOKEN' ``` ### Private Metrics (Non-public, Organic Metrics) The following request asks for non-public metrics with additional details on organic metrics for the Post and attached video. Since these fields are private and not available for public view on X, the request requires [OAuth 2.0](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) or [OAuth 1.0a](/resources/fundamentals/authentication#oauth-1-0a-2) user context authentication. Refer to our [guide](/resources/fundamentals/authentication#creating-a-signature) for generating the OAuth 1.0a signature needed below. * `tweet.fields=non_public_metrics,organic_metrics` * `expansions=attachments.media_keys&media.fields=non_public_metrics,organic_metrics` #### Sample Request ```bash curl 'https://api.x.com/2/tweets/1204084171334832128?tweet.fields=non_public_metrics,organic_metrics&media.fields=non_public_metrics,organic_metrics&expansions=attachments.media_keys' --header 'authorization: OAuth oauth_consumer_key="CONSUMER_API_KEY", oauth_nonce="OAUTH_NONCE", oauth_signature="OAUTH_SIGNATURE", oauth_signature_method="HMAC-SHA1", oauth_timestamp="OAUTH_TIMESTAMP", oauth_token="ACCESS_TOKEN", oauth_version="1.0"' ``` #### Sample Response ``` { "data": { "attachments": { "media_keys": ["13_1204080851740315648"] }, "id": "1263145271946551300", "non_public_metrics": { "impression_count": 956, "url_link_clicks": 9, "user_profile_clicks": 34 }, "organic_metrics": { "impression_count": 956, "like_count": 49, "reply_count": 2, "retweet_count": 9, "url_link_clicks": 9, "user_profile_clicks": 34 }, "text": "test" }, "includes": { "media": [ { "media_key": "13_1204080851740315648", "non_public_metrics": { "playback_0_count": 0, "playback_100_count": 1, "playback_25_count": 2, "playback_50_count": 1, "playback_75_count": 1 }, "organic_metrics": { "playback_0_count": 0, "playback_100_count": 1, "playback_25_count": 2, "playback_50_count": 1, "playback_75_count": 1, "view_count": 1 }, "type": "video" } ] } } ``` # Pagination Source: https://docs.x.com/x-api/fundamentals/pagination ## Introduction Pagination is a feature in X API v2 endpoints that return more results than can be returned in a single response. When that happens, the data is returned in a series of "pages." Pagination refers to methods for programmatically requesting all the pages to retrieve the entire result data set. Not all API endpoints support or require pagination, but it is often used when result sets are large. ### Use cases for pagination **To retrieve all results for a request:** Pagination should be used to receive all relevant data related to a specific request and parameters. Pagination is required in cases where there are more matching results than the `max_results` for a request. Looping requests with pagination tokens allows you to retrieve all results. Once a response is returned without a `next_token` value, it can be assumed that all results have been paged through. Pagination should not be used for polling purposes. To get the most recent results since a previous request, review polling with `since_id`. **To traverse through the results of a request:** Pagination provides directional options for navigating through results from a request, using `next_token` and `previous_token` values from responses. These tokens can be set as the `pagination_token` in the following request to go to the next or previous page of results. ### Pagination token definitions * `next_token` - Opaque string returned within the meta object response on endpoints that support pagination. Indicates that more results are available and can be used as the `pagination_token` parameter in the next request to return the next page of results. The last page of results will not have a `next_token` present. * `previous_token` - Opaque string returned withins the meta object response on endpoints that support pagination. Indicates that there is a previous page of results available and can be set as the `pagination_token` parameter in the next request to return the previous page of results. * `pagination_token` - Parameter used in pagination requests. Set to the value of `next_token` for the next page of results. Set to the value of `previous_token` for the previous page of results. ### Fundamentals of pagination * Endpoints that use pagination will respond to an initial request with the first page of results and provide a `next_token` within the meta object in the JSON response if additional pages of results are available. To receive all results, repeat this process until no `next_token` is included in the response. * Results are delivered in reverse-chronological order. This is true within individual pages, as well as across multiple pages: * The first Post in the first response will be the most recent. * The last Post in the last response will be the oldest. * The `max_results` request parameter allows you to configure the number of Posts returned per response page. There is a default and maximum `max_results`. * Every pagination implementation will involve parsing tokens from the response payload, which can be used in subsequent requests. * In some circumstances, you may get fewer than the `max_results` per page. Do not rely on the results per page always equaling the `max_results` parameter value. * The best ways to use pagination for complete results are by using loop logic within integration code or by using a [library](/x-api/tools-and-libraries/overview) that supports X API v2. ### Pagination example Here, there are three pages of results because `max_results` is set to `100`, and there are approximately 295 Posts created by user ID `2244994945` (@XDevelopers) between January 1, 2019, at 17:00:00 UTC and December 12 at 00:00:00 UTC. The first Post on the first page (`1337498609819021312`) is the most recent, and the last Post on the third page of results (`1082718487011885056`) is the oldest. #### Initial request ```bash https://api.x.com/2/users/2244994945/tweets?tweet.fields=created_at&max_results=100&start_time=2019-01-01T17:00:00Z&end_time=2020-12-12T01:00:00Z ``` ### Sequence Table | | **First Request** | **Second Page** | **Third Page** | **Fourth Page** | | :----------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Request Parameters** | - `max_results` = `100` - `tweet.fields` = `created_at` - `start_time` = `2019-01-01T17:00:00Z` - `end_time` = `2020-12-12T01:00:00Z` | - `max_results` = `100` - `tweet.fields` = `created_at` - `start_time` = `2019-01-01T17:00:00Z` - `end_time` = `2020-12-12T01:00:00Z` - `pagination_token` = `7140w` | - `max_results` = `100` - `tweet.fields` = `created_at` - `start_time` = `2019-01-01T17:00:00Z` - `end_time` = `2020-12-12T01:00:00Z` - `pagination_token` = `7140k9` | - `max_results` = `100` - `tweet.fields` = `created_at` - `start_time` = `2019-01-01T17:00:00Z` - `end_time` = `2020-12-12T01:00:00Z` - `pagination_token` = `71408hi` | | **Response** | `json { "data": [ { "created_at": "2020-12-11T20:44:52.000Z", "id": "1337498609819021312", "text": "Thanks to everyone who tuned in today..." }, ... , { "created_at": "2020-05-06T17:24:31.000Z", "id": "1258085245091368960", "text": "It’s now easier to understand Tweet impact..." } ], "meta": { "oldest_id": "1258085245091368960", "newest_id": "1337498609819021312", "result_count": 100, "next_token": "7140w" } } ` | `json { "data": [ { "created_at": "2020-04-29T17:01:44.000Z", "id": "1255542797765013504", "text": "Our developer community is full of inspiring ideas..." }, ... , { "created_at": "2019-11-21T16:17:23.000Z", "id": "1197549579035496449", "text": "Soon, we'll be releasing tools in..." } ], "meta": { "oldest_id": "1197549579035496449", "newest_id": "1255542797765013504", "result_count": 100, "next_token": "7140k9", "previous_token": "77qp8" } } ` | `json { "data": [ { "created_at": "2019-11-21T16:17:23.000Z", "id": "1197549578418941952", "text": "We know that some people who receive a large volume of replies may..." }, ... , { "created_at": "2019-01-08T19:19:37.000Z", "id": "1082718487011885056", "text": "Updates to Grid embeds..." } ], "meta": { "oldest_id": "1082718487011885056", "newest_id": "1197549578418941952", "result_count": 95, "next_token": "71408hi", "previous_token": "77qplte" } } ` | `json { "meta": { "result_count": 0, "previous_token": "77qpw8l" } } ` | | **Actions to Take for Next Request** | To get the next page, take the `next_token` value directly from the response (`7140w`) and set it as the `pagination_token` for the next request call. | To continue to get all results: take the `next_token` value directly from the response (`7140k9`) and set it as the `pagination_token` for the next request call. To traverse to the previous page: take the `previous_token` value directly from the response (`77qp8`) and set it as the `pagination_token` for the next request call. | To continue to get all results: take the `next_token` value directly from the response (`71408hi`) and set it as the `pagination_token` for the next request call. To traverse to the previous page: take the `previous_token` value directly from the response (`77qplte`) and set it as the `pagination_token` for the next request call. | Note that there is no `next_token`, which indicates that all results have been received. To traverse to the previous page: take the `previous_token` value directly from the response (`77qpw8l`) and set it as the `pagination_token` for the next request call. | # Post Annotations Source: https://docs.x.com/x-api/fundamentals/post-annotations ## Overview Annotations have been added to the Post object from all v2 endpoints that return a Post object. Post annotations offer a way to understand contextual information about the Post itself. Though 100% of Posts are reviewed, due to the contents of Post text, only a portion are annotated. 1. **Entity annotations (NER):** Entities include people, places, products, and organizations, and are delivered in the `entity` payload section. They are programmatically assigned based on what is explicitly mentioned (named-entity recognition) in the Post text. 2. **Context annotations:** Derived from analyzing a Post's text, context annotations include a domain and entity pairing to help discover Posts on topics that may have been previously difficult to surface. We currently use 80+ domains to categorize Posts. A CSV file of available context annotation entities is available in our [Github repository](https://github.com/xdevplatform/twitter-context-annotations). ## Post Annotation Types ### Entities Entity annotations are programmatically defined entities within the `entities` field and are reflected as annotations in the payload. Each annotation has a confidence score and indicates where in the Post text the entities were identified (using `start` and `end` fields). The entity annotation types include: * **Person** - Examples: Barack Obama, Daniel, George W. Bush * **Place** - Examples: Detroit, Cali, San Francisco * **Product** - Examples: Mountain Dew, Mozilla Firefox * **Organization** - Examples: Chicago White Sox, IBM * **Other** - Examples: Diabetes, Super Bowl 50 ### Context *Last updated: June 2022* Context annotations are delivered in the `context_annotations` field of the payload. They are inferred based on semantic analysis of keywords, hashtags, handles, etc., in the Post text and result in domain and/or entity labels. Currently, we use 80+ domains, as shown in the table below. | Domain Categories | Domain Codes | | :--------------------------------- | :--------------------------------- | | 3: TV Shows | 46: Brand Category | | 4: TV Episodes | 47: Brand | | 6: Sports Events | 48: Product | | 10: Person | 54: Musician | | 11: Sport | 55: Music Genre | | 12: Sports Team | 56: Actor | | 13: Place | 58: Entertainment Personality | | 22: TV Genres | 60: Athlete | | 23: TV Channels | 65: Interests and Hobbies Vertical | | 26: Sports League | 66: Interests and Hobbies Category | | 27: American Football Game | 67: Interests and Hobbies | | 28: NFL Football Game | 68: Hockey Game | | 29: Events | 71: Video Game | | 31: Community | 78: Video Game Publisher | | 35: Politicians | 79: Video Game Hardware | | 38: Political Race | 83: Cricket Match | | 39: Basketball Game | 84: Book | | 40: Sports Series | 85: Book Genre | | 43: Soccer Match | 86: Movie | | 44: Baseball Game | 87: Movie Genre | | 45: Brand Vertical | 88: Political Body | | 46: Brand Category | 89: Music Album | | 47: Brand | 90: Radio Station | | 48: Product | 91: Podcast | | 54: Musician | 92: Sports Personality | | 55: Music Genre | 93: Coach | | 56: Actor | 94: Journalist | | 58: Entertainment Personality | 95: TV Channel \[Entity Service] | | 60: Athlete | 109: Reoccurring Trends | | 65: Interests and Hobbies Vertical | 110: Viral Accounts | | 66: Interests and Hobbies Category | 114: Concert | | 67: Interests and Hobbies | 115: Video Game Conference | | 68: Hockey Game | 116: Video Game Tournament | | 71: Video Game | 117: Movie Festival | | 78: Video Game Publisher | 118: Award Show | | 79: Video Game Hardware | 119: Holiday | | 83: Cricket Match | 120: Digital Creator | | 84: Book | 122: Fictional Character | | 85: Book Genre | 130: Multimedia Franchise | | 86: Movie | 131: Unified Twitter Taxonomy | | 87: Movie Genre | 136: Video Game Personality | | 88: Political Body | 137: eSports Team | | 89: Music Album | 138: eSports Player | | 90: Radio Station | 139: Fan Community | | 91: Podcast | 149: Esports League | | 92: Sports Personality | 152: Food | | 93: Coach | 155: Weather | | 94: Journalist | 156: Cities | | 95: TV Channel \[Entity Service] | 157: Colleges & Universities | | 109: Reoccurring Trends | 158: Points of Interest | | 110: Viral Accounts | 159: States | | 114: Concert | 160: Countries | | 115: Video Game Conference | 162: Exercise & Fitness | | 116: Video Game Tournament | 163: Travel | | 117: Movie Festival | 164: Fields of Study | | 118: Award Show | 165: Technology | | 119: Holiday | 166: Stocks | | 120: Digital Creator | 167: Animals | | 122: Fictional Character | 171: Local News | | 130: Multimedia Franchise | 172: Global TV Show | | 131: Unified Twitter Taxonomy | 173: Google Product Taxonomy | | 136: Video Game Personality | 174: Digital Assets & Crypto | | 137: eSports Team | 175: Emergency Events | | 138: eSports Player | | *Note:* Domain 131 (Unified Twitter Taxonomy) refers to X's User Facing Interest Taxonomy. This taxonomy helps to power features on the platform such as [Topics](https://blog.x.com/en_us/topics/product/2020/topics-behind-the-tweets). ## Requesting Annotations ### Sample Request ```bash curl --location --request GET 'https://api.x.com/2/tweets/1212092628029698048?tweet.fields=context_annotations,entities' --header 'Authorization: Bearer $BEARER_TOKEN' ``` ### Sample Response ``` { "data": { "context_annotations": [ { "domain": { "id": "119", "name": "Holiday", "description": "Holidays like Christmas or Halloween" }, "entity": { "id": "1186637514896920576", "name": "New Years Eve" } }, { "domain": { "id": "119", "name": "Holiday", "description": "Holidays like Christmas or Halloween" }, "entity": { "id": "1206982436287963136", "name": "Happy New Year: It’s finally 2020 everywhere!", "description": "Catch fireworks and other celebrations as people across the globe enter the new year.\nPhoto via @GettyImages" } }, { "domain": { "id": "45", "name": "Brand Vertical", "description": "Top level entities that describe a Brand's industry" } }, { "domain": { "id": "46", "name": "Brand Category", "description": "Categories within Brand Verticals that narrow down the scope of Brands" }, "entity": { "id": "781974596752842752", "name": "Services" } }, { "domain": { "id": "47", "name": "Brand", "description": "Brands and Companies" }, "entity": { "id": "10045225402", "name": "Twitter" } } ], "entities": { "annotations": [ { "start": 144, "end": 150, "probability": 0.626, "type": "Product", "normalized_text": "Twitter" } ], "urls": [ { "start": 222, "end": 245, "url": "https://t.co/yvxdK6aOo2", "expanded_url": "https://x.com/LovesNandos/status/1211797914437259264/photo/1", "display_url": "pic.x.com/yvxdK6aOo2" } ] }, "id": "1212092628029698048", "text": "We believe the best future version of our API will come from building it with YOU. Here’s to another great year with everyone who builds on the Twitter platform. We can’t wait to continue working with you in the new year. https://t.co/yvxdK6aOo2" } } ``` ### Sample App Check out the [Post Entity Extractor on Glitch](https://tweet-entity-extractor.glitch.me/) to easily discover context annotations in Posts and see how this feature works. ## Frequently asked questions ### Context annotations The questions below are specific to the context annotations element of Tweet annotations. For more details, please see the [Overview](/x-api/fundamentals/post-annotations) page. Twitter classifies Tweets semantically, meaning that we curate lists of keywords, hashtags, and @handles that are relevant to a given topic. If a Tweet contains the text we’ve specified, it will be labeled appropriately. This differs from a machine learning approach where a model is trained specifically to classify text (in this case, Tweets) and produce a probability score alongside the output/classification. Twitter's annotations are curated by domain experts using research and QA processes that have been refined over the course of several years. The process is supported by custom tooling to scale data tracking as far as we are able to maintain excellent precision and recall. In addition, our data is audited regularly by an internal team, having received a precision score of \~80% for the past several quarters. Team members QA our entities on a daily basis to ensure high precision and recall. Additionally, our work is audited quarterly by an internal team, which manually reviews 10,000 Tweets across all of our domains to calculate a precision score. For some domains, like sports and TV, we rely on automated ingest to build out our graph. In the News domain, we track data around stories published by the Twitter Moments team. Otherwise, the team uses a variety of research methods to identify topics to track that garner a high amount of conversation on the platform. Data tracking begins the moment an entity is published; therefore, we do not annotate Tweets that were published prior to a given entity being tracked. For example, if an upstart brand/company is added to the taxonomy, we will not retroactively annotate Tweets about that brand prior to when the annotation was added. Yes. Language coverage can vary depending on the domain and the market. English and Japanese are included in the majority of the biggest entities. Below, is a list of the languages and main markets that are covered today: 1. English (US, UK) 2. Japanese (Japan) 3. Portuguese (Brazil) 4. Spanish (Argentina, Mexico, Spain) 5. Hindi (India) 6. Arabic (Saudi Arabia) 7. Turkish (Turkey) 8. Indonesian (Indonesia) 9. Russian (Russia) 10. French (France) Coming soon (\~H2 2021): 1. German (Germany) 2. Tamil (India) Below is a table of the top 15 countries ordered by the most coverage of annotated Tweets: | Rank | Country code | Country | % of Tweets annotated | | :--- | :----------- | :------------ | :-------------------- | | 1 | IN | India | 41% | | 2 | VN | Vietnam | 36% | | 3 | GB | Great Britain | 36% | | 4 | EC | Ecuador | 35% | | 5 | PE | Peru | 33% | | 6 | US | United States | 32% | | 7 | CA | Canada | 32% | | 8 | AU | Australia | 31% | | 9 | JP | Japan | 31% | | 10 | PH | Philippines | 30% | | 11 | SG | Singapore | 30% | | 12 | MY | Malaysia | 30% | | 13 | MX | Mexico | 30% | | 14 | GB | Great Britain | 29% | | 15 | NG | Nigeria | 29% | Tweet annotations consist of the following semantics to annotate a Tweet: * Accounts - we can annotate tweets from a given handle or mentioning this handle * Hashtags * Keywords/phrases For customers that are familiar with the filtered steaming APIs such as PowerTrack, the semantics used by annotations are similar in principle to the boolean rules defined to filter a stream of Tweets. If a Tweet matches the underlying semantic conditions, it will be tagged accordingly. The goal is to annotate as many Tweets as possible; however, there are several reasons why some Tweets are not annotated: * Some Tweets aren't semantically rich enough to be labelled and can't be tagged with our current annotation rules * Some Tweets aren't topical * The Tweet is about a very ephemeral topic that's not in our graph * We don't cover the language/market * We cover the language/market but we're missing a topic or a specific term/account/hashtag related to a topic we already track An entity can be part of multiple domains. The domain IDs will change but the entity ID remains the same. Donald Glover is a person (domain 10), an actor (domain 56) and a musician (domain 54) but his entity ID is still 875072662527029248. Tracking starts a month prior to the release. For popular blockbusters, like a Marvel movie, we can start tracking them as soon as they start teasing about an upcoming release. No, they do not. # null Source: https://docs.x.com/x-api/fundamentals/post-cap X API v2 has a Post consumption cap that limits the number of Posts that can be retrieved from specific endpoints on a monthly basis. Post caps apply at the [Project](/resources/fundamentals/projects) level, meaning that any requests to the endpoints listed below using the keys and tokens from [developer Apps](/resources/fundamentals/developer-apps) within that Project will count towards the Project Post cap. ## Limited v2 endpoints Posts received from any of the following endpoints count towards this monthly Post cap: * [Posts Lookup](/x-api/posts/lookup/introduction) * [Recent search](/x-api/posts/counts/introduction) * [Full-archive search](/x-api/posts/counts/introduction) * [Filtered stream](/x-api/posts/filtered-stream) * [User Post timeline](/x-api/posts/timelines) * [User mention timeline](/x-api/posts/timelines) * [Likes lookup - Posts liked by a user](/x-api/posts/likes) * [Bookmarks lookup - Posts bookmarked by a user](/x-api/posts/bookmarks/introduction) * [List Posts lookup](/x-api/lists/list-tweets/introduction) * [Spaces Lookup](/x-api/spaces/lookup/introduction) **Note:** If the same Post is returned from multiple queries during a day, it only counts once against the Post cap; Posts are deduplicated daily. ## Post cap volumes The Post cap volume varies based on your access level: | Access Tier | Monthly Post Cap | | :------------- | :-------------------------- | | **Free** | 1,500 Posts per month | | **Basic** | 10,000 Posts per month | | **Pro** | 1,000,000 Posts per month | | **Enterprise** | 50+ million Posts per month | You can check your usage towards the monthly Post cap by viewing the [main dashboard page](https://developer.x.com/content/developer-twitter/en/portal/dashboard) in the [developer portal](/resources/fundamentals/developer-portal). Under the name of your Project, you’ll see a status bar that shows your current month’s usage in relation to the Post cap, including the total Posts pulled, the percentage of Posts used, and the reset date for your usage. # Rate limits Source: https://docs.x.com/x-api/fundamentals/rate-limits Every day, many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, limits are placed on the number of requests that can be made. These limits help provide the reliable and scalable API that our developer community relies on. The maximum number of requests allowed is based on a time interval, typically over a specified period or window of time. The most common interval is fifteen minutes. For example, an endpoint with a limit of 900 requests per 15 minutes allows up to 900 requests in any 15-minute interval. Rate limits depend on the authentication method. For instance, if using [OAuth 1.0a User Context](/resources/fundamentals/authentication), each set of users’ [Access Tokens](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) has its own rate limit per period. Alternatively, if using [OAuth 2.0 Bearer Token](/resources/fundamentals/authentication#oauth-2-0), your app will have its own separate limit per time period. When these limits are exceeded, an error is returned. ## Table of contents * [X API v2 rate limits](#v2-limits) * [X API Enterprise rate limits](#v2-limits-enterprise) * [Rate limits and authentication method](#auth) * [HTTP headers and response codes](#headers-and-codes) * [Recovering from rate limits](#recovering) * [Tips to avoid being rate limited](#tips) ## X API v2 rate limits The following table lists the rate limits of each X API paid plan. These limits are also available in the [developer portal](/resources/fundamentals/developer-portal)'s products section.
Endpoint Pro Limit Basic Limit Free Limit
Tweets
DELETE /2/tweets/:id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 17 requests / 24 hours
PER USER
17 requests / 24 hours
PER APP
DELETE /2/users/:id/likes/:tweet\_id 50 requests / 15 mins
PER USER		 100 requests / 24 hours
PER USER		 1 requests / 15 mins
PER USER
DELETE /2/users/:id/retweets/:tweet\_id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/tweets 900 requests / 15 mins
PER USER
450 requests / 15 mins
PER APP		 15 requests / 15 mins
PER USER
15 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/tweets/:id 900 requests / 15 mins
PER USER
450 requests / 15 mins
PER APP		 15 requests / 15 mins
PER USER
15 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/tweets/:id/liking\_users 75 requests / 15 mins
PER USER
75 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/tweets/:id/quote\_tweets 75 requests / 15 mins
PER USER
75 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/tweets/:id/retweeted\_by 75 requests / 15 mins
PER USER
75 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/tweets/counts/all 300 requests / 15 mins
PER APP
GET /2/tweets/counts/recent 300 requests / 15 mins
PER APP		 5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER APP
GET /2/tweets/search/all 1 requests / second
PER USER
1 requests / second
PER APP
GET /2/tweets/search/recent 300 requests / 15 mins
PER USER
450 requests / 15 mins
PER APP		 60 requests / 15 mins
PER USER
60 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/tweets/search/stream 50 requests / 15 mins
PER APP
GET /2/tweets/search/stream/rules 450 requests / 15 mins
PER APP
GET /2/users/:id/liked\_tweets 75 requests / 15 mins
PER USER
75 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/users/:id/mentions 300 requests / 15 mins
PER USER
450 requests / 15 mins
PER APP		 10 requests / 15 mins
PER USER
15 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/users/:id/timelines/reverse\_chronological 180 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/users/:id/tweets 900 requests / 15 mins
PER USER
1500 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
10 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/users/reposts\_of\_me 75 requests / 15 mins
PER USER		 75 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
POST /2/tweets 100 requests / 15 mins
PER USER
10000 requests / 24 hours
PER APP		 100 requests / 24 hours
PER USER
1667 requests / 24 hours
PER APP		 17 requests / 24 hours
PER USER
17 requests / 24 hours
PER APP
POST /2/tweets/search/stream/rules 100 requests / 15 mins
PER APP
POST /2/users/:id/likes 1000 requests / 24 hours
PER USER		 200 requests / 24 hours
PER USER		 1 requests / 15 mins
PER USER
POST /2/users/:id/retweets 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
PUT /2/tweets/:tweet\_id/hidden 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
Users
DELETE /2/users/:source\_user\_id/following/:target\_user\_id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
DELETE /2/users/:source\_user\_id/muting/:target\_user\_id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/users 900 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 100 requests / 24 hours
PER USER
500 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
GET /2/users/:id 900 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 100 requests / 24 hours
PER USER
500 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
GET /2/users/:id/blocking 15 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/users/:id/muting 15 requests / 15 mins
PER USER		 100 requests / 24 hours
PER USER		 1 requests / 24 hours
PER USER
GET /2/users/by 900 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 100 requests / 24 hours
PER USER
500 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
GET /2/users/by/username/:username 900 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 100 requests / 24 hours
PER USER
500 requests / 24 hours
PER APP		 3 requests / 15 mins
PER USER
3 requests / 15 mins
PER APP
GET /2/users/me 75 requests / 15 mins
PER USER		 250 requests / 24 hours
PER USER		 25 requests / 24 hours
PER USER
GET /2/users/search 900 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP
POST /2/users/:id/following 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
POST /2/users/:id/muting 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
Spaces
GET /2/spaces 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/spaces/:id 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/spaces/:id/buyers 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/spaces/:id/tweets 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/spaces/by/creator\_ids 300 requests / 15 mins
PER USER
1 requests / second
PER APP		 5 requests / 15 mins
PER USER
25 requests / second
PER APP		 1 requests / second
PER USER
1 requests / 15 mins
PER APP
GET /2/spaces/search 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
Direct Messages
DELETE /2/dm\_events/:id 1500 requests / 24 hours
PER USER
4000 requests / 24 hours
PER APP		 200 requests / 15 mins
PER USER
2500 requests / 24 hours
PER APP
GET /2/dm\_conversations/:dm\_conversation\_id/dm\_events 15 requests / 15 mins
PER USER		 1 requests / 24 hours
PER USER
GET /2/dm\_conversations/with/:participant\_id/dm\_events 15 requests / 15 mins
PER USER		 1 requests / 24 hours
PER USER
GET /2/dm\_events 15 requests / 15 mins
PER USER		 1 requests / 24 hours
PER USER
GET /2/dm\_events/:id 15 requests / 15 mins
PER USER		 5 requests / 24 hours
PER USER
POST /2/dm\_conversations 15 requests / 15 mins
PER USER
1440 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
POST /2/dm\_conversations/:dm\_conversation\_id/messages 15 requests / 15 mins
PER USER
1440 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
POST /2/dm\_conversations/with/:participant\_id/messages 1440 requests / 24 hours
PER USER
1440 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
Lists
DELETE /2/lists/:id 300 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
DELETE /2/lists/:id/members/:user\_id 300 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
DELETE /2/users/:id/followed\_lists/:list\_id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
DELETE /2/users/:id/pinned\_lists/:list\_id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/lists/:id 75 requests / 15 mins
PER USER
75 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/lists/:id/members 900 requests / 15 mins
PER USER
900 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/lists/:id/tweets 900 requests / 15 mins
PER USER
900 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP
GET /2/users/:id/list\_memberships 75 requests / 15 mins
PER USER
75 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/users/:id/owned\_lists 15 requests / 15 mins
PER USER
15 requests / 15 mins
PER APP		 100 requests / 24 hours
PER USER
500 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
GET /2/users/:id/pinned\_lists 15 requests / 15 mins
PER USER
15 requests / 15 mins
PER APP		 100 requests / 24 hours
PER USER
500 requests / 24 hours
PER APP		 1 requests / 24 hours
PER USER
1 requests / 24 hours
PER APP
POST /2/lists 300 requests / 15 mins
PER USER		 100 requests / 24 hours
PER USER		 1 requests / 24 hours
PER USER
POST /2/lists/:id/members 300 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
POST /2/users/:id/followed\_lists 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
POST /2/users/:id/pinned\_lists 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
PUT /2/lists/:id 300 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
Bookmarks
DELETE /2/users/:id/bookmarks/:tweet\_id 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/users/:id/bookmarks 180 requests / 15 mins
PER USER		 10 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
GET /2/users/:id/bookmarks/folders 50 requests / 15 mins
PER USER
50 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/users/:id/bookmarks/folders/:folder\_id 50 requests / 15 mins
PER USER
50 requests / 15 mins
PER APP		 5 requests / 15 mins
PER USER
5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
POST /2/users/:id/bookmarks 50 requests / 15 mins
PER USER		 5 requests / 15 mins
PER USER		 1 requests / 15 mins
PER USER
Compliance
GET /2/compliance/jobs 150 requests / 15 mins
PER APP		 5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER APP
GET /2/compliance/jobs/:job\_id 150 requests / 15 mins
PER APP		 5 requests / 15 mins
PER APP		 1 requests / 15 mins
PER APP
POST /2/compliance/jobs 150 requests / 15 mins
PER APP		 15 requests / 15 mins
PER APP		 1 requests / 15 mins
PER APP
Usage
GET /2/usage/tweets 50 requests / 15 mins
PER APP		 50 requests / 15 mins
PER APP		 1 requests / 15 mins
PER APP
Trends
GET /2/trends/by/woeid/:id 75 requests / 15 mins
PER APP		 15 requests / 15 mins
PER APP
GET /2/users/personalized\_trends 10 requests / 15 mins
PER USER
200 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
20 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 24 hours
PER APP
Communities
GET /2/communities/:id 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
GET /2/communities/search 300 requests / 15 mins
PER USER
300 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
25 requests / 15 mins
PER APP		 1 requests / 15 mins
PER USER
1 requests / 15 mins
PER APP
## Rate limits and authentication method Rate limits are set at both the developer App and user access token levels: * **[OAuth 2.0 Bearer Token](/resources/fundamentals/authentication/oauth-2-0/application-only): App rate limit** This method allows you to make a certain number of requests on behalf of your developer App. When using this authentication method, limits are determined by the requests made with a Bearer Token. * Example: With a limit of 450 requests per 15-minute interval, you can make 450 requests on behalf of your App within that interval. * **[OAuth 1.0a User Context](/resources/fundamentals/authentication/oauth-1-0a/obtaining-user-access-tokens): User rate limit** This method allows requests to be made on behalf of a X user identified by the user Access Token. For example, if retrieving private metrics from Posts, authenticate with user Access Tokens for that user, generated using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). * Example: With a limit of 900 requests per 15 minutes per user, you can make up to 900 requests per user in that time frame. ... ## HTTP headers and response codes Use HTTP headers to understand where your application stands within a given rate limit, based on the most recent request made. * `x-rate-limit-limit`: rate limit ceiling for the endpoint * `x-rate-limit-remaining`: remaining requests for the 15-minute window * `x-rate-limit-reset`: remaining time before the rate limit resets (in UTC epoch seconds) ### Error Responses If an application exceeds the rate limit for an endpoint, the API will return a [HTTP 429 “Too Many Requests”](http://tools.ietf.org/html/rfc6585) response with the following error message in the response body: ```json { "errors": [ { "code": 88, "message": "Rate limit exceeded" } ] } ``` ## Recovering from a rate limit When these rate limits are exceeded, a 429 'Too many requests' error is returned from the endpoint. As discussed below, when rate limit errors occur, a best practice is to examine HTTP headers that indicate when the limit resets and pause requests until then.
When a "too many requests" or rate-limiting error occurs, the frequency of making requests needs to be slowed down. When a rate limit error is hit, the `x-rate-limit-reset:` HTTP header can be checked to learn when the rate-limiting will reset

. Another common pattern is based on exponential backoff, where the time between requests starts off small (for example, a few seconds), then doubled before each retry. This is continued until a request is successful, or some reasonable maximum time between requests is reached (for example, a few minutes).

Ideally, the client-side is self-aware of existing rate limits and can pause requests until the currently exceeded window expires. If you exceed a 15-minute limit, then waiting a minute or two before retrying makes sense.

Note that beyond these limits on the number of requests, the Standard Basic level of access provides up to 500,000 Posts per month from the recent search and filtered stream endpoints. If you have exceeded the monthly limit on the number of Posts, then it makes more sense for your app to raise a notification and know its enrollment day of the month and hold off requests until that day. ### Tips to avoid being rate limited The tips below are there to help you code defensively and reduce the possibility of being rate limited. Some application features that you may want to provide are simply impossible in light of rate-limiting, especially around the freshness of results. If real-time information is an aim of your application, look into the filtered and sampled stream endpoints. #### Caching Store API responses if expecting frequent usage. Instead of calling the API on every page load, cache the response locally. #### Prioritize active users If your site keeps track of many X users (for example, fetching their current status or statistics about their X usage), consider only requesting data for users who have recently signed into your site. #### Adapt to the search results If your application monitors a high volume of search terms, query less often for searches that have no results than for those that do. By using a back-off you can keep up to date on queries that are popular but not waste cycles requesting queries that very rarely change. Alternatively, consider using the filtered stream endpoint and filter with your search queries. #### Denylist If an application abuses the rate limits, it will be denied. Denied apps are unable to get a response from the X API. If you or your application has been denied and you think there has been a mistake, you can use our [Platform Support forms](https://support.x.com/forms/platform) to request assistance. Please include the following information: 1. Explain why you think your application was denied. 2. If you are no longer being rate limited, describe in detail how you fixed the problem. # Versioning Source: https://docs.x.com/x-api/fundamentals/versioning

Along with X API v2, we launched a new versioning strategy that enables developers to better understand when to expect changes to X's public APIs, and when they will need to migrate to new versions. 

Developers will be notified of deprecations, retirements, changes, and additions to the X API via our communication channels so they can appropriately plan to accommodate these changes in their development roadmap. All changes to the API will be noted in the changelog.

The X API currently has three different versions. We strongly encourage users to utilize X API v2 when planning their integration unless we have not released functionality to v2 that is required by your use case. 

To learn more about each version, please visit the following pages:

## Versioning Strategy

Versioning for the X API will be represented by version numbers declared in the route path for our endpoints:

`https://api.x.com/2/tweets`

We aim to release major versions of the X API as necessary but no more frequently than every 12 months. A major version will be released when breaking changes are introduced in the API. We will publish migration guides when launching a new major version to help developers migrate over to the new version. 

A breaking change requires developers to change their code to maintain existing functionality in their app. Non-breaking changes will be additive and rolled out to the most recent version when ready, requiring no work on a developer’s end unless you would like to take advantage of the new functionality.

If a breaking change must be rolled out mid-cycle (for security or privacy reasons), this change will be made to the most recent version.

### Breaking changes

These changes require developers to change their code to maintain existing functionality of their application.

  • Addition of a new required parameter
  • Removal of an existing endpoint
  • Removal of any field in the response (either required or optional)
  • Removal of a query parameter
  • Restructuring of the input or output format (for example, making a top-level field a sub-field, or changing the location of errors to be inline)
  • Changing the name or data type of an existing input parameter or output value
  • Changing the name of a field
  • Changing the resource name
  • Changing a response code
  • Changing error types
  • Changes to existing authorization scopes
### Non-breaking changes
  • Addition of a new endpoint
  • Addition of a new optional parameter
  • Addition of a new response field
  • Changing text in error messages
  • Availability of new scopes
  • “Nulling” of fields (changing the value of a to null for privacy/security reasons as an alternative to removing it altogether)
### Deprecation and retirement

First of all, here is our definition of what deprecation and retirement mean to the X API:

  • Deprecation: The feature is no longer supported by the team. No new functionality will be released around that feature, and if there are any bugs or issues with the product, the chances that we will explore a fix are extremely low. 
  • Retired: The feature will no longer be accessible.

In most cases, as soon as a new version is released, the previous version will be marked as deprecated. Versions will remain in a deprecated state for a period of time, after which they will be retired. 

Please stay informed to learn more about future deprecations and retirements.

# About the X API Source: https://docs.x.com/x-api/getting-started/about-x-api The X API can be used to programmatically retrieve and analyze X data, as well as build for the conversation on X. Over the years, the X API has grown by adding additional levels of access for developers to be able to scale their access to enhance and research the public conversation. Recently, we released the X API v2. The X API v2 includes a modern foundation, new and advanced features, and quick onboarding to [Basic access](https://developer.x.com/en/portal/products/basic). The following three tabs explain the different versions and access levels of the X API, what’s new with v2, and which X resources you can retrieve, create, destroy, and adjust using the API. ## X API access levels and versions While the X API v2 is the primary X API, the platform currently supports previous versions (v1.1, Gnip 2.0) as well. We recommend that all users start with v2 as this is where all future innovation will happen. The **X API v2** includes a few access levels: | | Free | Basic | Pro | Enterprise | | :---------------------------- | :------------------------------------------------------------- | :-------------------------------------------------------------- | :------------------------------------------------------------ | :---------------------------------------------------------------------------------------------------------- | | Getting access | [Get Started](https://developer.x.com/en/portal/products/free) | [Get Started](https://developer.x.com/en/portal/products/basic) | [Get Started](https://developer.x.com/en/portal/products/pro) | [Get Started](https://docs.x.com/resources/enterprise/forms/enterprise-api-interest#enterprise-access-form) | | Price | Free | \$100/month | \$5000/month | - | | Access to X API v2 | ✔️ (Only Post creation) | ✔️ | ✔️ | ✔️ | | Access to standard v1.1 | ✔️(Limited) | ✔️(Limited) | ✔️(Limited) | ✔️ | | Project limits | 1 Project | 1 Project | 1 Project | - | | App limits | 1 App per Project | 2 Apps per Project | 3 Apps per Project | - | | Post caps - Post | 1,500 | 3,000 | 300,000 | - | | Post caps - Pull | ❌ | 10,000 | 1,000,000 | - | | Filtered stream API | ❌ | ❌ | ✔️ | ✔️ | | Access to full-archive search | ❌ | ❌ | ✔️ | ✔️ | | Access to Ads API | ✔️ | ✔️ | ✔️ | ✔️ | ## What's new with v2 The X API v2 represents the largest upgrade of the X API since 2012. With it comes a host of new and advanced features, as well as fast and free access to the API. Some of the features that are available with v2 include the following: ### New endpoints We have released a set of net-new endpoints to X API v2. You can see a full list of v2 endpoints, including those that are new, on our X API endpoint map guide. [Visit the X API endpoint map >](/x-api/migrate/x-api-endpoint-map) ### New and more detailed data objects We've modernized our data objects with a variety off new improvements that will enable you to more easily navigate and parse data. [Visit the data dictionary >](/x-api/fundamentals/data-dictionary) ### New parameters to help you retrieve just those objects and fields that you want We've added fields and expansions parameters to our data endpoints that allow you to request related objects and fields beyond those fields that return by default. [Learn how to use fields and expansions >](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) ### Advanced metrics More easily understand the performance of Posts, users, media, and polls from directly within your payload by requesting both public and private metrics including impressions, video views, user profile, and URL clicks, some of which are separated into an organic and promoted context. [Learn more about metrics >](/x-api/fundamentals/metrics) ### Filter on and identify which Posts contain different topics When using search Posts or filtered stream, you can now filter by topic using our entity and context operators. We've also provided these topics within the Post payload to help with analysis. [Learn more about Post annotations >](/x-api/fundamentals/post-annotations) ### Filter on and identify which Posts belong to a reply thread Make it easier to identify a Post as part of a conversation thread when using search Posts, filtered stream, and Post lookup. We've also added the ability to determine whether conversation reply settings have been set for a Post with the Post field `reply_settings`. [Learn more about conversation tracking >](/x-api/fundamentals/conversation-id) ### And so much more... * High confidence spam filtering * Shortened URLs are fully unwound for easier URL analysis * Simplified JSON response objects by removing deprecated fields and modernizing labels * Recovery and redundancy functionality for our streaming endpoints * Return of 100% of matching public and available Posts in search queries * Streaming "rules" so you can make changes without dropping connections * More expressive query language for filtered stream and search * OpenAPI spec to build new libraries & more transparently track changes * API support for new features and endpoints more quickly as our platform evolves to meet the needs of developers, researchers, businesses, and people using X ## X API platform resources In the API design space, a resource is an entity with associated data, relationships to other resources, and a set of methods that operate on it. For example, a Post is a resource that you can create, delete, or retrieve using a variety of different tools, such as historically searching for them, or retrieving them in real-time. The X API provides access to create, delete, receive, or adjust a variety of different resources on the platform including the following: | Resource | Description | | :------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Posts** | Tap into millions of Posts to understand the public conversation, or create your own to engage with the conversation. Current availability: - X API v2 - Enterprise - Standard v1.1 | | **Users** | Manage or look up X users to analyze networks, understand your audience, or foster positive online relationships. Current availability: - X API v2 - Enterprise - Standard v1.1 | | **Spaces** | Look up and search X Spaces and their attendees to help people find interesting and relevant audio conversations. Current availability: - X API v2 | | **Direct Messages** | Send and receive Direct Messages to triage customer issues, send welcome messages, or create positive human interaction. Current availability: - Standard v1.1 | | **Lists** | Curate and manage lists of accounts to keep a pulse on industry experts, powerful voices, or organize who you follow. Current availability: - X API v2 - Standard v1.1 | | **Trends** | Identify geographic trends first to pinpoint industry movement, discover hot topics, or stay ahead of the latest fad. Current availability: - Standard v1.1 | | **Media** | Upload media objects to share your creative energy, create interactive experiences, or build accessibility tools. Current availability: - Standard v1.1 | | **Places** | Search for places to understand what's happening in your neighborhood and around the world. Current availability: - Standard v1.1 | ### Other X API offerings * Enterprise APIs (Formerly Gnip 2.0) # How to get access to the X API Source: https://docs.x.com/x-api/getting-started/getting-access ### Step one: Sign up for a developer account Signing up for a developer account is quick and easy! Just click on the button below, answer a few questions, and you can start exploring and building on the X API v2 using [Basic access](https://developer.x.com/en/portal/products/basic). Next you will create a Project and an associated developer App during the onboarding process, which will provide you a set of credentials that you will use to authenticate all requests to the API. [Sign up](https://developer.x.com/en/portal/products/basic) ### Step two: Save your App's key and tokens and keep them secure Once you have access and have created a Project and App, you will be able to find or generate the following credentials within your developer App: * **[API Key and Secret](https://developer.x.com/resources/fundamentals/authentication/api-key-and-secret):** Essentially the username and password for your App. You will use these to authenticate requests that require [OAuth 1.0a User Context](/resources/fundamentals/authentication), or to generate other tokens such as user Access Tokens or App Access Token. * **[Access Token and Secret](https://developer.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens):** In general, Access Tokens represent the user that you are making the request on behalf of. The ones that you can generate via the developer portal represent the user that owns the App. You will use these to authenticate requests that require [OAuth 1.0a User Context](/resources/fundamentals/authentication). If you would like to make requests on behalf of another user, you will need to use the 3-legged OAuth flow for them to authorize you. * **[Client ID and Client Secret](/resources/fundamentals/authentication#how-to-connect-to-endpoints-using-oauth-2-0-authorization-code-flow-with-pkce):** These credentials are used to obtain a user Access Token with OAuth 2.0 authentication. Similar to OAuth 1.0a, the user Access Tokens are used to authenticate requests that provide private user account information or perform actions on behalf of another account but, with fine-grained scope for greater control over what access the client application has on the user. * **[App only Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only):** You will use this token when making requests to endpoints that responds with information publicly available on X. Since these keys and tokens do not expire unless regenerated, we suggest that you save them in a secure location, such as a password manager, once you've received your credentials. > **Please note: Your keys and tokens will only display once in the [developer portal](/resources/fundamentals/developer-portal), so it is important that you store these credentials in your password management system as soon as you generate them.** > > If you misplace or forget the keys and tokens, you will need to regenerate them, which creates new credentials and invalidates the old ones. This means that you will have to update any integrations that you may have set up with your prior credentials. > > Learn more about our [authentication best practices](/resources/fundamentals/authentication#authentication-best-practices). ### Step three: Make your first request What's next? Let's make your first request to the API! We have guides, tutorials, tools, and code to help you get started. The following page will be a great place to start, but note that we've also put together an important resources page to help you navigate the broader documentation. [Make your first request](/x-api/getting-started/make-your-first-request) ## Next step Find an endpoint to start working with via our [API reference index](/x-api/introduction). We also have a set of X API [tools and libraries](/x-api/tools-and-libraries/overview) that you can use to speed up your integration. # Important resources Source: https://docs.x.com/x-api/getting-started/important-resources ## Learn about what's possible Our use cases, solutions, and product pages that are accessible from the top navigation are a great way to get a high-level overview of what's possible on the platform. We have also built out several [tutorials](/tutorials) that help you identify how to use one or many different platform tools to satisfy a variety of different use cases. At the lowest-level of our documentation lives our endpoint and tool docs, which all include introductory content that provides a brief overview of that tool's functionality and typical use case. For example, here is our X API v2 endpoint section for [Search Posts](/x-api/posts/search/introduction). ### Integrate an endpoint into your system To make your integration with our endpoints seamless, we have built out a set of tools, libraries, and integration guides. The easiest way to integrate is to use our [tools and libraries](/x-api/tools-and-libraries/overview), which automatically handle complex functionality such as [OAuth 1.0a User Context authentication](/resources/fundamentals/authentication#oauth-1-0a-2), pagination, and [rate limit handling](/resources/fundamentals/rate-limits). If you would rather build a solution from the ground up, our endpoint integration guides describe the functionality and best practices around integrating our endpoints into your system. These guides can be found in the different endpoint and tool documentation, listed as 'integrate' or simply 'guides'. For example, here is an integration guide on [how to build a rule for the Filter stream](/x-api/posts/filtered-stream/integrate/build-a-rule). ### Troubleshoot an issue If you are running into an error or have a question, please check out our [support hub](https://developer.x.com/en/support/twitter-api). There, you will find troubleshooting tips, answers to frequently asked questions and other useful resources. ### Keep up-to-date with the latest releases We frequently release updates to the platform to unlock new X functionality via the API. In addition to this, we aim to release at least one new major version bump per year, which will include some breaking changes. To receive the latest updates, please make sure to subscribe to our [forum's Announcements category](https://devcommunity.x.com/c/announcements/22), follow [@API](https://x.com/api) and [@XDevelopers](https://x.com/XDevelopers) on X and turn on notifications, and review our different resources via our [stay informed](https://developer.x.com/en/stay-informed) page. In addition to this, we have built out a new [migration hub](/x-api/migrate/overview) to help guide you through the process of updating to the latest version of the API. # Make your first request to the X API Source: https://docs.x.com/x-api/getting-started/make-your-first-request This guide will walk you through some steps that you could follow to make your first request. This is a great resource to help you once you've signed up for a X account. If you are interested in using code samples, more technical guides, or a graphical tool like Postman, please consider using the following guides to make your first request: * [A quick start guide to making your first request to the post endpoint](/x-api/posts/manage-tweets/quickstart) * [Getting started with Postman](/tutorials/postman-getting-started) - best for beginners * [X API v2 code samples](https://github.com/xdevplatform/Twitter-API-v2-sample-code) * [Post lookup API reference](/x-api/posts/lookup/introduction) This guide assumes that you have collected your [API key and secret](https://developer.x.com/resources/fundamentals/authentication/api-key-and-secret), [user Access Token and Secret](https://developer.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens), [App Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only), and have stored them in a secure location. You can learn how to do this by following the steps in the [getting access to the X API](/x-api/getting-started/getting-access) guide. ### Step 1. Identify which endpoint you would like to use The X API allows you to perform a variety of different actions using code that you might be able to perform on the X website or mobile application. We have a complete list of the endpoints that are available via the API listed within our [API Reference Index](/x-api/introduction), but we recommend sticking to one of the following for simplicity's sake: * [Manage Posts > Post a Tweet](/x-api/posts/manage-tweets/introduction) * [Search Posts](/x-api/posts/search/introduction) * [User lookup](/x-api/users/lookup/introduction) ### Step 2. Choose a tool to make your request While some requests can be straightforward, others can be tricky to build. That's why the amazing community of developers have developed tools to abstract away some of the complexity. The following are some recommended tools and details on how to use them: #### Postman Postman is a visual tool that you can use to make requests to REST endpoints. We've created some great materials around Postman to help you get started with and explore the different endpoints available via the X API. We recommend you read through our ["Getting started with Postman" tutorial](/tutorials/postman-getting-started) to learn how to add your keys and tokens and make your first request. We've also produced a quick start guide for each of our X API v2 endpoints, most of which use Postman. You can find these guides in each respective endpoint section, but here is a link to a few: * Quick start: Post a Tweet * Quick start: Search for Posts * Quick start: Lookup a user Please note that you can't make requests to streaming endpoints using Postman. Please visit the [filtered stream](/x-api/posts/filtered-stream/quickstart) or [1% sampled stream](/x-api/posts/sample-stream) quick start guide to learn how to work with those endpoints. If you prefer a more simple graphical tool, you should also consider using [Insomnia](https://insomnia.rest). #### Sample code If you are interested in using some simple code to make your request, we've put together sample code in multiple different languages for each of our X API v2 endpoints. You can find the code samples via our Github repo, [X-API-v2-sample-code](https://github.com/xdevplatform/Twitter-API-v2-sample-code), which also contains a README file that you can use to learn how to set up your credentials to properly work with the requests. For example, here is a cURL example for the user lookup endpoint. All you have to do to use this request is replace the $ACCESS_TOKEN and $USERNAME with your [App Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) and X handle. Then, copy and paste this code into your command line tool and press 'Return' or 'Enter'. ```bash curl "https://api.x.com/2/users/by/username/$USERNAME" -H "Authorization: Bearer $ACCESS_TOKEN" ``` #### Libraries The amazing X Developer community has also built libraries in a variety of different coding languages that can be used to make requests to the X API. We've built out a ["Tools and libraries" page](/x-api/tools-and-libraries/overview) that lists all of the community libraries that we are aware of. Each library should have a ReadMe file that can be used to learn how to set up the repo on your machine and make your first request. > **Please note:** If you run into any problems, please read through our developer docs for the endpoint that you are making a request to, our [support section](https://developer.x.com/en/support), or reach out to the community on our forums for help. We'll get you to a successful request! ### Step 3. Review the response Once you've made a successful request, you will receive a payload with metadata related to the request. If you used an endpoint that utilizes a GET HTTP method, you will receive metadata related to the resource (Post, user, List, Space, etc) that you made the request to in JSON format. Review the different fields that returned and see if you can map the information that you requested to the content on X. If you used an endpoint that utilizes a POST, PUT, or DELETE HTTP method, you performed an action on X. Go to X.com or the mobile app and see if you can track down that action. ### Step 4. Adjust your request using parameters Each endpoint has a different set of parameters that you can use to alter your request. For example, you can request additional metadata fields when using GET endpoints with the fields and expansions parameters. You can also experiment with a variety of different filtering tools with endpoints such as [search Posts](/x-api/posts/search/introduction), [Post counts](/x-api/posts/counts/introduction), and [filtered stream](/x-api/posts/filtered-stream/introduction) to help narrow down the data you receive to just those Posts that you are interested in. You can find a full list of the request parameters and fields in the API Reference for the endpoint that you are working with, and a host of other helpful integration information in our integration guides and fundamentals pages. You can learn more about all of the educational materials we've made available to you via our [Important resources](/x-api/getting-started/important-resources) guide. # Introduction Source: https://docs.x.com/x-api/introduction export const Button = ({href, children}) => { return ; }; The X API enables programmatic access to X in unique and advanced ways. Tap into core elements of X like: Posts, Direct Messages, Spaces, Lists, users, and more.
*** ## X API v2 X API v2 is ready for prime time! We recommend that the majority of developers start to think about migrating to v2 of the API, and for any new users to get started with v2. Why migrate? ## Access Levels ### Free * For write-only use cases and testing the X API * Low rate-limit access to v2 posts and media upload endpoints * 1,500 Posts per month - posting limit at the app level * 1 Project, 1 App per Project, 1 Environment * Login with X, Access to Ads API * Cost: Free ### Basic * For hobbyists or prototypes * Low-rate limit access to suite of v2 endpoints * 3,000 Posts per month (user level), 50,000 Posts per month (app level) * 10,000/month Posts read-limit rate cap * 1 Project, 2 Apps per Project * Login with X, Access to Ads API * Cost: \$200 per month ### Pro * For startups scaling their business * Rate-limited access to suite of v2 endpoints, including search and filtered stream * 1,000,000 Posts per month - GET at the app level * 300,000 Posts per month - posting limit at the app level * 1 Project, 3 Apps per Project * Login with X, Access to Ads API * Cost: \$5,000 per month ### Enterprise * For businesses and scaled commercial projects * Commercial-level access that meets your and your customer's specific needs * Managed services by a dedicated account team * Complete streams: replay, engagement metrics, backfill, and more features * Cost: Monthly subscription tiers ## Migrate to X API v2 Interested in migrating your current integration to X API v2? Check out our migration hub for resources that will help you understand what is different between v2 and previous versions, including the data formats. You can also access migration guides for each endpoint listed in the new v2 endpoint sections.
*** ## What to build Check out our 'what to build" page to learn more about: * Moderate conversations for health and safety * Enable creation and personal expression * Measure and analyze "what's happening" * Improve community experiences * Curate and recommend content * Impact the greater good ## Tools to get you started Go from zero to "Hello World" with the help of these resources, tools, and libraries. Check out our curated selection of all X-built and community-supported client libraries.
[Browse libraries](/x-api/tools-and-libraries/overview) We have built out a Postman collection for our v2 endpoints to help you explore the API using their visual client!
[Get started with Postman](https://www.postman.com/xapidevelopers/twitter-s-public-workspace/collection/r90eid4/twitter-api-v2?ctx=documentation) Looking to get started building with the X API. We have sample code, clients, and other example apps available. Check out the @XDevelopers GitHub!
[Get started with our sample code](https://github.com/xdevplatform) ## Need help? Visit our support section for troubleshooting tips, FAQs, live API status monitor, and other helpful information. ## Join the conversation Explore our forum created for developers building and innovating on the X Developer Platform. # Data Formation Migration Source: https://docs.x.com/x-api/migrate/data-format-migration export const Button = ({href, children}) => { return ; }; ## Introduction With the launch of the v2 version of the X API, we have adopted a new data response format and method of requesting different objects and fields, which we are simply calling the X API v2 format.  In the general differences section, you can learn about some changes that are relevant to standard, and enterprise users. However, we also put together a specific guide for the [standard v1.1 Native format](https://developer.x.com/en/docs/x-api/v1/data-dictionary/overview), the enterprise [Native Enriched format](/x-api/enterprise-gnip-2.0/fundamentals/data-dictionary#native-enriched-tweet-object), and the enterprise [Activity Streams format](/x-api/enterprise-gnip-2.0/fundamentals/data-dictionary#activity-object) which helps to map fields and explains which fields and expansions you must use to request the new v2 fields.  * [Native format to X API v2 (standard v1.1)](/x-api/migrate/data-format-migration#migrating-from-standard-v1-1s-data-format-to-v2)  * [Native Enriched to X API v2 (enterprise)](/x-api/migrate/data-format-migration#migrating-from-native-enriched-data-format-to-v2) * [Activity Streams to X API v2 (enterprise)](/x-api/migrate/data-format-migration#migrating-from-activity-streams-data-format-to-v2) You may also be interested in our [visual data format migration tool](/x-api/migrate/data-format-migration#visual-data-format-migration-tool) to help you quickly see the differences between the [X API v1.1 data format](https://developer.x.com/en/docs/x-api/v1/data-dictionary/overview) and the [X API v2 format](/x-api/introduction). ### General differences #### Requesting objects and fields One of the biggest changes between the pre-v2 endpoints and v2 is that the newer version only returns a few fields by default, whereas standard, premium, and enterprise endpoints deliver most fields by default. The new version uses parameters called [fields](/x-api/fundamentals/fields) and [expansions](/x-api/fundamentals/expansions) to specifically request additional data beyond the defaults, meaning that you can request just the data you need without having to ingest fields that don’t matter to you.  Any fields that you request that relate to the primary data object will return in that primary data object along with the default values. However, if you request any expanded objects using the expansions parameter, the secondary objects will return in a new includes object. You can match the expanded objects in the includes object back to the primary object by using the ID field which will return in both. For example, if you are using the v2 [Post lookup](/x-api/posts/lookup/introduction) endpoint and you include the expansions=author\_id parameter in your request, you will receive the author\_id field within the primary Post object, as well as a user object per Post in the includes object, each of which will include the default id field that can be used to match the user object back to the Post object. Here is an example of what this looks like: ``` { "data": [ { "author_id": "2244994945", "id": "1397568983931392004", "text": "The Twitter Developer Platform. Ooh la la! https://t.co/iGTdPXBfOv https://t.co/Ze8z8EODdg" } ], "includes": { "users": [ { "id": "2244994945", "name": "Twitter Dev", "username": "TwitterDev" } ] } } ``` #### Updated JSON design In addition to the changes in how you request certain fields, X API v2 is also introducing new JSON designs for the objects returned by the APIs, including [Post](/x-api/fundamentals/data-dictionary#tweet) and [user](/x-api/fundamentals/data-dictionary#user) objects. * At the JSON root level, the standard endpoints return Post objects in a **statuses** array, while X API v2 returns a **data** array.  * Instead of referring to Retweeted and Quoted "statuses", X API v2 JSON refers to Retweeted and Quoted Tweets. Many legacy and deprecated fields, such as **contributors** and **user.translator\_type** are being removed.  * Instead of using both **favorites** (in Post object) and **favourites** (in user object), X API v2 uses the term like.  * X is adopting the convention that JSON values with no value (for example, null) are not written to the payload. Post and user attributes are only included if they have a non-null values.    #### New v2 fields We also introduced a new set of fields to the [Post object](/x-api/fundamentals/data-dictionary#tweet) including the following: * A [conversation\_id](/x-api/fundamentals/conversation-id) field * Two new [annotations](/x-api/fundamentals/post-annotations) fields, including context and entities * Several new [metrics](/x-api/fundamentals/metrics) fields  * A new reply\_setting field, which shows you who can reply to a given Post ### Migrating from standard v1.1's data format to v2 If you haven't already, we recommend that you read through the [data formats migration](/x-api/migrate/data-format-migration) introduction to start. You may also be interested in our [visual data format migration tool](/x-api/migrate/data-format-migration#visual-data-format-migration-tool) to help you quickly see the differences between the [X API v1.1 data format](https://developer.x.com/en/docs/x-api/v1/data-dictionary/overview) and the [X API v2 format](/x-api/fundamentals/data-dictionary). The standard v1.1 data format, also known as the native format, is the primary format that delivers with the [standard v1.1](https://developer.x.com/en/docs/twitter-api/v1) endpoints. If you are using the premium product, please refer to the [native enriched guide](/x-api/migrate/data-format-migration#migrating-from-native-enriched-data-format-to-v2). Enterprise clients might be using native enriched or activity streams, depending on how you are set up within the Gnip console.  #### Standard v1.1 vs v2 payload structure The following table displays the high-level objects and format that you can expect to receive from v2 compared to the v1.1 format. | | **v1.1 structure** | **v2 structure** | | :---------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Default** | \{
~~all tweet object fields~~,
"entities": \{
"hashtags": \[],
"symbols": \[],
"user\_mentions": \[],
"urls": \[],
"media": \[]
},
"extended\_entities": {},
"user": {},
"place": {},
"retweeted\_status/quoted\_status"
} | \{
"data": \[\{
"id",
"text",

"edit\_history\_tweet\_ids"
}]
} | | **With defined [field and expansion](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) parameters** | | \{
"data": \[\{
~~tweet object fields~~,
"entities": \{
"hashtags": \[],
"cashtags": \[],
"mentions": \[],
"urls": \[],
},
"attachments": \{

"media\_keys": \[],

"poll\_ids": \[]

}
}],
"includes": \[
"tweets": \[~~tweet objects~~],
"users": \[~~user objects~~],
"media": \[~~media objects~~],
"places": \[~~place object~~],

"polls": \[~~poll object~~]
],

"matching\_rules": \[]
} | **Field mapping** The following section describes which v1.1 fields map to v2 fields, as well as which v2 parameters are required to receive the new field.   #### Tweet object | | | | | :----------------------------- | :----------------------------------------------- | :-------------------------------------------------------------------------- | | **Twitter 1.1 format** | **Twitter v2 format** | **Required v2 parameters** | | created\_at | data.created\_at | tweet.fields=created\_at | | id | | N/A id is a string | | id\_str | data.id | default | | text | data.text | default | | full\_text | | N/A text includes the complete text | | truncated | | N/A text includes the complete text | | display\_text\_range | | N/A text includes the complete text | | edit\_history | data.edit\_history\_tweet\_ids | default | | edit\_controls | data.edit\_controls | tweet.fields=edit\_controls | | editable | data.edit\_controls.is\_edit\_eligible | tweet.fields=edit\_controls | | entities | data.entities | tweet.fields=entities | | entities.user\_mentions | data.entities.mentions | tweet.fields=entities | | entities.symbols | data.entities.cashtags | tweet.fields=entities | | entities.hashtags | data.entities.hashtags | tweet.fields=entities | | entities.urls | data.entities.urls | tweet.fields=entities | | entities.media | includes.media | expansions=attachments.media\_keys | | extended\_entities | data.attachments | tweet\_fields=attachments | | in\_reply\_to\_status\_id | | N/A referenced\_tweets.id is a string | | in\_reply\_to\_status\_id\_str | data.referenced\_tweets.id (if type=replied\_to) | expansions=referenced\_tweets.id | | in\_reply\_to\_user\_id | | N/A in\_reply\_to\_user\_id is a string | | in\_reply\_to\_user\_id\_str | data.in\_reply\_to\_user\_id | tweet.fields=in\_reply\_to\_user\_id | | in\_reply\_to\_screen\_name | includes.users..username | tweet.fields=in\_reply\_to\_user\_id\&expansions=entities.mentions.username | | user | includes.users | expansions=author\_id | | geo | data.geo.place\_id | tweet.fields=geo | | coordinates | data.geo.place\_id | expansions=geo.place\_id | | place | data.geo.place\_id | expansions=geo.place\_id | | retweeted\_status | data.referenced\_tweets.id (if type=retweeted) | expansions=referenced\_tweets.id | | is\_quoted\_status | | Not available | | quoted\_status\_id | | N/A referenced\_tweets.id is a string | | quoted\_status\_id\_str | data.referenced\_tweets.id (if type=quoted) | expansions=referenced\_tweets.id | | quoted\_status\_permalink | | Not Available | | quoted\_status | data.referenced\_tweets (if type=quoted) | expansions=referenced\_tweets.id | | retweet\_count | data.public\_metrics.retweet\_count | tweet.fields=public\_metrics | | favorite\_count | data.public\_metrics.like\_count | tweet.fields=public\_metrics | | favorited | | Not available | | retweeted | | Not available | | possibly\_sensitive | data.possibly\_sensitive | tweet.fields=possibly\_sensitive | | lang | data.lang | tweet.fields=lang | | scopes | | Not available | | withheld | data.withheld | tweet.fields=withheld | **Example** | | | | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Tweet object in 1.1**

Example URI with parameters:

[https://api.x.com/1.1/statuses/lookup.json?id=1359554366051504129\&tweet\_mode=extended](https://api.x.com/1.1/statuses/lookup.json?id=1359554366051504129\&tweet_mode=extended) | **Tweet object and request with v2**

Example URI with parameters:

[https://api.x.com/2/tweets?ids=1359554366051504129\&tweet.fields=attachments,author\\\_id,context\\\_annotations,conversation\\\_id,created\\\_at,entities,geo,id,in\\\_reply\\\_to\\\_user\\\_id,lang,possibly\\\_sensitive,public\\\_metrics,referenced\\\_tweets,reply\\\_settings,text,withheld](https://api.x.com/2/tweets?ids=1359554366051504129\&tweet.fields=attachments,author\\_id,context\\_annotations,conversation\\_id,created\\_at,entities,geo,id,in\\_reply\\_to\\_user\\_id,lang,possibly\\_sensitive,public\\_metrics,referenced\\_tweets,reply\\_settings,text,withheld) | | \{
"created\_at": "Wed Feb 10 17:26:34 +0000 2021",
"id": 1359554366051504129,
"id\_str": "1359554366051504129",
"text": "Go ahead, follow another puppy account. We won’t judge. \n\nIntroducing the manage follows endpoints to the new… https:\\/\\/t.co\\/3cBZKZUevF",
"truncated": true,
"entities": \{
"hashtags": \[],
"symbols": \[],
"user\_mentions": \[],
"urls": \[\{
"url": "https:\\/\\/t.co\\/3cBZKZUevF",
"expanded\_url": "https:\\/\\/twitter.com\\/i\\/web\\/status\\/1359554366051504129",
"display\_url": "twitter.com\\/i\\/web\\/status\\/1…",
"indices": \[
111,
134
]
}]
},

"in\_reply\_to\_status\_id": null,
"in\_reply\_to\_status\_id\_str": null,
"in\_reply\_to\_user\_id": null,
"in\_reply\_to\_user\_id\_str": null,
"in\_reply\_to\_screen\_name": null,
"user": \{
...
},
"geo": null,
"coordinates": null,
"place": null,
"contributors": null,
"is\_quote\_status": false,
"retweet\_count": 18,
"favorite\_count": 98,
"favorited": false,
"retweeted": false,
"possibly\_sensitive": false,
"possibly\_sensitive\_appealable": false,
"lang": "en"
} | \{
"data": \[\{
"id": "1359554366051504129",
"text": "Go ahead, follow another puppy account. We won’t judge. \n\nIntroducing the manage follows endpoints to the new #TwitterAPI. You can now use the v2 API to follow and unfollow accounts. Learn more [https://t.co/mtpd9VIMDa](https://t.co/mtpd9VIMDa)",
"lang": "en",
"conversation\_id": "1359554366051504129",
"possibly\_sensitive": false,
"reply\_settings": "everyone",
"created\_at": "2021-02-10T17:26:34.000Z",
"author\_id": "2244994945",
"public\_metrics": \{
"retweet\_count": 18,
"reply\_count": 11,
"like\_count": 98,
"quote\_count": 7
},
"entities": \{
"hashtags": \[\{
"start": 110,
"end": 121,
"tag": "TwitterAPI"
}],
"urls": \[\{
"start": 194,
"end": 217,
"url": "[https://t.co/mtpd9VIMDa](https://t.co/mtpd9VIMDa)",
"expanded\_url": "[https://devcommunity.x.com/t/introducing-the-new-manage-follows-endpoints-to-the-twitter-api-v2/149465](https://devcommunity.x.com/t/introducing-the-new-manage-follows-endpoints-to-the-twitter-api-v2/149465)",
"display\_url": "devcommunity.com/t/introducing-…",
"images": \[\{
"url": "[https://pbs.twimg.com/news\\\_img/1359554367905427457/DczC72\\\_\\\_?format=jpg\&name=orig](https://pbs.twimg.com/news\\_img/1359554367905427457/DczC72\\_\\_?format=jpg\&name=orig)",
"width": 1200,
"height": 630
},
\{
"url": "[https://pbs.twimg.com/news\\\_img/1359554367905427457/DczC72\\\_\\\_?format=jpg\&name=150x150](https://pbs.twimg.com/news\\_img/1359554367905427457/DczC72\\_\\_?format=jpg\&name=150x150)",
"width": 150,
"height": 150
}
],
"status": 200,
"title": "Introducing the new manage follows endpoints to the X API v2",
"description": "To follow, or not to follow? You’re now free to answer that question however you like using the X API v2. Today, we’re excited to announce the release of the new manage follows endpoints into the new Twitter API. As teased when we launched the follows lookup endpoints a little over a month ago, the ability to manage follow relationships is finally here. These are some of our most popular endpoints on our v1.1 APIs, so we’re excited to unlock a wide range of use cases on X API v2. W\...",
"unwound\_url": "[https://devcommunity.x.com/t/introducing-the-new-manage-follows-endpoints-to-the-twitter-api-v2/149465](https://devcommunity.x.com/t/introducing-the-new-manage-follows-endpoints-to-the-twitter-api-v2/149465)"
}]
},
"context\_annotations": \[\{
"domain": \{
"id": "46",
"name": "Brand Category",
"description": "Categories within Brand Verticals that narrow down the scope of Brands"
},
"entity": \{
"id": "781974596752842752",
"name": "Services"
}
},
\{
"domain": \{
"id": "47",
"name": "Brand",
"description": "Brands and Companies"
},
"entity": \{
"id": "10045225402",
"name": "Twitter"
}
}
]
}]
} | *** #### User object | | | | | :----------------------------------------------- | :---------------------------------------------- | :----------------------------------------------------- | | **Twitter 1.1 format** | **Twitter v2 format** | **Required v2 parameters** | | user\_id | data.author\_id | tweet.fields=author\_id | | user.id | | N/A use includes.users.id | | user.id\_str | includes.users.id | expansions=author\_id | | user.name | includes.users.name | expansions=author\_id | | user.screen\_name | includes.user.username | expansions=author\_id | | user.location | includes.users.location | expansions=author\_id\&user.fields=location | | user.description | includes.users.description | expansions=author\_id\&user.fields=description | | user.url | includes.users.url | expansions=author\_id\&user.fields=entities | | user.entities | includes.users.entities | | | user.entities.url.urls.url | includes.users.entities.url.urls.url | | | user.entities.url.urls.expanded\_url | includes.users.entities.url.urls.expanded\_url | expansions=author\_id\&user.fields=entities | | user.entities.url.urls.display\_url | includes.users.entities.url.urls.display\_url | expansions=author\_id\&user.fields=entities | | user.entities.url.urls.display\_url.indicies\[0] | includes.users.entities.url.urls.start | expansions=author\_id\&user.fields=entities | | user.entities.url.urls.display\_url.indicies\[1] | includes.users.entities.url.urls.end | expansions=author\_id\&user.fields=entities | | user.protected | includes.users.protected | expansions=author\_id\&user.fields=protected | | user.followers\_count | includes.users.public\_metrics.followers\_count | expansions=author\_id\&user.fields=public\_metrics | | user.friends\_count | includes.users.public\_metrics.following\_count | expansions=author\_id\&user.fields=public\_metrics | | user.listed\_count | includes.users.public\_metrics.listed\_count | expansions=author\_id\&user.fields=public\_metrics | | user.created\_at | includes.users.created\_at | expansions=author\_id\&user.fields=created\_at | | user.favourites\_count | | | | user.verified | includes.users.verified | expansions=author\_id\&user.fields=verified | | user.statuses\_count | includes.users.public\_metrics.tweet\_count | expansions=author\_id\&user.fields=public\_metrics | | user.profile\_image\_url\_https | includes.users.profile\_image\_url | expansions=author\_id\&user.fields=profile\_image\_url | **Example** | | | | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **User object in 1.1** | **User object and request with v2** | | "user": \{
"id": 2244994945,
"id\_str": "2244994945",
"name": "Twitter Dev",
"screen\_name": "TwitterDev",
"location": "127.0.0.1",
"description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.",
"url": "https:\\/\\/t.co\\/3ZX3TNiZCY",
"entities": \{
"url": \{
"urls": \[\{
"url": "https:\\/\\/t.co\\/3ZX3TNiZCY",
"expanded\_url": "https:\\/\\/developer.x.com\\/en\\/community",
"display\_url": "developer.x.com\\/en\\/community",
"indices": \[
0,
23
]
}]
},
"description": \{
"urls": \[]
}
},
"protected": false,
"followers\_count": 517232,
"friends\_count": 2032,
"listed\_count": 1722,
"created\_at": "Sat Dec 14 04:35:55 +0000 2013",
"favourites\_count": 2134,
"utc\_offset": null,
"time\_zone": null,
"geo\_enabled": true,
"verified": true,
"statuses\_count": 3677,
"lang": null,
"contributors\_enabled": false,
"is\_translator": false,
"is\_translation\_enabled": false,
"profile\_background\_color": "FFFFFF",
"profile\_background\_image\_url": "http:\\/\\/abs.twimg.com\\/images\\/themes\\/theme1\\/bg.png",
"profile\_background\_image\_url\_https": "https:\\/\\/abs.twimg.com\\/images\\/themes\\/theme1\\/bg.png",
"profile\_background\_tile": false,
"profile\_image\_url": "http:\\/\\/pbs.twimg.com\\/profile\_images\\/1354494203451961345\\/d8HkZl6p\_normal.jpg",
"profile\_image\_url\_https": "https:\\/\\/pbs.twimg.com\\/profile\_images\\/1354494203451961345\\/d8HkZl6p\_normal.jpg",
"profile\_banner\_url": "https:\\/\\/pbs.twimg.com\\/profile\_banners\\/2244994945\\/1611792896",
"profile\_link\_color": "0084B4",
"profile\_sidebar\_border\_color": "FFFFFF",
"profile\_sidebar\_fill\_color": "DDEEF6",
"profile\_text\_color": "333333",
"profile\_use\_background\_image": false,
"has\_extended\_profile": true,
"default\_profile": false,
"default\_profile\_image": false,
"following": null,
"follow\_request\_sent": null,
"notifications": null,
"translator\_type": "regular"
} | \{
"data": \[\{
"author\_id": "2244994945",
"id": "1362876655061073928",
"text": "From our living rooms to yours 🐱‍💻🛋️Our developer advocates have some exciting Twitch streams and virtual events planned to help you get started with the new #TwitterAPI. Check out the schedule for details, and let us know if you want to see more!\n👇\nhttps\://t.co/cixDY9qkvH"
}],
"includes": \{
"users": \[\{
"public\_metrics": \{
"followers\_count": 517233,
"following\_count": 2034,
"tweet\_count": 3677,
"listed\_count": 1727
},
"username": "TwitterDev",
"entities": \{
"url": \{
"urls": \[\{
"start": 0,
"end": 23,
"url": "[https://t.co/3ZX3TNiZCY](https://t.co/3ZX3TNiZCY)",
"expanded\_url": "[https://developer.x.com/en/community](https://developer.x.com/en/community)",
"display\_url": "developer.x.com/en/community"
}]
},
"description": \{
"hashtags": \[\{
"start": 17,
"end": 28,
"tag": "TwitterDev"
},
\{
"start": 105,
"end": 116,
"tag": "TwitterAPI"
}
]
}
},
"description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.",
"name": "Twitter Dev",
"verified": true,
"location": "127.0.0.1",
"id": "2244994945",
"protected": false,
"url": "[https://t.co/3ZX3TNiZCY](https://t.co/3ZX3TNiZCY)",
"profile\_image\_url": "[https://pbs.twimg.com/profile\\\_images/1354494203451961345/d8HkZl6p\\\_normal.jpg](https://pbs.twimg.com/profile\\_images/1354494203451961345/d8HkZl6p\\_normal.jpg)",
"created\_at": "2013-12-14T04:35:55.000Z"
}]
}
} | #### Entities and expanded entities objects | | | | | | :---------------------------------------------------- | :--------------------------------- | :------------------------------------------------------------------- | :--------------- | | **Twitter 1.1 format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | entities | data.entities | tweet.fields=entities | object | | entities.hashtags | data.entities.hashtags | tweet.fields=entities | array of objects | | entities.hashtags.indices\[0] | data.entities.hashtags.start | tweet.fields=entities | number | | entities.hashtags.indices\[1] | data.entities.hashtags.end | tweet.fields=entities | number | | entities.hashtags.text | data.entities.hashtags.tag | tweet.fields=entities | string | | entities.urls | data.entities.urls | tweet.fields=entities | array of objects | | entities.urls.indices\[0] | data.entities.urls.start | tweet.fields=entities | number | | entities.urls.indices\[1] | data.entities.urls.end | tweet.fields=entities | number | | entities.urls.url | data.entities.urls.url | tweet.fields=entities | string | | entities.user\_mentions | data.entities.mentions | tweet.fields=entities | array of objects | | entities.user\_mentions.indicies\[0] | data.entities.mentions.start | tweet.fields=entities | number | | entities.user\_mentions.indicies\[1] | data.entities.mentions.end | tweet.fields=entities | number | | entities.user\_mentions.screen\_name | data.entities.mentions.username | tweet.fields=entities | string | | entities.symbols | data.entities.cashtags | tweet.fields=entities | array of objects | | entities.symbols.indices\[0] | data.entities.cashtags.start | tweet.fields=entities | number | | entities.symbols.indices\[1] | data.entities.cashtags.end | tweet.fields=entities | number | | entities.symbols.text | data.entities.cashtags.tag | tweet.fields=entities | string | | entities.media | includes.media | expansions=attachments.media\_keys | array of objects | | entities.media.id\_str | includes.media.media\_key | expansions=attachments.media\_keys | string | | entities.media.type | includes.media.media.type | expansions=attachments.media\_keys | string | | entities.media.media\_url | | N/A use includes.media.url | string | | entities.media.media\_url\_https | includes.media.url | expansions=attachments.media\_keys\&media.fields=url | string | | entities.media.url | | | | | entities.media.display\_url | | | | | entities.media.expanded\_url | | | | | entities.media.media\_url\_https | includes.media.preview\_image\_url | expansions=attachments.media\_keys\&media.fields=preview\_image\_url | string | | extended\_entities | data.attachments | tweet\_fields=attachments | object | | extended\_entities | data.attachments.media\_keys | tweet.fields=attachments | array of objects | | extended\_entities.media | includes.media | expansions=attachments.media\_keys | array of objects | | extended\_entities.media.id\_str | includes.media.media\_key | expansions=attachments.media\_keys | string | | extended\_entities.media.type | includes.media.media.type | expansions=attachments.media\_keys | string | | extended\_entities.media.sizes.thumb.w | | Not Available | | | extended\_entities.media.sizes.thumb.h | | Not Available | | | extended\_entities.media.sizes.thumb.resize | | Not Available | | | extended\_entities.media.sizes.large.w | includes.media.height | expansions=attachments.media\_keys\&media.fields=height | | | extended\_entities.media.sizes.large.h | includes.media.width | expansions=attachments.media\_keys\&media.fields=width | | | extended\_entities.media.sizes.large.resize | | Not Available | | | extended\_entities.media.sizes.small.w | | Not Available | | | extended\_entities.media.sizes.small.h | | Not Available | | | extended\_entities.media.sizes.small.resize | | Not Available | | | extended\_entities.media.sizes.medium.w | | Not Available | | | extended\_entities.media.sizes.medium.h | | Not Available | | | extended\_entities.media.sizes.medium.resize | | Not Available | | | extended\_entities.media.media\_url\_https | includes.media.url | expansions=attachments.media\_keys\&media.fields=url | string | | extended\_entities.media.media\_url\_https | includes.media.preview\_image\_url | expansions=attachments.media\_keys\&media.fields=preview\_image\_url | string | | extended\_entities.media.video\_info.duration\_millis | includes.media.duration\_ms | expansions=attachments.media\_keys\&media.fields=duration\_ms | number | **Example** | | | | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Entities and extended entities in v1.1 (with video)** | **Entities, attachments and includes in v2**

[https://api.x.com/2/tweets?ids=1370161532013735937\&expansions=attachments.media\\\_keys,entities.mentions.username\&tweet.fields=entities\&user.fields=created\\\_at,description,entities,location,name,profile\\\_image\\\_url,protected,public\\\_metrics,url,username,verified,withheld\&media.fields=duration\\\_ms,height,media\\\_key,preview\\\_image\\\_url,public\\\_metrics,type,url,width](https://api.x.com/2/tweets?ids=1370161532013735937\&expansions=attachments.media\\_keys,entities.mentions.username\&tweet.fields=entities\&user.fields=created\\_at,description,entities,location,name,profile\\_image\\_url,protected,public\\_metrics,url,username,verified,withheld\&media.fields=duration\\_ms,height,media\\_key,preview\\_image\\_url,public\\_metrics,type,url,width) | | "entities": \{
"hashtags": \[\{
"text": "test",
"indices": \[
8,
13
]
}],
"symbols": \[],
"user\_mentions": \[\{
"screen\_name": "TwitterDev",
"name": "Twitter Dev",
"id": 2244994945,
"id\_str": "2244994945",
"indices": \[
31,
42
]
}],
"urls": \[\{
"url": "https:\\/\\/t.co\\/XVLZ3uwikc",
"expanded\_url": "https:\\/\\/developer.x.com\\/en",
"display\_url": "developer.x.com\\/en",
"indices": \[
91,
114
]
}],
"media": \[\{
"id": 1370161464028196868,
"id\_str": "1370161464028196868",
"indices": \[
115,
138
],
"media\_url": "http:\\/\\/pbs.twimg.com\\/ext\_tw\_video\_thumb\\/1370161464028196868\\/pu\\/img\\/cGLCoXBHVktkwlC5.jpg",
"media\_url\_https": "https:\\/\\/pbs.twimg.com\\/ext\_tw\_video\_thumb\\/1370161464028196868\\/pu\\/img\\/cGLCoXBHVktkwlC5.jpg",
"url": "https:\\/\\/t.co\\/dz4oByygWA",
"display\_url": "pic.x.com\\/dz4oByygWA",
"expanded\_url": "https:\\/\\/twitter.com\\/furiouscamper\\/status\\/1370161532013735937\\/video\\/1",
"type": "photo",
"sizes": \{
"thumb": \{
"w": 150,
"h": 150,
"resize": "crop"
},
"small": \{
"w": 383,
"h": 680,
"resize": "fit"
},
"large": \{
"w": 720,
"h": 1280,
"resize": "fit"
},
"medium": \{
"w": 675,
"h": 1200,
"resize": "fit"
}
}
}]
},
"extended\_entities": \{
"media": \[\{
"id": 1370161464028196868,
"id\_str": "1370161464028196868",
"indices": \[
115,
138
],
"media\_url": "http:\\/\\/pbs.twimg.com\\/ext\_tw\_video\_thumb\\/1370161464028196868\\/pu\\/img\\/cGLCoXBHVktkwlC5.jpg",
"media\_url\_https": "https:\\/\\/pbs.twimg.com\\/ext\_tw\_video\_thumb\\/1370161464028196868\\/pu\\/img\\/cGLCoXBHVktkwlC5.jpg",
"url": "https:\\/\\/t.co\\/dz4oByygWA",
"display\_url": "pic.x.com\\/dz4oByygWA",
"expanded\_url": "https:\\/\\/twitter.com\\/furiouscamper\\/status\\/1370161532013735937\\/video\\/1",
"type": "video",
"sizes": \{
"thumb": \{
"w": 150,
"h": 150,
"resize": "crop"
},
"small": \{
"w": 383,
"h": 680,
"resize": "fit"
},
"large": \{
"w": 720,
"h": 1280,
"resize": "fit"
},
"medium": \{
"w": 675,
"h": 1200,
"resize": "fit"
}
},
"video\_info": \{
"aspect\_ratio": \[
9,
16
],
"duration\_millis": 5140,
"variants": \[\{
"bitrate": 950000,
"content\_type": "video\\/mp4",
"url": "https:\\/\\/video.twimg.com\\/ext\_tw\_video\\/1370161464028196868\\/pu\\/vid\\/480x852\\/rAuFVMEqs0MeP4P4.mp4?tag=12"
},
\{
"bitrate": 2176000,
"content\_type": "video\\/mp4",
"url": "https:\\/\\/video.twimg.com\\/ext\_tw\_video\\/1370161464028196868\\/pu\\/vid\\/720x1280\\/ZxVL5qYO-DNVuSyq.mp4?tag=12"
},
\{
"content\_type": "application\\/x-mpegURL",
"url": "https:\\/\\/video.twimg.com\\/ext\_tw\_video\\/1370161464028196868\\/pu\\/pl\\/EGVpuZpo-wYxTNCq.m3u8?tag=12"
},
\{
"bitrate": 632000,
"content\_type": "video\\/mp4",
"url": "https:\\/\\/video.twimg.com\\/ext\_tw\_video\\/1370161464028196868\\/pu\\/vid\\/320x568\\/M7VtocAwKPFdkqzF.mp4?tag=12"
}
]
},
"additional\_media\_info": \{
"monetizable": false
}
}]
} | \{
"data": \[\{
"entities": \{
"hashtags": \[\{
"start": 8,
"end": 13,
"tag": "test"
}],
"mentions": \[\{
"start": 31,
"end": 42,
"username": "TwitterDev"
}],
"urls": \[\{
"start": 91,
"end": 114,
"url": "[https://t.co/XVLZ3uwikc](https://t.co/XVLZ3uwikc)",
"expanded\_url": "[https://developer.x.com/en](https://developer.x.com/en)",
"display\_url": "developer.x.com/en",
"status": 200,
"title": "Use Cases, Tutorials, & Documentation",
"description": "Publish & analyze Tweets, optimize ads, & create unique customer experiences with the Twitter API, Twitter Ads API, & Twitter for Websites. Let's start building.",
"unwound\_url": "[https://developer.x.com/en](https://developer.x.com/en)"
},
\{
"start": 115,
"end": 138,
"url": "[https://t.co/dz4oByygWA](https://t.co/dz4oByygWA)",
"expanded\_url": "[https://x.com/furiouscamper/status/1370161532013735937/video/1](https://x.com/furiouscamper/status/1370161532013735937/video/1)",
"display\_url": "pic.x.com/dz4oByygWA"
}
]
},
"id": "1370161532013735937",
"text": "Another #test with a video and @TwitterDev mention. Excited for new format migration docs! [https://t.co/XVLZ3uwikc](https://t.co/XVLZ3uwikc) [https://t.co/dz4oByygWA](https://t.co/dz4oByygWA)",
"attachments": \{
"media\_keys": \[
"7\_1370161464028196868"
]
}
}],
"includes": \{
"media": \[\{
"type": "video",
"height": 1280,
"public\_metrics": \{
"view\_count": 37
},
"width": 720,
"media\_key": "7\_1370161464028196868",
"duration\_ms": 5140,
"preview\_image\_url": "[https://pbs.twimg.com/ext\\\_tw\\\_video\_thumb/1370161464028196868/pu/img/cGLCoXBHVktkwlC5.jpg](https://pbs.twimg.com/ext\\_tw\\_video_thumb/1370161464028196868/pu/img/cGLCoXBHVktkwlC5.jpg)"
}],
"users": \[\{
"public\_metrics": \{
"followers\_count": 517233,
"following\_count": 2034,
"tweet\_count": 3677,
"listed\_count": 1727
},
"created\_at": "2013-12-14T04:35:55.000Z",
"profile\_image\_url": "[https://pbs.twimg.com/profile\\\_images/1354494203451961345/d8HkZl6p\\\_normal.jpg](https://pbs.twimg.com/profile\\_images/1354494203451961345/d8HkZl6p\\_normal.jpg)",
"description": "The voice of the #TwitterDev team and your official source for updates, news, and events, related to the #TwitterAPI.",
"verified": true,
"id": "2244994945",
"username": "TwitterDev",
"protected": false,
"entities": \{
"url": \{
"urls": \[\{
"start": 0,
"end": 23,
"url": "[https://t.co/3ZX3TNiZCY](https://t.co/3ZX3TNiZCY)",
"expanded\_url": "[https://developer.x.com/en/community](https://developer.x.com/en/community)",
"display\_url": "developer.x.com/en/community"
}]
},
"description": \{
"hashtags": \[\{
"start": 17,
"end": 28,
"tag": "TwitterDev"
},
\{
"start": 105,
"end": 116,
"tag": "TwitterAPI"
}
]
}
},
"url": "[https://t.co/3ZX3TNiZCY](https://t.co/3ZX3TNiZCY)",
"name": "Twitter Dev",
"location": "127.0.0.1"
}]
}
} | *** #### Place object | | | | | :--------------------------------- | :-------------------------------- | :------------------------------------------------------- | | **Twitter 1.1 format** | **Twitter v2 format** | **Required v2 parameters** | | place | data.geo.place\_id | tweet.fields=geo | | place.id | includes.places.id | expansions=geo.place\_id | | place.id.place\_type | includes.places.place\_type | expansions=geo.place\_id\&place.fields=place\_type | | place.id.name | includes.places.name | expansions=geo.place\_id\&place.fields=name | | place.id.full\_name | includes.places.full\_name | expansions=geo.place\_id | | place.id.country\_code | includes.places.country\_code | expansions=geo.place\_id\&place.fields=country\_code | | place.id.country | includes.places.country | expansions=geo.place\_id\&place.fields=country | | place.id.contained\_within | includes.places.contained\_within | expansions=geo.place\_id\&place.fields=contained\_within | | place.id.bounding\_box.type | includes.places.geo.type | expansions=geo.place\_id\&place.fields=place\_type | | place.id.bounding\_box.coordinates | includes.places.geo.bbox | expansions=geo.place\_id\&place.fields=geo | | place.id.attributes | includes.places.properties | expansions=geo.place\_id\&place.fields=geo | **Example** | | | | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Place object in v1.1** | **Place object with v2**

[https://api.x.com/2/tweets?ids=1370161532013735937\&expansions=geo.place\\\_id\&tweet.fields=geo\&place.fields=contained\\\_within,country,country\\\_code,full\\\_name,geo,id,name,place\_type](https://api.x.com/2/tweets?ids=1370161532013735937\&expansions=geo.place\\_id\&tweet.fields=geo\&place.fields=contained\\_within,country,country\\_code,full\\_name,geo,id,name,place_type) | | "place": \{
"id": "f7eb2fa2fea288b1",
"url": "https:\\/\\/api.x.com\\/1.1\\/geo\\/id\\/f7eb2fa2fea288b1.json",
"place\_type": "city",
"name": "Lakewood",
"full\_name": "Lakewood, CO",
"country\_code": "US",
"country": "United States",
"contained\_within": \[],
"bounding\_box": \{
"type": "Polygon",
"coordinates": \[
\[
\[
-105.193475,
39.60973
],
\[
-105.053164,
39.60973
],
\[
-105.053164,
39.761974
],
\[
-105.193475,
39.761974
]
]
]
},
"attributes": {}
} | \{
"data": \[\{
"id": "1370161532013735937",
"text": "Another #test with a video and @TwitterDev mention. Excited for new format migration docs! [https://t.co/XVLZ3uwikc](https://t.co/XVLZ3uwikc) [https://t.co/dz4oByygWA](https://t.co/dz4oByygWA)",
"geo": \{
"place\_id": "f7eb2fa2fea288b1"
}
}],
"includes": \{
"places": \[\{
"name": "Lakewood",
"place\_type": "city",
"full\_name": "Lakewood, CO",
"id": "f7eb2fa2fea288b1",
"geo": \{
"type": "Feature",
"bbox": \[
-105.193475,
39.60973,
-105.053164,
39.761974
],
"properties": {}
},
"country\_code": "US",
"country": "United States"
}]
} | **Next step** * Learn more about [fields](/x-api/fundamentals/fields) * Learn more about [expansions](/x-api/fundamentals/expansions) * Learn how to [use fields with expansions](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) ### Migrating from Native Enriched data format to v2 The Native Enriched data format is used by our [enterprise](/x-api/enterprise-gnip-2.0/enterprise-gnip) products. The Native Enriched data format has been updated to provide edited Tweet metadata. To learn more about Edit Tweet metadata, check out the [Edit Tweets fundamentals](/x-api/enterprise-gnip-2.0/fundamentals/edit-tweets) page. If you are using the standard v1.1 endpoints, please refer to the [standard v1.1 to v2 guide](/x-api/migrate/data-format-migration#migrating-from-standard-v1-1s-data-format-to-v2). If you are using the enterprise products with Activity Streams, we have an [Activity Streams to v2](/x-api/migrate/data-format-migration#migrating-from-activity-streams-data-format-to-v2) guide for you as well. X API v2 introduces new JSON designs for [Tweet](/x-api/fundamentals/data-dictionary#tweet) and [user](/x-api/fundamentals/data-dictionary#user) objects. * At the JSON root level, the Native Enriched format returns Tweet objects in a results array, while X API v2 returns a data array.  * Instead of using both favorites (in Tweet object) and favourites (in user object), X API v2 uses the term like.  * X is adopting the convention that JSON values with no value (for example, null) are not written to the payload. Tweet and user attributes are only included if they have non-null values.  * All id fields in v2 will be in string format   In addition to the changes made to the new JSON format, we also introduced a new set of fields to the Tweet object including the following: * conversation\_id * reply\_settings * alt\_text on media * Two new [annotations](/x-api/fundamentals/post-annotations) fields, including context and entities * Several new [metrics](/x-api/fundamentals/metrics) fields * Several new [polls](/x-api/fundamentals/data-dictionary#poll) fields   Many legacy and deprecated fields are being removed: * contributors * Certain entities.media and extended\_entities.media fields * filter\_level * timestamp\_ms * truncated #### Native Enriched vs v2 payload structure The following table displays the high-level objects and format that you can expect to receive from v2 compared to the Native Enriched format. | | **Native Enriched structure** | **v2 structure** | | :---------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Default** | \{
~~tweet object fields~~,

"user": {},
"place": {},
"entities": \{
"hashtags": \[],
"urls": \[],
"user\_mentions": \[],
"symbols": \[],
"annotations": \[],
"media": \[]
},
"extended\_entities": {},
"matching\_rules": \[]
} | \{
"data": \[\{
"id",
"text",

"edit\_history\_tweet\_ids"
}]
} | | **With defined [field and expansion](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) parameters** | | \{
"data": \[\{
~~tweet object fields~~,
"entities": \{
"hashtags": \[],
"cashtags": \[],
"mentions": \[],
"urls": \[],
},
"attachments": \{
"media\_keys": \[],
"poll\_ids": \[]
}
}],
"includes": \[
"tweets": \[~~user objects~~],
"users": \[~~user objects~~],
"media": \[~~media objects~~],
"places": \[~~place object~~],
"polls": \[~~poll object~~]
],
"matching\_rules": \[]
} | **Field mapping** The following section describes which native enriched fields map to v2 fields, as well as which v2 parameters are required to receive the new field.   #### Tweet object | | | | | | :-------------------------------------------------------- | :----------------------------------------------- | :-------------------------------------------------------------------------- | :--------------- | | **Native Enriched format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | created\_at | data.created\_at | tweet.fields=created\_at | String | | id | | N/A - See id | | | id\_str | data.id | Default | String | | text | data.text | Default | String | | edit\_history | data.edit\_history\_tweet\_ids | Default | Array | | edit\_controls | data.edit\_controls | tweet.fields=edit\_controls | Object | | editable | data.edit\_controls.is\_edit\_eligible | tweet.fields=edit\_controls | Boolean | | display\_text\_range | | N/A - text includes complete text | | | source | data.source | tweet.fields=source | String | | truncated | | N/A - text includes complete text | | | Not available | data.conversation\_id | tweet.fields=conversation\_id | String | | Not available | data.reply\_settings | tweet.fields=reply\_settings | String | | in\_reply\_to\_status\_id | | N/A - See referenced\_tweets.id | | | in\_reply\_to\_status\_id\_str | data.referenced\_tweets.id (if type=replied\_to) | expansions=referenced\_tweets.id | String | | in\_reply\_to\_user\_id | | N/A - See in\_reply\_to\_user\_id\_str | | | in\_reply\_to\_user\_id\_str | data.in\_reply\_to\_user\_id | tweet.fields=in\_reply\_to\_user\_id | String | | in\_reply\_to\_screen\_name | includes.users..username | tweet.fields=in\_reply\_to\_user\_id\&expansions=entities.mentions.username | String | | user | includes.users | expansions=author\_id | Object | | user.id\_str | data.author\_id | tweet.fields=author\_id | String | | geo | data.geo.place\_id | tweet.fields=geo | | | coordinates | data.geo.place\_id | tweet.fields=geo | | | place | data.geo.place\_id | tweet.fields=geo | | | is\_quoted\_status | data.referenced\_tweets.id (if type=quoted) | tweet.fields=referenced\_tweets | String | | extended\_tweet.full\_text | | N/A - text is complete text | | | Not available | data.public\_metrics | tweet.fields=public\_metrics | Object | | quote\_count | data.public\_metrics.quote\_count | tweet.fields=public\_metrics | Int | | reply\_count | data.public\_metrics.reply\_count | tweet.fields=public\_metrics | Int | | retweet\_count | data.public\_metrics.retweet\_count | tweet.fields=public\_metrics | Int | | favorite\_count | data.public\_metrics.like\_count | tweet.fields=public\_metrics | Int | | Not available | data.non\_public\_metrics | tweet.fields=non\_public\_metrics | Object | | Not available | data.non\_public\_metrics.impression\_count | tweet.fields=non\_public\_metrics | Int | | Not available | data.non\_public\_metrics.url\_link\_count | tweet.fields=non\_public\_metrics | Int | | Not available | data.non\_public\_metrics.user\_profile\_count | tweet.fields=non\_public\_metrics | Int | | Not available | data.organic\_metrics | tweet.fields=organic\_metrics | Object | | Not available | data.organic\_metrics.like\_count | tweet.fields=organic\_metrics | Int | | Not available | data.organic\_metrics.retweet\_count | tweet.fields=organic\_metrics | Int | | Not available | data.organic\_metrics.reply\_count | tweet.fields=organic\_metrics | Int | | Not available | data.organic\_metrics.impression\_count | tweet.fields=organic\_metrics | Int | | Not available | data.organic\_metrics.url\_link\_count | tweet.fields=organic\_metrics | Int | | Not available | data.organic\_metrics.user\_profile\_count | tweet.fields=organic\_metrics | Int | | Not available | data.promoted\_metrics | tweet.fields=promoted\_metrics | Object | | Not available | data.promoted\_metrics.like\_count | tweet.fields=promoted\_metrics | Int | | Not available | data.promoted\_metrics.retweet\_count | tweet.fields=promoted\_metrics | Int | | Not available | data.promoted\_metrics.reply\_count | tweet.fields=promoted\_metrics | Int | | Not available | data.promoted\_metrics.impression\_count | tweet.fields=promoted\_metrics | Int | | Not available | data.promoted\_metrics.url\_link\_count | tweet.fields=promoted\_metrics | Int | | Not available | data.promoted\_metrics.user\_profile\_count | tweet.fields=promoted\_metrics | Int | | contributors | Not available | Not available | | | entities | data.entities | tweet.fields=entities | Object | | entities.user\_mentions | data.entities.mentions | tweet.fields=entities | Array of objects | | entities.symbols | data.entities.cashtags | tweet.fields=entities | Array of objects | | entities.hashtags | data.entities.hashtags | tweet.fields=entities | Array of objects | | entities.urls | data.entities.urls | tweet.fields=entities | Array of objects | | entities.media | includes.media | expansions=attachments.media\_keys | Array of objects | | entities.annotations | | tweet.fields=entities,context\_annotations | Object | | entities.annotations.context | data.context\_annotations | tweet.fields=entities,context\_annotations | Array of objects | | No equivalent | data.context\_annotations.domain | tweet.fields=context\_annotations | Object | | entities.annotations.context.context\_domain\_id\_str | data.context\_annotations.domain.id | tweet.fields=context\_annotations | String | | entities.annotations.context.context\_domain\_id | Not available | Not available - see data.context\_annotations.domain.id for string format | | | entities.annotations.context.context\_domain\_name | data.context\_annotations.domain.name | tweet.fields=context\_annotations | String | | entities.annotations.context.context\_domain\_description | data.context\_annotations.domain.description | tweet.fields=context\_annotations | String | | No equivalent | data.context\_annotations.entity | tweet.fields=context\_annotations | Object | | entities.annotations.context.context\_entity\_id\_str | data.context\_annotations.entity.id | tweet.fields=context\_annotations | String | | entities.annotations.context.context\_entity\_id | Not available | Not available - see data.context\_annotations.entity.id for string format | | | entities.annotations.context.context\_entity\_name | data.context\_annotations.entity.name | tweet.fields=context\_annotations | String | | entities.annotations.context.context\_entity\_description | data.context\_annotations.entity.description | tweet.fields=context\_annotations | String | | entities.annotations.entity | data.entities.annotations | tweet.fields=entities,context\_annotations | Array of objects | | extended\_entities | data.attachments | tweet\_fields=attachments | Object | | favorited | Not available | Not available | | | retweeted | Not available | Not available | | | retweeted\_status | | | | | possibly\_sensitive | data.possibly\_sensitive | tweet.fields=possibly\_sensitive | Boolean | | lang | data.lang | tweet.fields=lang | String | | filter\_level | Not available | Not available | | | scopes | Not available | Not available | | | timestamp\_ms | Not available | Not available | | | withheld | data.withheld | tweet.fields=withheld | Array of objects | | matching\_rules | matching\_rules | | Array of objects | | matching\_rules.id | Not available | Not available | | | matching\_rules.id\_str | matching\_rules.id | Default with filtered stream | String | | matching\_rules.tag | matching\_rules.tag | Default with filtered stream | String | #### User object | | | | | | :------------------------------------------ | :----------------------------------------------------- | :----------------------------------------------------- | :--------------- | | **Native Enriched format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | user | includes.users | expansions=author\_id | Array of objects | | user.id | Not available | N/A - See includes.users.id | String | | user.id\_str | includes.users.id | expansions=author\_id | String | | user.name | includes.users.name | expansions=author\_id | String | | user.screen\_name | includes.user.username | expansions=author\_id | String | | user.location | includes.users.location | expansions=author\_id\&user.fields=location | Object | | user.description | includes.users.description | expansions=author\_id\&user.fields=description | String | | Not available | includes.users.url | expansions=author\_id\&user.fields=url | String | | user.followers\_count | includes.users.public\_metrics.followers\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | user.friends\_count | includes.users.public\_metrics.following\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | user.listed\_count | includes.users.public\_metrics.listed\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | user.created\_at | includes.users.created\_at | expansions=author\_id\&user.fields=created\_at | String | | user.favourites\_count | | Not yet available | | | user.verified | includes.users.verified | expansions=author\_id\&user.fields=verified | Boolean | | Not available | includes.users.pinned\_tweet\_id | expansions=author\_id\&user.fields=pinned\_tweet\_id | String | | user.statuses\_count | includes.users.public\_metrics.tweet\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | user.profile\_image\_url\_https | includes.users.profile\_image\_url | expansions=author\_id\&user.fields=profile\_image\_url | String | | user.translator\_type | Not available | Not available | | | user.utc\_offset | Not available | Not available | | | user.time\_zone | Not available | Not available | | | user.geo\_enabled | Not available | Not available | | | user.lang | Not available | Not available - infer from Tweet lang | | | user.contributors\_enabled | Not available | Not available | | | user.is\_translator | Not available | Not available | | | user.profile\_background\_color | Not available | Not available | | | user.profile\_background\_image\_url | Not available | Not available | | | user.profile\_background\_image\_url\_https | Not available | Not available | | | user.profile\_background\_title | Not available | Not available | | | user.profile\_sidebar\_border\_color | Not available | Not available | | | user.profile\_sidebar\_fill\_color | Not available | Not available | | | user.profile\_text\_color | Not available | Not available | | | user.profile\_user\_background\_image | Not available | Not available | | | user.profile\_image\_url | | See includes.user.profile\_image\_url | | | user.default\_profile | Not available | Not available | | | user.default\_profile\_image | Not available | Not available | | | user.following | Not available | Not available | | | user.follow\_request\_sent | Not available | Not available | | | user.notifications | Not available | Not available | | | user.withheld\_in\_countries | includes.users.withheld | expansions=author\_id\&user.fields=withheld | Object | | user.protected | includes.users.protected | expansions=author\_id\&user.fields=protected | Boolean | | Not available | includes.users.entities | expansions=author\_id\&user.fields=entities | Object | | Not available | includes.users.entities.url | expansions=author\_id\&user.fields=entities | Object | | Not available | includes.users.entities.url.urls | expansions=author\_id\&user.fields=entities | Array of objects | | Not available | includes.users.entities.url.urls.start | expansions=author\_id\&user.fields=entities | Int | | Not available | includes.users.entities.url.urls.end | expansions=author\_id\&user.fields=entities | Int | | Not available | includes.users.entities.url.urls.url | expansions=author\_id\&user.fields=entities | String | | user.url | includes.users.entities.url.urls.expanded\_url | expansions=author\_id\&user.fields=entities | String | | Not available | includes.users.entities.url.urls.display\_url | expansions=author\_id\&user.fields=entities | String | | Not available | includes.users.entities.descriptions | expansions=author\_id\&user.fields=entities | Object | | Not available | includes.users.entities.descriptions.hashtags | expansions=author\_id\&user.fields=entities | Array of objects | | Not available | includes.users.entities.descriptions.hashtags.start | expansions=author\_id\&user.fields=entities | Int | | Not available | includes.users.entities.descriptions.hashtags.end | expansions=author\_id\&user.fields=entities | Int | | included in user.description | includes.users.entities.descriptions.hashtags.tag | expansions=author\_id\&user.fields=entities | String | | Not available | includes.users.entities.descriptions.mentions | expansions=author\_id\&user.fields=entities | Array of objects | | Not available | includes.users.entities.descriptions.mentions.start | expansions=author\_id\&user.fields=entities | Int | | Not available | includes.users.entities.descriptions.mentions.end | expansions=author\_id\&user.fields=entities | Int | | Included in user.description | includes.users.entities.descriptions.mentions.username | expansions=author\_id\&user.fields=entities | String | | Not available | includes.users.entities.descriptions.cashtags | expansions=author\_id\&user.fields=entities | Array of objects | | Not available | includes.users.entities.descriptions.cashtags.start | expansions=author\_id\&user.fields=entities | Int | | Not available | includes.users.entities.descriptions.cashtags.end | expansions=author\_id\&user.fields=entities | Int | | Included in user.description | includes.users.entities.descriptions.cashtags.tag | expansions=author\_id\&user.fields=entities | String | #### Entities and expanded entities objects | | | | | | :----------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------- | :-------------------------------------------------------------------- | :--------------- | | **Native Enriched format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | entities | data.entities | tweet.fields=entities | Object | | entities.hashtags | data.entities.hashtags | tweet.fields=entities | Array of objects | | entities.hashtags.indices\[0] | data.entities.hashtags.start | tweet.fields=entities | Integer | | entities.hashtags.indices\[1] | data.entities.hashtags.end | tweet.fields=entities | Integer | | entities.hashtags.text | data.entities.hashtags.tag | tweet.fields=entities | String | | entities.urls | data.entities.urls | tweet.fields=entities | Array of objects | | entities.urls.indices\[0] | data.entities.urls.start | tweet.fields=entities | Integer | | entities.urls.indices\[1] | data.entities.urls.end | tweet.fields=entities | Integer | | entities.urls.url | data.entities.urls.url | tweet.fields=entities | String | | entities.urls.expanded\_url | data.entities.urls.expanded\_url | tweet.fields=entities | String | | entities.urls.display\_url | data.entities.urls.display\_url | tweet.fields=entities | String | | entities.urls.unwound.url | data.entities.urls.unwound\_url | tweet.fields=entities | String | | entities.urls.unwound.status | data.entities.urls.status | tweet.fields=entities | String | | entities.urls.unwound.title | data.entities.urls.title | tweet.fields=entities | String | | entities.urls.unwound.description | data.entities.urls.description | tweet.fields=entities | String | | Not available | data.entities.urls.images | tweet.fields=entities | Array of objects | | Not available | data.entities.urls.images.url | tweet.fields=entities | String | | Not available | data.entities.urls.images.width | tweet.fields=entities | Int | | Not available | data.entities.urls.images.height | tweet.fields=entities | Int | | entities.user\_mentions | data.entities.mentions | tweet.fields=entities | Array of objects | | entities.user\_mentions.indicies\[0] | data.entities.mentions.start | tweet.fields=entities | Integer | | entities.user\_mentions.indicies\[1] | data.entities.mentions.end | tweet.fields=entities | Integer | | entities.user\_mentions.screen\_name | data.entities.mentions.username | tweet.fields=entities | String | | entities.symbols | data.entities.cashtags | tweet.fields=entities | Array of objects | | entities.symbols.indices\[0] | data.entities.cashtags.start | tweet.fields=entities | Integer | | entities.symbols.indices\[1] | data.entities.cashtags.end | tweet.fields=entities | Integer | | entities.symbols.text | data.entities.cashtags.tag | tweet.fields=entities | String | | entities.media OR extended\_entities.media | includes.media | expansions=attachments.media\_keys | Array of objects | | entities.media.id\_str OR extended\_entities.media.id\_str | includes.media.media\_key | expansions=attachments.media\_keys | String | | entities.media.id OR extended\_entities.media.id | | Not available - id is a String | | | entities.media.type OR extended\_entities.media.type | includes.media.media.type | expansions=attachments.media\_keys | String | | entities.media.indices OR extended\_entities.media.indices | Not available | Not available | | | Not available | includes.media.alt\_text | expansions=attachments.media\_keys\&media.fields=alt\_text | String | | entities.media.additional\_media\_info OR extended\_entities.media.additional\_media\_info | Not available | Not available | | | entities.media.additional\_media\_info.monetizable OR extended\_entities.media.additional\_media\_info.monetizable | Not available | Not available | | | entities.media.media\_url OR extended\_entities.media.media\_url | | N/A - See includes.media.url | String | | entities.media.media\_url\_https OR extended\_entities.media.media\_url\_https | includes.media.url | expansions=attachments.media\_keys\&media.fields=url | String | | entities.media.url OR extended\_entities.media.url | | | | | entities.media.display\_url OR extended\_entities.media.expanded\_url | | | | | entities.media.expanded\_url | | | | | entities.media.media\_url\_https | includes.media.preview\_image\_url | expansions=attachments.media\_keys\&media.fields=preview\_image\_url | String | | extended\_entities | data.attachments | tweet\_fields=attachments | Object | | extended\_entities | data.attachments.media\_keys | tweet.fields=attachments | Array of objects | | Not available | data.attachments.poll\_ids | tweet.fields=attachments | Array of objects | | extended\_entities.media.sizes.thumb.w | | Not Available | | | extended\_entities.media.sizes.thumb.h | | Not Available | | | extended\_entities.media.sizes.thumb.resize | | Not Available | | | extended\_entities.media.sizes.large.w | includes.media.height | expansions=attachments.media\_keys\&media.fields=height | | | extended\_entities.media.sizes.large.h | includes.media.width | expansions=attachments.media\_keys\&media.fields=width | | | extended\_entities.media.sizes.large.resize | Not Available | Not Available | | | extended\_entities.media.sizes.small.w | Not Available | Not Available | | | extended\_entities.media.sizes.small.h | Not Available | Not Available | | | extended\_entities.media.sizes.small.resize | Not Available | Not Available | | | extended\_entities.media.sizes.medium.w | Not Available | Not Available | | | extended\_entities.media.sizes.medium.h | Not Available | Not Available | | | extended\_entities.media.sizes.medium.resize | Not Available | Not Available | | | extended\_entities.media.media\_url\_https | includes.media.preview\_image\_url | expansions=attachments.media\_keys\&media.fields=preview\_image\_url | String | | extended\_entities.media.video\_info.aspect\_ratio | Not available | Not available | | | extended\_entities.media.variants | Not available | Not available | | | extended\_entities.media.variants.bitrate | Not available | Not available | | | extended\_entities.media.variants.content\_type | Not available | Not available | | | extended\_entities.media.variants.url | Not available | Not available | | | extended\_entities.media.video\_info.duration\_millis | includes.media.duration\_ms | expansions=attachments.media\_keys\&media.fields=duration\_ms | Int | | Not available | includes.media.public\_metrics | expansions=attachments.media\_keys\&media.fields=public\_metrics | Object | | Not available | includes.media.public\_metrics.view\_count | expansions=attachments.media\_keys\&media.fields=public\_metrics | Int | | Not available | includes.media.non\_public\_metrics | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Object | | Not available | includes.media.non\_public\_metrics.playback\_0\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_25\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_50\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_75\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_100\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.organic\_metrics | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Object | | Not available | includes.media.organic\_metrics.playback\_0\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_25\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_50\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_75\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_100\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.view\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.promoted\_metric | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Object | | Not available | includes.media.promoted\_metric.playback\_0\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metric.playback\_25\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metric.playback\_50\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metric.playback\_75\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metric.playback\_100\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metrics.view\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | #### Place object | | | | | | :--------------------------------- | :-------------------------------- | :------------------------------------------------------- | :--------------- | | **Native Enriched format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | place | includes.places | expansions=geo.place\_id | Array of objects | | place.id | includes.places.id | expansions=geo.place\_id | String | | place.url | Not available | Not available | | | place.id.place\_type | includes.places.place\_type | expansions=geo.place\_id\&place.fields=place\_type | String | | place.id.name | includes.places.name | expansions=geo.place\_id\&place.fields=name | String | | place.id.full\_name | includes.places.full\_name | expansions=geo.place\_id | String | | place.id.country\_code | includes.places.country\_code | expansions=geo.place\_id\&place.fields=country\_code | String | | place.id.country | includes.places.country | expansions=geo.place\_id\&place.fields=country | String | | place.id.contained\_within | includes.places.contained\_within | expansions=geo.place\_id\&place.fields=contained\_within | Array | | place.id.bounding\_box.type | includes.places.geo.type | expansions=geo.place\_id\&place.fields=place\_type | String | | place.id.bounding\_box.coordinates | includes.places.geo.bbox | expansions=geo.place\_id\&place.fields=geo | Array | | place.id.attributes | includes.places.properties | expansions=geo.place\_id\&place.fields=geo | Object | #### Poll object | | | | | | :------------------------------- | :------------------------------- | :-------------------------------------------------------------- | :--------------- | | **Native Enriched format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | entities.polls | includes.polls | expansions=attachments.poll\_ids | Array of objects | | Not available | includes.polls.id | expansions=attachments.poll\_ids | String | | entities.poll.options | includes.polls.options | expansions=attachments.poll\_ids | Array of objects | | entities.polls.options.position | includes.polls.options.position | expansions=attachments.poll\_ids | Int | | entities.polls.options.text | includes.polls.options.label | expansions=attachments.poll\_ids | String | | Not available | includes.polls.options.votes | expansions=attachments.poll\_ids | Int | | Not available | includes.polls.voting\_status | expansions=attachments.poll\_ids\&poll.fields=voting\_status | String | | entities.polls.duration\_minutes | includes.polls.duration\_minutes | expansions=attachments.poll\_ids\&poll.fields=duration\_minutes | Int | | entities.polls.end\_datetime | includes.polls.end\_datetime | expansions=attachments.poll\_ids\&poll.fields=end\_datetime | Date (ISO 8601) | ### Migrating from Activity Streams data format to v2 The Activity Streams data format is available with our [enterprise](/x-api/enterprise-gnip-2.0/enterprise-gnip) products. The Activity Streams data format has been updated to provide edited Tweet metadata. To learn more about Edit Tweet metadata, check out the [Edit Tweets fundamentals](/x-api/enterprise-gnip-2.0/fundamentals/edit-tweets) page. If you are using the standard v1.1 endpoints, please refer to the [standard v1.1 to v2 guide](/x-api/migrate/overview). If you are using the premium endpoints, or the Native Enriched format for enterprise, please refer to the [Native Enriched to v2 guide](/x-api/migrate/data-format-migration#migrating-from-native-enriched-data-format-to-v2). X API v2 introduces new JSON designs for [Post](/x-api/fundamentals/data-dictionary#tweet) and [user](/x-api/fundamentals/data-dictionary#user) objects. * At the JSON root level, the Activity Streams format returns Tweet objects in a results array, while X API v2 returns a data array.  * Instead of referring to Retweeted and Quoted "activities", X API v2 JSON refers to Retweeted and Quoted Tweets.  * Instead of using both favorites (in Tweet object) and favourites (in user object), X API v2 uses the term like.  * Twitter is adopting the convention that JSON values with no value (for example, null) are not written to the payload. Tweet and user attributes are only included if they have non-null values.  * All id fields in v2 will be in string format.   In addition to the changes made to the new JSON format, we also introduced a new set of fields to the Tweet object including the following: * conversation\_id * reply\_settings * alt\_text on media * Two new [annotations](/x-api/fundamentals/post-annotations) fields, including context and entities * Several new [metrics](/x-api/fundamentals/metrics) fields * Several new [polls](/x-api/fundamentals/data-dictionary#poll) fields   Many legacy and deprecated fields are being removed or replaced: * display\_text\_range * generator * gnip * link * objectType * provider * twitter\_entities.symbols replaced with data.entities.cashtags * Certain twitter\_extended\_entities.media and twitter\_entities.media fields * twitter\_filter\_level * twitterTimeZone * verb #### Tweet object | | | | | | :-------------------------------------------- | :--------------------------------------------- | :----------------------------------- | :--------------- | | **Activity Streams format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | postedTime | data.created\_at | tweet.fields=created\_at | Date (ISO 8601) | | generator | Not Available | Not Available | | | generator.link | Not Available | Not Available | | | generator.displayName | data.source | tweet.fields=source | String | | twitter\_lang | data.lang | tweet.fields=lang | String | | Not Available | data.conversation\_id | tweet.fields=conversation\_id | String | | Not Available | data.reply\_settings | tweet.fields=reply\_settings | String | | Not Available | data.possibly\_sensitive | tweet.fields=possibly\_sensitive | Boolean | | Not Available | data.withheld | tweet.fields=withheld | Object | | objectType | Not Available | Not Available | | | verb | Not Available | Not Available | | | provider | Not Available | Not Available | | | provider.objectType | Not Available | Not Available | | | provider.displayName | Not Available | Not Available | | | provider.link | Not Available | Not Available | | | link | Not Available | Not Available | | | display\_text\_range | Not Available | Not Available | | | object | Not Available | Not Available | | | object.objectType | Not Available | Not Available | | | object.id | Not Available | Not Available | | | object.summary | data.text | default | String | | object.edit\_history | data.edit\_history\_tweet\_ids | default | Array | | object.edit\_controls | data.edit\_controls | tweet.fields=edit\_controls | Object | | object.editable | data.edit\_controls.is\_edit\_eligible | tweet.fields=edit\_controls | Boolean | | object.link | Not Available | Not Available | | | object.postedTime | data.created\_at | tweet.fields=created\_at | Date (ISO 8601) | | Derived from actor.id | data.author\_id | tweet.fields=created\_at | | | twitter\_filter\_level | Not Available | Not Available | | | Derived from username in inReplyTo.link | data.in\_reply\_to\_user\_id | tweet.fields=in\_reply\_to\_user\_id | String | | Not Available | data.referenced\_tweets | tweet.fields=referenced\_tweets | Array of objects | | Not Available | data.referenced\_tweets.type | tweet.fields=referenced\_tweets | String | | Derived from inReplyTo.link | data.referenced\_tweets.id | tweet.fields=referenced\_tweets | String | | Not Available | data.attachments | tweet.fields=attachments | Object | | Derived from twitter\_entities.media.id\_str | data.attachments.media\_keys | tweet.fields=attachments | Array | | Not Available | data.attachments.poll\_ids | tweet.fields=attachments | Array | | twitter\_entities | data.entities | tweet.fields=entities | Object | | Not Available | data.entities.annotations | tweet.fields=entities | Array of objects | | Not Available | data.entities.annotations.start | tweet.fields=entities | Int | | Not Available | data.entities.annotations.end | tweet.fields=entities | Int | | Not Available | data.entities.annotations.probability | tweet.fields=entities | Float | | Not Available | data.entities.annotations.type | tweet.fields=entities | String | | Not Available | data.entities.annotations.normalized\_text | tweet.fields=entities | String | | twitter\_entities.urls | data.entities.urls | tweet.fields=entities | Array of objects | | twitter\_entities.urls.indices\[0] | data.entities.urls.start | tweet.fields=entities | Int | | twitter\_entities.urls.indices\[1] | data.entities.urls.end | tweet.fields=entities | Int | | twitter\_entities.urls.url | data.entities.urls.url | tweet.fields=entities | String | | twitter\_entities.urls.expanded\_url | data.entities.urls.expanded\_url | tweet.fields=entities | String | | twitter\_entities.urls.display\_url | data.entities.urls.display\_url | tweet.fields=entities | String | | Not Available | data.entities.urls.images | tweet.fields=entities | Array of objects | | Not Available | data.entities.urls.images.url | tweet.fields=entities | String | | Not Available | data.entities.urls.images.width | tweet.fields=entities | Int | | Not Available | data.entities.urls.images.height | tweet.fields=entities | Int | | gnip.urls.expanded\_status | data.entities.urls.status | tweet.fields=entities | Int | | gnip.urls.expanded\_url\_title | data.entities.urls.title | tweet.fields=entities | String | | gnip.urls.expanded\_url\_description | data.entities.urls.description | tweet.fields=entities | String | | gnip.urls.expanded\_url | data.entities.urls.unwound\_url | tweet.fields=entities | String | | twitter\_entities.symbols | data.entities.cashtags | tweet.fields=entities | Array of objects | | twitter\_entities.symbols.indices\[0] | data.entities.cashtags.start | tweet.fields=entities | Int | | twitter\_entities.symbols.indices\[1] | data.entities.cashtags.end | tweet.fields=entities | Int | | twitter\_entities.symbols.text | data.entities.cashtags.tag | tweet.fields=entities | String | | twitter\_entities.hashtags | data.entities.hashtags | tweet.fields=entities | Array of objects | | twitter\_entities.hashtags.indices\[0] | data.entities.hashtags.start | tweet.fields=entities | Int | | twitter\_entities.hashtags.indices\[1] | data.entities.hashtags.end | tweet.fields=entities | Int | | twitter\_entities.hashtags.text | data.entities.hashtags.tag | tweet.fields=entities | String | | twitter\_entities.user\_mentions | data.entities.mentions | tweet.fields=entities | Array of objects | | twitter\_entities.user\_mentions.indices\[0] | data.entities.mentions.start | tweet.fields=entities | Int | | twitter\_entities.user\_mentions.indices\[1] | data.entities.mentions.end | tweet.fields=entities | Int | | twitter\_entities.user\_mentions.screen\_name | data.entities.mentions.tag | tweet.fields=entities | String | | twitter\_entities.user\_mentions.id\_str | data.entities.mentions.id | tweet.fields=entities | String | | twitter\_entities.user\_mentions.id | Not Available | Not Available | | | Not Available | data.context\_annotations | tweet.fields=context\_annotations | Array of objects | | Not Available | data.context\_annotations.domain | tweet.fields=context\_annotations | Object | | Not Available | data.context\_annotations.domain.id | tweet.fields=context\_annotations | String | | Not Available | data.context\_annotations.domain.name | tweet.fields=context\_annotations | String | | Not Available | data.context\_annotations.domain.description | tweet.fields=context\_annotations | String | | Not Available | data.context\_annotations.entity | tweet.fields=context\_annotations | Object | | Not Available | data.context\_annotations.entity.id | tweet.fields=context\_annotations | String | | Not Available | data.context\_annotations.entity.name | tweet.fields=context\_annotations | String | | Not Available | data.context\_annotations.entity.description | tweet.fields=context\_annotations | String | | geo | data.geo | tweet.fields=geo | Object | | Derived from location.link | data.geo.place\_id | tweet.fields=geo | String | | Not Available | data.public\_metrics | tweet.fields=public\_metrics | Object | | favoritesCount | data.public\_metrics.like\_count | tweet.fields=public\_metrics | Int | | retweetCount | data.public\_metrics.retweet\_count | tweet.fields=public\_metrics | Int | | Not Available | data.public\_metrics.quote\_count | tweet.fields=public\_metrics | Int | | Not Available | data.public\_metrics.reply\_count | tweet.fields=public\_metrics | Int | | Not Available | data.non\_non\_public\_metrics | tweet.fields=non\_public\_metrics | Object | | Not Available | data.non\_public\_metrics.impression\_count | tweet.fields=non\_public\_metrics | Int | | Not Available | data.non\_public\_metrics.url\_link\_count | tweet.fields=non\_public\_metrics | Int | | Not Available | data.non\_public\_metrics.user\_profile\_count | tweet.fields=non\_public\_metrics | Int | | Not Available | data.organic\_metrics | tweet.fields=organic\_metrics | Object | | Not Available | data.organic\_metrics.like\_count | tweet.fields=organic\_metrics | Int | | Not Available | data.organic\_metrics.retweet\_count | tweet.fields=organic\_metrics | Int | | Not Available | data.organic\_metrics.reply\_count | tweet.fields=organic\_metrics | Int | | Not Available | data.organic\_metrics.impression\_count | tweet.fields=organic\_metrics | Int | | Not Available | data.organic\_metrics.url\_link\_count | tweet.fields=organic\_metrics | Int | | Not Available | data.organic\_metrics.user\_profile\_count | tweet.fields=organic\_metrics | Int | | Not Available | data.promoted\_metrics | tweet.fields=promoted\_metrics | Object | | Not Available | data.promoted\_metrics.like\_count | tweet.fields=promoted\_metrics | Int | | Not Available | data.promoted\_metrics.retweet\_count | tweet.fields=promoted\_metrics | Int | | Not Available | data.promoted\_metrics.reply\_count | tweet.fields=promoted\_metrics | Int | | Not Available | data.promoted\_metrics.impression\_count | tweet.fields=promoted\_metrics | Int | | Not Available | data.promoted\_metrics.url\_link\_count | tweet.fields=promoted\_metrics | Int | | Not Available | data.promoted\_metrics.user\_profile\_count | tweet.fields=promoted\_metrics | Int | | gnip.profileLocations | Not Available | Not Available | | | gnip.profileLocations.address | Not Available | Not Available | | | gnip.profileLocations.address.country | Not Available | Not Available | | | gnip.profileLocations.address.countryCode | Not Available | Not Available | | | gnip.profileLocations.displayName | Not Available | Not Available | | | gnip.profileLocations.geo | Not Available | Not Available | | | gnip.profileLocations.geo.coordinates | Not Available | Not Available | | | gnip.profileLocations.geo.type | Not Available | Not Available | | | gnip.profileLocations.objectType | Not Available | Not Available | | #### User object | | | | | | :-------------------------- | :---------------------------------------------------- | :----------------------------------------------------- | :--------------- | | **Activity Streams format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | actor | includes.users | expansions=author\_id | Array of objects | | Derived from actor.id | includes.users.id | expansions=author\_id | String | | actor.displayName | includes.users.name | expansions=author\_id | String | | actor.preferredUsername | includes.users.username | expansions=author\_id | String | | actor.postedTime | includes.users.created\_at | expansions=author\_id\&user.fields=created\_at | Date (ISO 8601) | | actor.summary | includes.users.description | expansions=author\_id\&user.fields=description | String | | Not Available | includes.users.pinned\_tweet\_id | expansions=author\_id\&user.fields=pinned\_tweet\_id | String | | Not Available | includes.users.protected | expansions=author\_id\&user.fields=protected | Boolean | | actor.link | Not Available | Not Available - construct from includes.users.username | | | actor.twitterTimeZone | Not Available | Not Available - infer from Tweet created\_at | | | actor.utcOffset | Not Available | Not Available - infer from Tweet created\_at | | | actor.favoritesCount | Not Available | Not Available | | | actor.followersCount | includes.users.public\_metrics.followers\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | actor.friendsCount | includes.users.public\_metrics.following\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | actor.listedCount | includes.users.public\_metrics.listed\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | actor.statusesCount | includes.users.public\_metrics.tweet\_count | expansions=author\_id\&user.fields=public\_metrics | Int | | actor.languages\[] | Not Available | Not Available -  infer from Tweet  lang | | | actor.location.displayName | includes.users.location | expansions=author\_id\&user.fields=location | String | | actor.image | includes.users.profile\_image\_url | expansions=author\_id\&user.fields=profile\_image\_url | String | | actor.links | includes.users.url | expansions=author\_id\&user.fields=url | String | | actor.verified | includes.users.verified | expansions=author\_id\&user.fields=verified | Boolean | | Not Available | includes.users.withheld | expansions=author\_id\&user.fields=withheld | Object | | Not Available | includes.users.entities | expansions=author\_id\&user.fields=entities | Object | | Not Available | includes.users.entities.url | expansions=author\_id\&user.fields=entities | Object | | actor.links | includes.users.entities.url.urls | expansions=author\_id\&user.fields=entities | Array of objects | | Not Available | includes.users.entities.url.urls.start | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.url.urls.end | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.url.urls.url | expansions=author\_id\&user.fields=entities | String | | actor.links.href | includes.users.entities.url.urls.expanded\_url | expansions=author\_id\&user.fields=entities | String | | Not Available | includes.users.entities.url.urls.display\_url | expansions=author\_id\&user.fields=entities | String | | Not Available | includes.users.entities.description | expansions=author\_id\&user.fields=entities | Object | | Not Available | includes.users.entities.description.hashtags | expansions=author\_id\&user.fields=entities | Array of objects | | Not Available | includes.users.entities.description.hashtags.start | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.description.hashtags.end | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.description.hashtags.tag | expansions=author\_id\&user.fields=entities | String | | Not Available | includes.users.entities.description.mentions | expansions=author\_id\&user.fields=entities | Array of objects | | Not Available | includes.users.entities.description.mentions.start | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.description.mentions.end | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.description.mentions.username | expansions=author\_id\&user.fields=entities | String | | Not Available | includes.users.entities.description.cashtags | expansions=author\_id\&user.fields=entities | Array of objects | | Not Available | includes.users.entities.description.cashtags.start | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.description.cashtags.end | expansions=author\_id\&user.fields=entities | Int | | Not Available | includes.users.entities.description.cashtags.tag | expansions=author\_id\&user.fields=entities | String | #### Poll object | | | | | | :-------------------------- | :------------------------------- | :-------------------------------------------------------------- | :--------------- | | **Activity Streams format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | Not Available | includes.polls | expansions=attachments.poll\_ids | Array of objects | | Not Available | includes.polls.id | expansions=attachments.poll\_ids | String | | Not Available | includes.polls.options | expansions=attachments.poll\_ids | Array of objects | | Not Available | includes.polls.options.position | expansions=attachments.poll\_ids | Int | | Not Available | includes.polls.options.label | expansions=attachments.poll\_ids | String | | Not Available | includes.polls.options.votes | expansions=attachments.poll\_ids | Int | | Not Available | includes.polls.voting\_status | expansions=attachments.poll\_ids\&poll.fields=voting\_status | String | | Not Available | includes.polls.duration\_minutes | expansions=attachments.poll\_ids\&poll.fields=duration\_minutes | Int | | Not Available | includes.polls.end\_datetime | expansions=attachments.poll\_ids\&poll.fields=end\_datetime | Date (ISO 8601) | #### Place object | | | | | | :------------------------------ | :----------------------------- | :--------------------------------------------------- | :--------------- | | **Activity Streams format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | location | includes.places | expansions=geo.place\_id | array of objects | | location.displayName | includes.places.full\_name | expansions=geo.place\_id | string | | Parsed from location.link | includes.places.id | expansions=geo.place\_id | string | | location.name | includes.places.name | expansions=geo.place\_id\&place.fields=name | string | | location.country\_code | includes.places.country | expansions=geo.place\_id\&place.fields=country | string | | location.twitter\_place\_type | includes.places.place\_type | expansions=geo.place\_id\&place.fields=place\_type | string | | location.twitter\_country\_code | includes.places.country\_code | expansions=geo.place\_id\&place.fields=country\_code | string | | location.geo | includes.places.geo | expansions=geo.place\_id\&place.fields=geo | object | | location.geo.type | includes.places.geo.type | expansions=geo.place\_id\&place.fields=geo | string | | location.geo.coordinates | includes.places.geo.bbox | expansions=geo.place\_id\&place.fields=geo | array | | Not Available | includes.places.geo.properties | expansions=geo.place\_id\&place.fields=geo | object | #### Media object | | | | | | :----------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------- | :-------------------------------------------------------------------- | :--------------- | | **Activity Streams format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | twitter\_entities.media OR twitter\_extended\_entities.media | includes.media | expansions=attachments.media\_keys | Array of objects | | twitter\_entities.media.id\_str OR twitter\_extended\_entities.media.id\_str | includes.media.media\_key | expansions=attachments.media\_keys | String | | twitter\_entities.media.id OR twitter\_extended\_entities.media.id | Not available | Not available | | | twitter\_entities.media.indices OR twitter\_extended\_entities.media.indices | Not available | Not available | | | twitter\_entities.media.additional\_media\_info OR twitter\_extended\_entities.media.additional\_media\_info | Not available | Not available | | | twitter\_entities.media.additional\_media\_info.monetizable OR twitter\_extended\_entities.media.additional\_media\_info.monetizable | Not available | Not available | | | twitter\_entities.media.media\_url OR twitter\_extended\_entities.media.media\_url | Not available | Not available | | | twitter\_entities.media.media\_url\_https OR twitter\_extended\_entities.media.media\_url\_https | includes.media.preview\_image\_url | expansions=attachments.media\_keys\&media.fields=preview\_image\_url | String | | twitter\_entities.media.url OR twitter\_extended\_entities.media.url | Not available | Not available | | | twitter\_entities.media.display\_url OR twitter\_extended\_entities.media.display\_url | Not available | Not available | | | twitter\_entities.media.expanded\_url OR twitter\_extended\_entities.media.expanded\_url | Not available | Not available | | | twitter\_entities.media.type OR twitter\_extended\_entities.media.type | includes.media.type | expansions=attachments.media\_keys | String | | twitter\_entities.media.sizes OR twitter\_extended\_entities.media.sizes | Not available | Not available | | | twitter\_entities.media.sizes.thumb OR twitter\_extended\_entities.media.sizes.thumb | Not available | Not available | | | twitter\_entities.media.sizes.thumb.h OR twitter\_extended\_entities.media.sizes.thumb.h | Not available | Not available | | | twitter\_entities.media.sizes.thumb.w OR twitter\_extended\_entities.media.sizes.thumb.w | Not available | Not available | | | twitter\_entities.media.sizes.thumb.resize OR twitter\_extended\_entities.media.sizes.thumb.resize | Not available | Not available | | | twitter\_entities.media.sizes.small OR twitter\_extended\_entities.media.sizes.small | Not available | Not available | | | twitter\_entities.media.sizes.small.h OR twitter\_extended\_entities.media.sizes.small.h | Not available | Not available | | | twitter\_entities.media.sizes.small.w OR twitter\_extended\_entities.media.sizes.small.w | Not available | Not available | | | twitter\_entities.media.sizes.small.resize OR twitter\_extended\_entities.media.sizes.small.resize | Not available | Not available | | | twitter\_entities.media.sizes.medium OR twitter\_extended\_entities.media.sizes.medium | Not available | Not available | | | twitter\_entities.media.sizes.medium.h OR twitter\_extended\_entities.media.sizes.medium.h | Not available | Not available | | | twitter\_entities.media.sizes.medium.w OR twitter\_extended\_entities.media.sizes.medium.w | Not available | Not available | | | twitter\_entities.media.sizes.medium.resize OR twitter\_extended\_entities.media.sizes.medium.resize | Not available | Not available | | | twitter\_entities.media.sizes.large OR twitter\_extended\_entities.media.sizes.large | Not available | Not available | | | twitter\_entities.media.sizes.large.h OR twitter\_extended\_entities.media.sizes.large.h | includes.media.height | expansions=attachments.media\_keys\&media.fields=height | Int | | twitter\_entities.media.sizes.large.w OR twitter\_extended\_entities.media.sizes.large.w | includes.media.width | expansions=attachments.media\_keys\&media.fields=width | Int | | twitter\_entities.media.sizes.large.resize OR twitter\_extended\_entities.media.sizes.large.resize | Not available | Not available | | | twitter\_extended\_entities.media.video\_info | Not available | Not available | | | twitter\_extended\_entities.media.video\_info.aspect\_ratio | Not available | Not available | | | twitter\_extended\_entities.media.video\_info.duration\_millis | includes.media.duration\_ms | expansions=attachments.media\_keys\&media.fields=duration\_ms | Int | | twitter\_extended\_entities.media.video\_info.variants | Not available | Not available | | | twitter\_extended\_entities.media.video\_info.variants.bitrate | Not available | Not available | | | twitter\_extended\_entities.media.video\_info.variants.content\_type | Not available | Not available | | | twitter\_extended\_entities.media.video\_info.variants.url | Not available | Not available | | | Not available | includes.media.alt\_text | expansions=attachments.media\_keys\&media.fields=alt\_text | String | | Not available | includes.media.public\_metrics | expansions=attachments.media\_keys\&media.fields=public\_metrics | Object | | Not available | includes.media.public\_metrics.view\_count | expansions=attachments.media\_keys\&media.fields=public\_metrics | Int | | Not available | includes.media.non\_public\_metrics | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Object | | Not available | includes.media.non\_public\_metrics.playback\_0\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_25\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_50\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_75\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.non\_public\_metrics.playback\_100\_count | expansions=attachments.media\_keys\&media.fields=non\_public\_metrics | Int | | Not available | includes.media.organic\_metrics | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Object | | Not available | includes.media.organic\_metrics.playback\_0\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_25\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_50\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_75\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.playback\_100\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.organic\_metrics.view\_count | expansions=attachments.media\_keys\&media.fields=organic\_metrics | Int | | Not available | includes.media.promoted\_metrics | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Object | | Not available | includes.media.promoted\_metrics.playback\_0\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metrics.playback\_25\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metrics.playback\_50\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metrics.playback\_75\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metrics.playback\_100\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | | Not available | includes.media.promoted\_metrics.view\_count | expansions=attachments.media\_keys\&media.fields=promoted\_metrics | Int | #### Matching rules object | | | | | | :------------------------------- | :-------------------- | :------------------------- | :--------------- | | **Activity Streams format** | **Twitter v2 format** | **Required v2 parameters** | **Type in v2** | | gnip.matching\_rules | matching\_rules | Default in filtered stream | Array of objects | | gnip.matching\_rules.tag | matching\_rules.tag | Default in filtered stream | String | | gnip.matching\_rules.tag.id | Not Available | Not Available | | | gnip.matching\_rules.tag.id\_str | matching\_rules.id | Default in filtered stream | String | ### Visual data format migration tool The visual data format migration tool is a web application that displays the fields that map from the [X API v1.1. data format](https://developer.x.com/en/docs/x-api/v1/data-dictionary/overview) to the [X API v2 format](/x-api/fundamentals/data-dictionary) for a given Tweet or user object. Either a Tweet ID or user ID can be provided to the application to see this mapping. Please note that you will need to log in with your Twitter account in order to use the app.
# Overview Source: https://docs.x.com/x-api/migrate/overview export const Button = ({href, children}) => { return ; }; The latest version of the X API v2 is a big deal. As such, we’ve broken this migration section into a few partitions: | What’s new with X API v2 | Learn about the new endpoints and functionality that we’ve released to X API v2. | | :-------------------------- | :---------------------------------------------------------------------------------------------------------------- | | Ready to migrate? | Get started with your migration with a set of guides and instructions. | | Data format migration guide | Learn how to rework your data parsers that previously worked with the standard v1.1, and enterprise data formats. | | X API endpoint map | See how standard v1.1, and enterprise endpoints map to the new X API v2 endpoints. | *** ## What is the X API v2? The X API v2 is now the primary X API, and is where product investment and innovation are focused. We’ve partnered with developers to build the next generation of the X API to better serve our diverse community of developers. Based on developer feedback, we’ve re-built the API to better serve a broader collection of needs, introduced new features and endpoints, and improved upon the developer experience. The X API v2 is now the primary X API, and is where product investment and innovation are focused. Over the past few years, we partnered with developers and re-built the API to better serve a broader collection of needs, introduce new features and endpoints, and improve upon the developer experience. We are committed to continuing to build an open developer platform, and are excited to see what you build with the X API v2. ## Why migrate? The X API v2 is built with a modern and more sustainable foundation and includes both improved replacement endpoints for the standard v1.1, and enterprise products, but also net-new functionality. We strongly encourage customers of legacy APIs (v1.1, and enterprise) to begin to migrate to v2 as we do intend to deprecate them eventually. Use the X API to listen to and analyze the public conversation, engage with people on X, and innovate. In this section, we will discuss the endpoints and functionality. ## V2 endpoints You can see a full list of v2 endpoints and their pre-v2 equivalent via the following guide: While most of the endpoints in X API v2 are replacements, we have introduced several new endpoints. Here are several examples of new endpoints that we’ve released to v2: * [Spaces endpoints](/x-api/spaces/introduction) to help people get more out of X Spaces, and to allow developers to help shape the future of audio conversations. * [Hide replies](/x-api/posts/hide-replies/introduction), which allows you to build tools that help limit the impact of abusive, distracting, or misleading replies at scale. * New Lists endpoints that allow you to [pin and unpin Lists](/x-api/lists/pinned-lists/introduction), or look up someone’s pinned Lists. * New [batch compliance endpoints](/x-api/compliance/batch-compliance/introduction) that allow you to ensure your stored user and Tweet data is in compliance. ## New Functionality X API v2 also includes new features that will help you find more value with the X API. A lot of what is new has been driven by your feedback and includes certain features that were reserved for enterprise customers previously. Some of the improvements to the API include: * [A consistent design across endpoints](/x-api/fundamentals/consistency) * [The ability to specify which fields and objects return in the response payload](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) * [New and more detailed data objects](/x-api/fundamentals/data-dictionary) * [Receive and filter data with new contextual information powered by Tweet annotations](/x-api/fundamentals/post-annotations) * [Access to new metrics](/x-api/fundamentals/metrics) * [Easily identify and filter for conversations that belong to a reply thread](/x-api/fundamentals/conversation-id) * [Advanced functionality and increased access to data for academic researchers](https://developer.x.com/content/developer-twitter/en/products/twitter-api/academic-research) * [Recovery and redundancy functionality for streaming endpoints](/x-api/posts/filtered-stream/integrate/recovery-and-redundancy-features) * [Easily return counts of Tweets that match a query](/x-api/posts/counts/introduction) * [Support for Edit Tweets](/x-api/fundamentals/edit-posts) * High confidence spam filtering * Shortened URLs are fully unwound for more effective filtering and analysis * Simplified JSON response objects by removing deprecated fields and modernizing labels * Return of 100% of matching public and available Tweets in search queries * Streaming "rules" so you can make changes without dropping connections * More expressive query language for search Tweets, Tweet counts, and filtered stream * OpenAPI spec to build new libraries & more transparently track changes ### Discover New and Updated Response Objects The following six data objects are available with the v2 endpoints: | Object | Description | | :-------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [Tweet](/x-api/fundamentals/data-dictionary#tweet) | The Tweet object has a long list of root-level fields, such as `id`, `text`, and `created_at`. Tweet objects are also the parent object to several child objects including `user`, `media`, `poll`, and `place`. | | [User](/x-api/fundamentals/data-dictionary#user) | The user object contains X user account metadata describing the referenced user. | | [Spaces](/x-api/fundamentals/data-dictionary#space) | The Space object consists of fields such as `state`, `host_id`, `is_ticketed`, and even `lang`. | | [Lists](/x-api/fundamentals/data-dictionary#list) | The List object contains basic information about the requested list including `description`, `member_count`, and `owner_id`. | | [Media](/x-api/fundamentals/data-dictionary#media) | If a Tweet contains media (such as images), then the media object can be requested using the `media.fields` parameter and includes fields such as the `media_key`, `type`, `url`, `preview_image_url`, and more. | | [Poll](/x-api/fundamentals/data-dictionary#poll) | A poll included in a Tweet is not a primary object on any endpoint, but can be found and expanded in the Tweet object. | | [Place](/x-api/fundamentals/data-dictionary#place) | The place object consists of fields such as `place_id`, `geo` object, `country_code`, and more. This information can be used to identify Tweets and study Tweets by location. | Learn more about [how to use fields and expansions](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions). ### Flexibility to Choose Which Objects and Fields You Receive When making a request to a GET endpoint, you will receive the primary data object that relates to that endpoint, which will include a set of default fields. For example, the Tweet object delivers the `id` and `text` fields as its default. If you would like to retrieve additional fields with your request, you will have to use the [fields](/x-api/fundamentals/fields) and [expansions](/x-api/fundamentals/expansions) parameters. The expansions parameter enables you to retrieve related data objects such as a user's pinned Tweet or a media object, while the field operators enable you to request specific fields within returned objects beyond the defaults. Here is a full list of expansions that you can request with the different X API v2 endpoints: | Object / Resource | Available Expansions | | :---------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Tweets | `author_id`, `edit_history_tweet_ids`, `entities.mentions.username`, `in_reply_to_user_id`, `referenced_tweets.id`, `referenced_tweets.id.author_id`, `attachments.poll_ids`, `attachments.media_keys`, `geo.place_id` | | Users | `pinned_tweet_id` | | Spaces | `invited_user_ids`, `speaker_ids`, `creator_id`, `host_ids`, `topic_ids` | Learn more about [how to use fields and expansions](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions). ## New Metrics Available within Tweets, Users, Spaces, and Media Objects More metrics are now accessible within Tweet, user, Spaces, Lists, and media objects. These metrics are both public and private, and some metrics can be broken down into an organic or promoted context for Tweet ads. Learn more about the available [metrics](/x-api/fundamentals/metrics). | Object | Available Metrics | Public Metrics | Private Metrics | Organic Metrics | Promoted Metrics | | :----- | :------------------- | :------------- | :-------------- | :-------------- | :--------------- | | tweets | retweet\_count | ✔️ | | ✔️ | ✔️ | | | quote\_count | ✔️ | | | | | | like\_count | ✔️ | | ✔️ | ✔️ | | | reply\_count | ✔️ | | ✔️ | ✔️ | | | impression\_count | | ✔️ | ✔️ | ✔️ | | | url\_profile\_clicks | | ✔️ | ✔️ | ✔️ | | | url\_link\_clicks | | ✔️ | ✔️ | ✔️ | | user | follower\_count | ✔️ | | | | | user | following\_count | ✔️ | | | | | media | view\_count | | ✔️ | | | | media | playback\_0\_count | | ✔️ | | | | space | participant\_count | ✔️ | | | | ## Edit Tweets The X API v2 endpoints provide edited Tweet metadata. The *Edit Tweet* feature was first introduced for testing among X employees on September 1, 2022. Starting on that date, eligible Tweets are editable for 30 minutes and up to 5 times. Learn more about [Edit Tweets](/x-api/fundamentals/edit-posts). Using the X API v2, a developer can find out: * If a Tweet was edit eligible at the time of creation. Some Tweets, such as those with polls or scheduled Tweets, can not be edited. * Tweets are editable for 30 minutes, and can be edited up to 5 times. For editable Tweets you can see if time for editing remains and how many more edits are possible. * If you are viewing an edited version of a Tweet (in most cases the API will return the most recent version of a Tweet, unless a specific past version is requested by Tweet ID). * The entire edit history of the Tweet. * The engagement attributed to each version of the Tweet. ## Track Threaded Conversations A new Tweet field helps identify which conversation thread a Tweet belongs to. A conversation ID is the Tweet ID of the Tweet that started the conversation. Learn more about [conversation tracking](/x-api/fundamentals/conversation-id). ## Ready to migrate In order to use v2 endpoints, you will need the following things: * [A developer account](https://developer.x.com/en/portal/petition/essential/basic-info) * [A developer App](https://developer.x.com/en/apps) created within a [Project](resources/fundamentals/projects) * [Keys and tokens](resources/fundamentals/authentication) from that Project’s developer App Please note the importance of using keys and tokens from an App within a Project. If you are using keys and tokens from an App outside of a Project, you will not be able to make a request to v2 endpoints. Once you have a developer account, you can set up all of the above in the [developer portal](https://developer.x.com/en/portal/petition/essential/basic-info). ### Authentication With the new Twitter API, you’ll use two different authentication patterns, OAuth 1.0a User Context and OAuth 2.0 Bearer Token, to access different endpoints. Each serves a different purpose when making requests to the endpoints: OAuth 1.0a User Context is required when making a request on behalf of a Twitter user OAuth 2.0 Bearer token is required to make requests on behalf of your developer App ## Tools and Code To help you get started and familiarize yourself with the new endpoints and capabilities we have a few options to jump start your work: * We have a Twitter [Postman collection](https://www.postman.com/xapidevelopers/twitter-s-public-workspace/collection/r90eid4/twitter-api-v2?ctx=documentation) that allows you to use the Postman client to make requests of and connect to the individual endpoints. This is a low-friction way to test authentication and experiment with the endpoints. * We’ve also provided a list of both Twitter-supported and third-party libraries in Ruby, Python, Node, Java, and many more. For additional context, take a look at our [tools and libraries page](/x-api/tools-and-libraries/overview). ## Migrating to Updated Endpoints As you start to explore the new Twitter v2 endpoints, we’ve built a series of detailed migration guides to help you compare and contrast each updated endpoint's capabilities compared to older versions: * **Tweets** * [Tweets lookup](/x-api/posts/lookup/integrate) * [Manage Tweets](/x-api/posts/manage-tweets/migrate/overview) * [Timelines](/x-api/posts/timelines/migrate/overview) * [Search Tweets](/x-api/posts/search/migrate/overview) * [Tweet counts](/x-api/posts/counts/migrate/overview) * [Filtered stream](/x-api/posts/filtered-stream/migrate/overview) * Sampled stream * [Retweets](/x-api/posts/retweets/migrate/overview) * [Likes](/x-api/posts/likes/migrate/likes-lookup-standard-to-twitter-api-v2) * [Hide replies](/x-api/posts/hide-replies/migrate) * **Users** * [Users lookup](/x-api/users/lookup/migrate/overview) * [Follows](/x-api/users/follows/migrate/standard-to-twitter-api-v2) * [Blocks](/x-api/users/blocks/migrate) * [Mutes](/x-api/users/mutes/migrate/manage-mutes-standard-to-twitter-api-v2) * **Lists** * [List lookup](/x-api/lists/list-lookup/migrate/overview) * [Manage Lists](/x-api/lists/manage-lists/migrate/overview) * [List Tweet lookup](/x-api/lists/list-tweets/migrate/overview) * [List members](/x-api/lists/list-members/migrate/overview) ## Migrating to the New Data Format As you move from v1.1 or enterprise to v2, it is important to understand that the format the data is delivered in has changed significantly. We have added new fields, modified the sequence of fields, and in some cases removed elements altogether. To learn more about these changes, we are developing a series of guides that will help you map out the pre-v2 data format fields to the newer fields, and describe how to request these new fields. You can learn more by visiting our [data formats migration](/x-api/migrate/data-format-migration) section of this migration hub, or by visiting our specific data format guides: * [Native format to x API v2 (standard v1.1)](/x-api/migrate/data-format-migration#migrating-from-standard-v1-1s-data-format-to-v2) * [Native Enriched to X API v2 (enterprise)](/x-api/migrate/data-format-migration#migrating-from-native-enriched-data-format-to-v2) * [Activity Streams to X API v2 (enterprise)](/x-api/migrate/data-format-migration#migrating-from-activity-streams-data-format-to-v2) ## What’s Next? Those of you who have used the platform for some time will notice that many of the new endpoints are aligned with existing [standard v1.1](https://developer.x.com/en/docs/twitter-api/v1) and [enterprise](/x-api/enterprise-gnip-2.0/enterprise-gnip) endpoints. Indeed, we intend for these to replace all three versions in the future. We’ve put together a table to help you understand how the [X API endpoints map](/x-api/migrate/x-api-endpoint-map) to previous versions. If you’d like to see what’s coming next, please visit our [product roadmap](https://trello.com/b/myf7rKwV/twitter-developer-platform-roadmap). We also have a [changelog](https://developer.x.com/en/updates/changelog) that you can check out to understand what we have already released. ### What Should We Build Next? As we build out additional capabilities of the X API v2 we want to continue to hear from you. We welcome and encourage [feedback](https://twitterdevfeedback.uservoice.com/) from you. Take a look at the ideas that have already been submitted, show your support for those that correlate with your needs, and provide feedback as well! # X API endpoint map Source: https://docs.x.com/x-api/migrate/x-api-endpoint-map The following table maps the X API v2 endpoints to the corresponding standard v1.1, and enterprise endpoints. To learn more about each of these versions and tiers, please visit our [X API getting started guide](/x-api/getting-started/about-x-api). You'll notice that we still have several items marked as **\[Coming Soon]**. If you notice anything within this table that is marked as **\[Replacement Under Consideration]** or **\[No Replacement Planned]**, and you would like to see us release a v2 version of that endpoint, please let us know via our [community forum](https://devcommunity.x.com/) or your enterprise account manager.  | | Standard v1.1 | Enterprise | X API v2 | | :------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Posts** | GET statuses/show
GET statuses/lookup | | [Posts lookup](/x-api/posts/lookup/introduction) | | | POST statuses/update
POST statuses/destroy/:id | | [Manage Posts](/x-api/posts/manage-tweets/introduction) | | | GET statuses/user\_timeline
GET statuses/mentions\_timeline
GET statuses/home\_timeline | | [Timelines](/x-api/posts/timelines/introduction)
- User Post timeline
- User mention timeline
- Reverse chronological home timeline | | | GET search/tweets | [Search API](/x-api/enterprise-gnip-2.0/fundamentals/search-api)
- 30 day
- Full-archive | [Search Tweets](/x-api/posts/search/introduction)
- Recent search
- 30 day \[No Replacement Planned]
- Full-archive search | | | | [Search API](/x-api/enterprise-gnip-2.0/fundamentals/search-api)
- 30 day
- Full-archive | [Tweet counts](/x-api/posts/counts/introduction)
- Recent Tweet counts
- 30 day \[No Replacement Planned]
- Full-archive Tweet counts | | | GET statuses/filter | [PowerTrack API](/x-api/enterprise-gnip-2.0/powertrack-api) | [Filtered stream](/x-api/posts/filtered-stream/introduction)
- Connect to stream
- Add/delete rules
- Retrieve rules | | | GET statuses/sample (1%) | [Decahose API](/x-api/enterprise-gnip-2.0/fundamentals/decahose-api)
Firehose API | [Volume stream](/x-api/posts/volume-streams/introduction)
- 1% sampled stream
- 10% decahose stream 
- 100% firehose stream | | | GET statuses/retweeters/:ids
GET statuses/retweets/:id | | [Retweets lookup](/x-api/posts/retweets/introduction) | | | | | [Quote Tweets lookup](/x-api/posts/quote-tweets) | | | POST statuses/retweet/:id
POST statuses/unretweet/:id | | [Manage Retweets](/x-api/posts/retweets/introduction)
- Retweet a Tweet
- Undo a Retweet | | | GET favorites/list | | [Likes lookup](/x-api/posts/likes/introduction)
- Posts liked by a user
- Users who have liked a Post | | | POST favorites/create
POST favorites/destroy | | [Manage Likes](/x-api/posts/likes/introduction)
- Like a Post
- Unlike a Post | | | | | [Hide replies](/x-api/posts/hide-replies/introduction) | | | GET statuses/oembed | | \[No Replacement Planned] | | | GET statuses/retweets\_of\_me | | \[No Replacement Planned] | | **Users** | GET users/show
GET users/lookup | | [Users lookup](/x-api/users/lookup/introduction) | | | GET users/search | | [Get user/search](/x-api/users/search/introduction) | | | GET followers/ids
GET followers/list
GET friends/ids
GET friends/list | | [Follows lookup](/x-api/users/follows/introduction) | | | GET friendships/incoming
GET friendships/lookup
GET friendships/no\_retweets/ids
GET friendships/outgoing
GET friendships/show | | [Connection\_status](/x-api/fundamentals/data-dictionary#user) | | | GET friendships/create
GET friendships/destroy | | [Manage follows](/x-api/users/follows/introduction)
- Follow a user
- Unfollow a user | | | POST friendships/update | | \[No Replacement Planned] | | | GET blocks/ids
GET blocks/list | | [Blocks lookup](/x-api/users/blocks/introduction) | | | POST blocks/create
POST blocks/destroy | | [Manage blocks](/x-api/users/blocks/introduction)
- Block a user
- Unblock a user | | | GET mutes/users/ids
GET mutes/users/list | | [Mutes lookup](/x-api/users/mutes/introduction) | | | POST mutes/users/create
POST mutes/users/destroy | | [Manage mutes](/x-api/users/mutes/introduction)
- Mute a user
- Unmute a user | | | GET account/verify\_credentials | | \[No Changes Planned] | | | | | \[No Replacement Planned] | | | GET saved\_searches/show/:id
GET saved\_searches/list
POST saved\_searches/create
POST saved\_searches/destroy/:id | | \[No Replacement Planned] | | | POST users/report\_spam | | \[No Replacement Planned] | | | | [Account Activity API](/x-api/enterprise-gnip-2.0/fundamentals/account-activity) | \[Migrating in 2025] | | **Spaces** | | | [Spaces lookup](/x-api/spaces/lookup/introduction) | | | | | [Spaces search](/x-api/spaces/search/introduction) | | | | | [Ticketed user lookup](/x-api/spaces/retrieve-the-list-of-users-who-purchased-a-ticket-to-the-given-space) | | | | | [Tweets shared in a Space lookup](/x-api/spaces/retrieve-posts-from-a-space) | | **Direct Messages** | | | [Direct Messages lookup](/x-api/direct-messages/lookup/introduction)
[Manage Direct Messages](/x-api/direct-messages/manage/introduction) | | **Lists** | GET lists/show | | [Lists lookup](/x-api/lists/list-lookup/introduction) | | | POST lists/create
POST lists/destroy
POST lists/update | | [Manage Lists](/x-api/lists/manage-lists/introduction) | | | GET lists/statuses | | [Lists Tweets lookup](/x-api/posts/list-posts-timeline-by-list-id) | | | GET lists/members
GET lists/memberships
POST lists/members/create
POST lists/members/destroy | | [List members](/x-api/lists/list-members#list-members-lookup) | | | GET lists/subscribers
GET lists/subscriptions
GET lists/lists
POST lists/subscribers/create
POST lists/subscribers/destroy | | [Lists follows](/x-api/lists/manage-lists/introduction) | | | GET lists/ownerships | | [Owned Lists lookup](/x-api/lists/list-lookup/introduction) | | | | | [Pinned Lists](/x-api/lists/pinned-lists) | | | GET lists/members/show
GET lists/subscribers/show | | \[No Replacement Planned] | | | POST lists/members/create\_all
POST lists/members/destroy\_all | | \[No Replacement Planned] | | **Media** | | | [Media Upload](https://docs.x.com/x-api/media/introduction) | | **Trends** | | | [Trends v2](/x-api/trends/introduction) | | **Geo** | | | \[No Replacement Planned] | | **Collections** | GET collections/entries
GET collections/list
GET collections/show
POST collections/create
POST collections/destroy
POST collections/entries/add
POST collections/entries/curate
POST collections/entries/move
POST collections/entries/remove
POST collections/update | | \[No Replacement Planned] | | **Metrics** | | [Engagement API](/enterprise-gnip-2.0/fundamentals/engagement-api)
- /totals
- /28hr
- /historical | /totals - [data is built into v2 responses](/x-api/fundamentals/metrics)
/28hr - \[[Here](https://docs.x.com/x-api/posts/get-last-28hr-metrics-for-posts#get-last-28hr-metrics-for-posts)]
/historical - \[[Here](https://docs.x.com/x-api/posts/get-historical-metrics-for-posts)] | | **Compliance** | | | [Batch compliance](/x-api/compliance/batch-compliance/introduction) | | | | [Compliance firehose](/x-api/enterprise-gnip-2.0/fundamentals/firehouse) | [Compliance streams](/x-api/compliance/streams/introduction) | | **Utilities** | | [Usage API](/x-api/enterprise-gnip-2.0/fundamentals/usage) | [Usage API](/x-api/usage/introduction) | | | GET application/rate\_limit\_status | | \[No Replacement Planned] | | | GET help/languages | | \[No Replacement Planned] | | **Authentication** | | | \[No Changes Planned] | | **Streaming Likes** | | [Streaming Likes](/x-api/enterprise-gnip-2.0/fundamentals/decahose-api#streaming-likes) | \[Coming Soon] | # Add/Delete rules Source: https://docs.x.com/x-api/posts/adddelete-rules post /2/tweets/search/stream/rules Add or delete rules from a User's active rule set. Users can provide unique, optionally tagged rules to add. Users can delete their entire rule set or a subset specified by rule ids or values. # Introduction Source: https://docs.x.com/x-api/posts/bookmarks/introduction export const Button = ({href, children}) => { return ; }; ### Manage Bookmarks We have two available methods for manage Bookmarks, POST and DELETE. The POST method lets you create Bookmarks. Likewise, the DELETE method allows you to delete a specific Bookmark.  There is a per-user rate limit of 50 requests per 15 minutes for the POST and DELETE methods. Since you are making requests on behalf of a user with the manage Bookmarks endpoints, you must authenticate by generating a user Access Token with OAuth 2.0. You can use the [Authorization Code with PKCE grant flow](/resources/fundamentals/authentication/oauth-2-0/user-access-token) to do so. To use this endpoint you must pass in the scopes `tweet.read`, `users.read`, and  `bookmark.write`. ### Bookmarks lookup The Bookmarks lookup endpoint has one method available, GET. This method allows you to get Bookmarks back from yourself or an authenticated account. Pagination tokens will be provided for paging through large sets of results for this endpoint. There is a per-user rate limit of 180 requests per 15 min window for the GET method. With this endpoint you will get back 800 of your most recent Bookmarked Posts. Since you are making requests on behalf of a user with the lookup Bookmarks endpoints, you must authenticate by generating a user Access Token with OAuth 2.0. You can use the [Authorization Code with PKCE grant flow](/resources/fundamentals/authentication/oauth-2-0/user-access-token) to do so. To use this endpoint you must pass in the scopes `tweet.read`, `users.read`, and `bookmark.read`. **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).



# Build a query Source: https://docs.x.com/x-api/posts/counts/integrate/build-a-query #### Building a query **Query limitations!** Your queries will be limited depending on which [access level](/x-api/getting-started/about-x-api) you are using.  If you have Pro access, your query can be 512 characters long. If you have Enterprise access, please reach out to your account manager.  **Operator availability** While most operators are available to any developer, there are several that are reserved for those that have been approved for Enterprise access. We list which access level each operator is available to in the [list of operators](/x-api/posts/search/integrate/build-a-query) table using the following labels: * Core operators: Available when using any [Project](/resources/fundamentals/projects). * Advanced operators: Available when using a Project with Enterprise access    #### Operator types: standalone and conjunction-required **Standalone operators** can be used alone or together with any other operators (including those that require conjunction). For example, the following query will work because it uses the #hashtag operator, which is standalone: \#xapiv2 **Conjunction-required** operators cannot be used by themselves in a query; they can only be used when at least one standalone operator is included in the query. This is because using these operators alone would be far too general, and would match on an extremely high volume of Posts. For example, the following queries are not supported since they contain only conjunction-required operators: has:media has:links OR is:retweet If we add in a standalone operator, such as the phrase "X data", the query would then work properly.  "X data" has:mentions (has:media OR has:links) #### Boolean operators and grouping If you would like to string together multiple operators in a single query, you have the following tools at your disposal: | | | | :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **AND logic** | Successive operators with a space between them will result in boolean "AND" logic, meaning that Posts will match only if both conditions are met. For example, snow day #NoSchool will match Posts containing the terms snow and day and the hashtag #NoSchool. | | **OR logic** | Successive operators with OR between them will result in OR logic, meaning that Posts will match if either condition is met. For example, specifying grumpy OR cat OR #meme will match any Posts containing at least the terms grumpy or cat, or the hashtag #meme. | | **NOT logic, negation** | Prepend a dash (-) to a keyword (or any operator) to negate it (NOT). For example, cat #meme -grumpy will match Posts containing the hashtag #meme and the term cat, but only if they do not contain the term grumpy. One common query clause is -is:retweet, which will not match on Retweets, thus matching only on original Posts, Quote Tweets, and replies. All operators can be negated, but negated operators cannot be used alone. | | **Grouping** | You can use parentheses to group operators together. For example, (grumpy cat) OR (#meme has:images) will return either Posts containing the terms grumpy and cat, or Posts with images containing the hashtag #meme. Note that ANDs are applied first, then ORs are applied. | **A note on negations** The operators -is:nullcast must always be negated. Negated operators cannot be used alone. Do not negate a set of operators grouped together in a set of parentheses. Instead, negate each individual operator. For example, instead of using skiing -(snow OR day OR noschool), we suggest that you use skiing -snow -day -noschool.  **Order of operations** When combining AND and OR functionality, the following order of operations will dictate how your query is evaluated. 1. Operators connected by AND logic are combined first 2. Then, operators connected with OR logic are applied For example: * apple OR iphone ipad would be evaluated as apple OR (iphone ipad) * ipad iphone OR android would be evaluated as (iphone ipad) OR android To eliminate uncertainty and ensure that your query is evaluated as intended, group terms together with parentheses where appropriate.  For example: * (apple OR iphone) ipad * iphone (ipad OR android)   **Punctuation, diacritics, and case sensitivity** If you specify a keyword or hashtag query with character accents or diacritics, it will match Post text that contains both the term with the accents and diacritics, as well as those terms with normal characters. For example, queries with a keyword Diacrítica or hashtag #cumpleaños will match *Diacrítica* or *#cumpleaños*, as well as with *Diacritica* or *#cumpleanos* without the tilde í or eñe. Characters with accents or diacritics are treated the same as normal characters and are not treated as word boundaries. For example, a query with the keyword cumpleaños would only match activities containing the word *cumpleaños* and would not match activities containing *cumplea*, *cumplean*, or *os*. All operators are evaluated in a case-insensitive manner. For example, the query cat will match Posts with all of the following: *cat*, *CAT*, *Cat*. The [filtered stream](/x-api/posts/filtered-stream) matching behavior acts differently from Post counts. When [building a filtered stream rule](/x-api/posts/filtered-stream#building-rules-for-filtered-stream), know that keywords and hashtags that include accents and diacritics will only match on terms that also include the accent and diacritic, and will not match on terms that use normal characters instead.  For example, filtered stream rules that include a keyword Diacrítica or hashtag #cumpleaños will only match the terms *Diacrítica* and *#cumpleaños*, and will not match on *Diacritica* or *#cumpleanos* without the tilde í or eñe **Specificity and efficiency** When you start to build your query, it is important to keep a few things in mind. * Using broad, standalone operators for your query such as a single keyword or #hashtag is generally not recommended since it will likely match on a massive volume of Posts. Creating a more robust query will result in a more specific set of matching Posts, and will hopefully increase the accuracy of your Post counts to help you find more valuable insights.  * For example, if your query was just the keyword happy you will likely get anywhere from 200,000 - 300,000 Posts per day. * Adding more conditional operators narrows your results, for example (happy OR happiness) place\_country:GB -birthday -is:retweet * Writing efficient queries is also beneficial for staying within the characters query length restriction. The character count includes the entire query string including spaces and operators. * For example, the following query is 59 characters long: (happy OR happiness) place\_country:GB -birthday -is:retweet **Quote Tweet matching behavior** When using the Post counts endpoints, operators will not match on the content from the original Post that was quoted, but will match on the content included in the Quote Tweet. However, please note that [filtered stream](/x-api/posts/filtered-stream) will match on both the content from the original Post that was quoted and the Quote Tweet's content.   **Iteratively building a query** **Test your query early and often** Getting a query to return the "right" results the first time is rare. There is so much on X that may or may not be obvious at first and the query syntax described above may be hard to match to your desired query. As you build a query, it is important for you to periodically test it out using one of the [Search Post](/x-api/posts/search/introduction) endpoints to ensure that the Posts that are matching your query are relevant to your use case. For this section, we are going to start with the following query and adjust it based on the results that we receive during our test:  happy OR happiness **Use results to narrow the query** As you test the query with Search Posts, you should scan the returned Posts to see if they include the data that you are expecting and hoping to receive. Starting with a broad query and a superset of Post matches allows you to review the result and narrow the query to filter out undesired results.   When we tested the example query, we noticed that we were getting Posts in a variety of different languages. In this situation, we want to only receive Posts that are in english, so we’re going to add the lang: operator: (happy OR happiness) lang:en The test delivered a number of Posts wishing people a happy birthday, so we are going to add -birthday as a negated keyword operator. We also want to only receive original Posts, so we’ve added the negated -is:retweet operator: (happy OR happiness) lang:en -birthday -is:retweet **Adjust for inclusion where needed** If you notice that you are not receiving data via Search Posts that you expect and know that there are existing Posts that should return, you may need to broaden your query by removing operators that may be filtering out the desired data.  For our example, we noticed that there were other Posts in our personal timeline that expressed the emotion that we are looking for and weren’t included in the test results. To ensure we have greater coverage, we are going to add the keywords, excited and elated. (happy OR happiness OR excited OR elated) lang:en -birthday -is:retweet **Adjust for popular trends/bursts over the time period** Trends come and go on X quickly. Maintaining your query should be an active process. If you plan to use a query for a while, we suggest that you periodically check in on the data that you are receiving to see if you need to make any adjustments. In our example, we notice that we started to receive some Posts that are wishing people a “happy holidays”. Since we don’t want these Posts included in our results, we are going to add a negated -holidays keyword. (happy OR happiness OR excited OR elated) lang:en -birthday -is:retweet -holidays  Once you've properly tested and iterated upon your query, you can start sending it with the Post counts endpoints to start to receive just the volume of Posts rather than the full Post payloads. #### Adding a query to your request To add your query to your request, you must use the query parameter. As with any query parameters, you must make sure to HTTP encode the query that you developed. Here is an example of what this might look like using a cURL command. If you would like to use this command, please make sure to replace \$BEARER\_TOKEN with your own [Bearer Token](/resources/fundamentals/authentication#oauth-2-0): ``` curl https://api.x.com/2/tweets/counts/recent?query=cat%20has%3Amedia%20-grumpy&tweet.fields=created_at&max_results=100 -H "Authorization: Bearer $BEARER_TOKEN" ``` #### Query examples **Tracking a natural disaster** The following query matched on original Posts coming from weather agencies and gauges that discuss Hurricane Harvey, which hit Houston in 2017. Here is what the query would look like without the HTTP encoding: has:geo (from:NWSNHC OR from:NHC\_Atlantic OR from:NWSHouston OR from:NWSSanAntonio OR from:USGS\_TexasRain OR from:USGS\_TexasFlood OR from:JeffLindner1) -is:retweet And here is what the query would look like with the HTTP encoding, the query parameter, and the recent Post counts URI: [https://api.x.com/2/tweets/counts/recent?query=-is%3Aretweet%20has%3Ageo%20(from%3ANWSNHC%20OR%20from%3ANHC\\\_Atlantic%20OR%20from%3ANWSHouston%20OR%20from%3ANWSSanAntonio%20OR%20from%3AUSGS\\\_TexasRain%20OR%20from%3AUSGS\_TexasFlood%20OR%20from%3AJeffLindner1)](https://api.x.com/2/tweets/counts/recent?query=-is%3Aretweet%20has%3Ageo%20\(from%3ANWSNHC%20OR%20from%3ANHC\\_Atlantic%20OR%20from%3ANWSHouston%20OR%20from%3ANWSSanAntonio%20OR%20from%3AUSGS\\_TexasRain%20OR%20from%3AUSGS_TexasFlood%20OR%20from%3AJeffLindner1\)) **Reviewing the sentiment of a conversation** The next rule could be used to better understand the sentiment of the conversation developing around the hashtag, *#nowplaying*, but scoped to just Posts published within North America. Here is what the two different queries, one for positive and one for negative, would look like without the HTTP encoding: \#nowplaying (happy OR exciting OR excited OR favorite OR fav OR amazing OR lovely OR incredible) (place\_country:US OR place\_country:MX OR place\_country:CA) -horrible -worst -sucks -bad -disappointing \#nowplaying (horrible OR worst OR sucks OR bad OR disappointing) (place\_country:US OR place\_country:MX OR place\_country:CA) -happy -exciting -excited -favorite -fav -amazing -lovely -incredible And here is what the query would look like with the HTTP encoding, the query parameter, and the recent Post counts URI: [https://api.x.com/2/tweets/counts/recent?query=%23nowplaying%20(happy%20OR%20exciting%20OR%20excited%20OR%20favorite%20OR%20fav%20OR%20amazing%20OR%20lovely%20OR%20incredible)%20(place\\\_country%3AUS%20OR%20place\\\_country%3AMX%20OR%20place\_country%3ACA)%20-horrible%20-worst%20-sucks%20-bad%20-disappointing](https://api.x.com/2/tweets/counts/recent?query=%23nowplaying%20\(happy%20OR%20exciting%20OR%20excited%20OR%20favorite%20OR%20fav%20OR%20amazing%20OR%20lovely%20OR%20incredible\)%20\(place\\_country%3AUS%20OR%20place\\_country%3AMX%20OR%20place_country%3ACA\)%20-horrible%20-worst%20-sucks%20-bad%20-disappointing) [https://api.x.com/2/tweets/counts/recent?query=%23nowplaying%20(horrible%20OR%20worst%20OR%20sucks%20OR%20bad%20OR%20disappointing)%20(place\\\_country%3AUS%20OR%20place\\\_country%3AMX%20OR%20place\_country%3ACA)%20-happy%20-exciting%20-excited%20-favorite%20-fav%20-amazing%20-lovely%20-incredible](https://api.x.com/2/tweets/counts/recent?query=%23nowplaying%20\(horrible%20OR%20worst%20OR%20sucks%20OR%20bad%20OR%20disappointing\)%20\(place\\_country%3AUS%20OR%20place\\_country%3AMX%20OR%20place_country%3ACA\)%20-happy%20-exciting%20-excited%20-favorite%20-fav%20-amazing%20-lovely%20-incredible) **Find Posts that relate to a specific Post annotation** This rule was built to filter for original Posts that included an image of a pet that is not a cat, where the language identified in the Post is Japanese. To do this, we used the context: operator to take advantage of the[Post annotation](/x-api/fundamentals/post-annotations) functionality. We first used the[Post lookup](/x-api/posts/lookup/introduction) endpoint and the tweet.fields=context\_annotations fields parameter to identify which domain.entity IDs we need to use in our query: * Posts that relate to cats return **domain** 66 (Interests and Hobbies category) with entity 852262932607926273 (Cats).  * Posts that relate to pets return **domain** 65 (Interests and Hobbies Vertical) with entity 852262932607926273 (Pets).  Here is what the query would look like without the HTTP encoding: context:65.852262932607926273 -context:66.852262932607926273 -is:retweet has:images lang:ja And here is what the query would look like with the HTTP encoding, the query parameter, and the recent Post counts URI: [https://api.x.com/2/tweets/counts/recent?query=context%3A65.852262932607926273%20-context%3A66.852262932607926273%20-is%3Aretweet%20has%3Aimages%20lang%3Aja](https://api.x.com/2/tweets/counts/recent?query=context%3A65.852262932607926273%20-context%3A66.852262932607926273%20-is%3Aretweet%20has%3Aimages%20lang%3Aja) #### Operators | Operator | Type | Availability | Description | | :--------------------- | :------------------- | :----------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `keyword` | Standalone | Core | Matches a keyword within the body of a Post. This is a tokenized match, meaning that your keyword string will be matched against the tokenized text of the Post body. Tokenization splits words based on punctuation, symbols, and Unicode basic plane separator characters. For example, a Post with the text “I like coca-cola” would be split into the following tokens: I, like, coca, cola. These tokens would then be compared to the keyword string used in your query. To match strings containing punctuation (for example coca-cola), symbol, or separator characters, you must wrap your keyword in double-quotes. Example: `pepsi OR cola OR "coca cola"` | | `emoji` | Standalone | Core | Matches an emoji within the body of a Post. Similar to a keyword, emojis are a tokenized match, meaning that your emoji will be matched against the tokenized text of the Post body. Note that if an emoji has a variant, you must wrap it in double quotes to add to a query. Example: `(😃 OR 😡) 😬` | | `"exact phrase match"` | Standalone | Core | Matches the exact phrase within the body of a Post. Example: `("X API" OR #v2) -"recent counts"` | | `#` | Standalone | Core | Matches any Post containing a recognized hashtag, if the hashtag is a recognized entity in a Post. This operator performs an exact match, NOT a tokenized match, meaning the rule `#thanku` will match posts with the exact hashtag #thanku, but not those with the hashtag #thankunext. Example: `#thankunext #fanart OR @arianagrande` | | `@` | Standalone | Core | Matches any Post that mentions the given username, if the username is a recognized entity (including the @ character). Example: `(@XDevelopers OR @API) -@X` | | `$` | Standalone | Advanced | Matches any Post that contains the specified ‘cashtag’ (where the leading character of the token is the ‘$’ character). Note that the cashtag operator relies on X's ‘symbols’ entity extraction to match cashtags, rather than trying to extract the cashtag from the body itself. Example: `$twtr OR @XDevelopers -\$fb\` | | `from:` | Standalone | Core | Matches any Post from a specific user. The value can be either the username (excluding the @ character) or the user’s numeric user ID. You can only pass a single username/ID per `from:` operator. Example: `from:XDevelopers OR from:API -from:X` | | `to:` | Standalone | Core | Matches any Post that is in reply to a particular user. The value can be either the username (excluding the @ character) or the user’s numeric user ID. You can only pass a single username/ID per `to:` operator. Example: `to:XDevelopers OR to:API -to:X` | | `url:` | Standalone | Core | Performs a tokenized match on any validly-formatted URL of a Post. This operator can matches on the contents of both the `url` or `expanded_url` fields. For example, a Post containing "You should check out X Developer Labs: [https://t.co/c0A36SWil4](https://t.co/c0A36SWil4)" (with the short URL redirecting to [https://developer.x.com](https://developer.x.com)) will match both the following rules: `from:XDevelopers url:"https://developer.x.com"` and `from:XDevelopers url:"https://t.co"`. Tokens and phrases containing punctuation or special characters should be double-quoted. | | `retweets_of:` | Standalone | Core | Matches Posts that are Retweets of the specified user. The value can be either the username (excluding the @ character) or the user’s numeric user ID. You can only pass a single username/ID per `retweets_of:` operator. Example: `retweets_of:XDevelopers OR retweets_of:API` | | `context:` | Standalone | Core | Matches Posts with a specific domain id/entity id pair. You can only pass a single domain/entity per `context:` operator. Example: `context:domain_id.entity_id`. You can combine multiple domain/entities using the OR operator: `(context:47.113922 9372198469633 OR context:11.1088514520308342784)` | | `entity:` | Standalone | Core | Matches Posts with a specific entity string value. You can only pass a single `entity:` operator. Example: `entity:"string declaration of entity/place"`. Please note that this is only available with recent search. | | `conversation_id:` | Standalone | Core | Matches Posts that share a common conversation ID. A conversation ID is set to the Post ID of a Post that started a conversation. As Replies to a Post are posted, even Replies to Replies, the `conversation_id` is added to its JSON payload. You can only pass a single conversation ID per `conversation_id:` operator. Example: `conversation_id:1334987486343299072 (from:XDevelopers OR from:API)` | | `list:` | Standalone | Advanced | Matches Posts posted by users who are members of a specified list. For example, if @XDevelopers and @API were members of List 123, and you included `list:123` in your query, your response will only contain Posts that have been published by those accounts. You can find List IDs by using the List lookup endpoint. Example: `list:123` | | `place:` | Standalone | Advanced | Matches Posts tagged with the specified location or X place ID. Multi-word place names (“New York City”, “Palo Alto”) should be enclosed in quotes. You can only pass a single place per `place:` operator. Note: See the GET geo/search standard v1.1 endpoint for how to obtain X place IDs. Example: `place:"new york city" OR place:seattle OR place:fd70c22040963ac7` | | `place_country:` | Standalone | Advanced | Matches Posts where the country code associated with a tagged place/location matches the given ISO alpha-2 character code. You can find a list of valid ISO codes on Wikipedia. You can only pass a single ISO code per `place_country:` operator. Example: `place_country:US OR place_country:MX OR place_country:CA` | | `point_radius:` | Standalone | Advanced | Matches against the `place.geo.coordinates` object of the Post when present, and in X, against a place geo polygon, where the Place polygon is fully contained within the defined region. `point_radius:[longitude latitude radius]`. Units of radius supported are miles (mi) and kilometers (km). Radius must be less than 25mi. Longitude is in the range of ±180. Latitude is in the range of ±90. All coordinates are in decimal degrees. Rule arguments are contained within brackets, space delimited. Example: `point_radius:[2.355128 48.861118 16km] OR point_radius:[-41.287336 174.761070 20mi]` | | `bounding_box:` | Standalone | Advanced | Matches against the place.geo.coordinates object of the Post when present, and in X, against a place geo polygon, where the place polygon is fully contained within the defined region. `bounding_box:[west_long south_lat east_long north_lat]`. Width and height of the bounding box must be less than 25mi. Longitude is in the range of ±180. Latitude is in the range of ±90. All coordinates are in decimal degrees. Rule arguments are contained within brackets, space delimited. Example: `bounding_box:[-105.301758 39.964069 -105.178505 40.09455]` | | `is:retweet` | Conjunction required | Core | Matches on Retweets that match the rest of the specified rule. This operator looks only for true Retweets (for example, those generated using the Retweet button). Quote Tweets will not be matched by this operator. Example: `data @XDevelopers -is:retweet` | | `is:reply` | Conjunction required | Core | Deliver only explicit replies that match a rule. Can also be negated to exclude replies that match a query from delivery. Note: This operator is also available with the filtered stream endpoint. When used with filtered stream, this operator matches on replies to an original Post, replies in quoted Posts, and replies in Retweets. Example: `from:XDevelopers is:reply` | | `is:quote` | Conjunction required | Core | Returns all Quote Tweets, also known as Posts with comments. Example: `"sentiment analysis" is:quote` | | `is:verified` | Conjunction required | Core | Deliver only Posts whose authors are verified by X. Example: `#nowplaying is:verified` | | `-is :nullcast` | Conjunction required | Advanced | Removes Posts created for promotion only on ads.x.com that have a `"source":"Twitter for Advertisers (legacy)"` or `"source":"Twitter for Advertisers"`. This operator must be negated. For more info on Nullcasted Posts, see our page on Post availability. Example: `"mobile games" -is:nullcast` | | `has:hashtags` | Conjunction required | Core | Matches Posts that contain at least one hashtag. Example: `from:XDevelopers -has:hashtags` | | `has:cashtags` | Conjunction required | Advanced | Matches Posts that contain a cashtag symbol (with a leading ‘$’ character. For example, `$tag`). Example: `#stonks has:cashtags\` | | `has:links` | Conjunction required | Core | This operator matches Posts which contain links and media in the Post body. Example: `from:XDevelopers announcement has:links` | | `has:mentions` | Conjunction required | Core | Matches Posts that mention another X user. Example: `#nowplaying has:mentions` | | `has:media` | Conjunction required | Core | Matches Posts that contain a media object, such as a photo, GIF, or video, as determined by X. This will not match on media created with Periscope, or Posts with links to other media hosting sites. Example: `(kittens OR puppies) has:media` | | `has:images` | Conjunction required | Core | Matches Posts that contain a recognized URL to an image. Example: `#meme has:images` | | `has:videos` | Conjunction required | Core | Matches Posts that contain native X videos, uploaded directly to X. This will not match on videos created with Periscope, or Posts with links to other video hosting sites. Example: `#icebucketchallenge has:videos` | | `has:geo` | Conjunction required | Advanced | Matches Posts that have Post-specific geolocation data provided by the X user. This can be either a location in the form of a X place, with the corresponding display name, geo polygon, and other fields, or in rare cases, a geo lat-long coordinate. Note: Operators matching on place (Post geo) will only include matches from original posts. Retweets do not contain any place data. Example: `recommend #paris has:geo -bakery` | | `lang:` | Conjunction required | Core | Matches Posts that have been classified by X as being of a particular language (if, and only if, the Post has been classified). It is important to note that each Post is currently only classified as being of one language, so AND’ing together multiple languages will yield no results. You can only pass a single BCP 47 language identifier per `lang:` operator. Note: if no language classification can be made the provided result is ‘und’ (for undefined). Example: `recommend #paris lang:en` | | | | | | | :---------------- | :--------------------------- | :---------------------------- | :----------------------------- | | Amharic: **am** | German: **de** | Malayalam: **ml** | Slovak: **sk** | | Arabic: **ar** | Greek: **el** | Maldivian: **dv** | Slovenian: **sl** | | Armenian: **hy** | Gujarati: **gu** | Marathi: **mr** | Sorani Kurdish: **ckb** | | Basque: **eu** | Haitian Creole: **ht** | Nepali: **ne** | Spanish: **es** | | Bengali: **bn** | Hebrew: **iw** | Norwegian: **no** | Swedish: **sv** | | Bosnian: **bs** | Hindi: **hi** | Oriya: **or** | Tagalog: **tl** | | Bulgarian: **bg** | Latinized Hindi: **hi-Latn** | Panjabi: **pa** | Tamil: **ta** | | Burmese: **my** | Hungarian: **hu** | Pashto: **ps** | Telugu: **te** | | Croatian: **hr** | Icelandic: **is** | Persian: **fa** | Thai: **th** | | Catalan: **ca** | Indonesian: **in** | Polish: **pl** | Tibetan: **bo** | | Czech: **cs** | Italian: **it** | Portuguese: **pt** | Traditional Chinese: **zh-TW** | | Danish: **da** | Japanese: **ja** | Romanian: **ro** | Turkish: **tr** | | Dutch: **nl** | Kannada: **kn** | Russian: **ru** | Ukrainian: **uk** | | English: **en** | Khmer: **km** | Serbian: **sr** | Urdu: **ur** | | Estonian: **et** | Korean: **ko** | Simplified Chinese: **zh-CN** | Uyghur: **ug** | | Finnish: **fi** | Lao: **lo** | Sindhi: **sd** | Vietnamese: **vi** | | French: **fr** | Latvian: **lv** | Sinhala: **si** | Welsh: **cy** | | Georgian: **ka** | Lithuanian: **lt** | | | # Overview Source: https://docs.x.com/x-api/posts/counts/integrate/overview ## How to integrate with the Posts counts endpoints This page contains information on several tools and key concepts that you should be aware of as you integrate the recent or full-archive Post counts endpoints into your system. We’ve split the page into the following sections: * [Helpful tools](#helpful-tools) * Key concepts * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#developer-portal) * [Rate limits](#rate-limits) * [Building queries](#queries) * [Pagination](#pagination) ### Helpful tools Before we start to explore some key concepts, we recommend that you use one of the following tools or code samples to start testing the functionality of these endpoints. #### Code samples Interested in getting set up with these endpoints with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our [GitHub page](https://github.com/xdevplatform/Twitter-API-v2-sample-code), including a [Python client](https://github.com/xdevplatform/search-tweets-python). #### Libraries Take advantage of one of our many [community third-party libraries](/x-api/tools-and-libraries/overview) to help you get started. You can find a library that works with the v2 endpoints by looking for the appropriate version tag. #### Postman Postman is a great tool that you can use to test out these endpoints. Each Postman request includes all of the given endpoint’s parameters to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) page.   ### Key concepts #### Authentication All X API v2 endpoints require requests to be [authenticated](/resources/fundamentals/authentication) with a set of credentials, also known as keys and tokens. This specific endpoint requires the use of [OAuth 2.0 Bearer Token](/resources/fundamentals/authentication#oauth-2-0), which means that you must pass a [Bearer Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) to make a successful request. You can either generate a Bearer Token from directly within a developer App, or generate one using the [POST oauth2/token](/resources/fundamentals/authentication#post-oauth2-token) endpoint. #### Developer portal, Projects, and developer Apps To work with any X API v2 endpoints, you must have a [developer account](/resources/fundamentals/developer-portal), set up a [Project](/resources/fundamentals/projects) within that account, and created a [developer App](/resources/fundamentals/developer-apps) within that Project. Your keys and tokens within that developer App will work for the recent Post counts endpoints. If you would like to use the full-archive Post counts endpoint, or utilize the advanced operators and longer query length, you will need to have been approved for enterprise access. Please visit our section on enterprise access to learn more. #### Rate limits Every day, many thousands of developers make requests to the X API. To help manage the volume, [rate limits](/x-api/fundamentals/rate-limits) are placed on each endpoint that limits the number of requests that every developer can make on behalf of an app or on behalf of an authenticated user. This endpoint is rate limited at the App-level, meaning that you, the developer, can only make a certain number of requests to this endpoint over a given period of time from any given App (assumed by the credentials that you are using).  #### Building queries The central feature of these endpoints is their use of a single query to filter the Posts into the counts that deliver to you. These queries are made up of operators that match on Post and user attributes, such as message keywords, hashtags, and URLs. Operators can be combined into queries with boolean logic and parentheses to help refine the query's matching behavior. You can use our guide on [how to build a query](/x-api/posts/counts/integrate/build-a-query) to learn more. #### Pagination For recent Post counts, there is no next\_token returned, which means that regardless of the granularity, you will get  the Post volume for the last 7 days in one API call. For full-archive Post counts, you will get data for the last 30 days. For data more than 30 days, you will get a next\_token which you can then use to paginate to get the additional data.  ### Building queries for Post counts The Post counts endpoints accept a single query with a GET request and return a set of historical Post counts that match the query.  Queries are made up of operators that are used to match on a variety of Post attributes.  #### Table of contents * [Building a query](#build) * [Query limitations](#limits) * [Operator availability](#availability) * [Operator types: standalone and conjunction-required](#types) * [Boolean operators and grouping](#boolean) * [Order of operations](#order-of-operations) * [Punctuation, diacritics, and case sensitivity](#punctuation) * [Specificity and efficiency](#specificity) * [Quote Tweet matching behavior](#quote-tweets) * [Iteratively building a query](#iterative) * [Adding a query to your request](#adding-a-query) * [Query examples](#examples) * [List of operators](#list) # Introduction Source: https://docs.x.com/x-api/posts/counts/introduction export const Button = ({href, children}) => { return ; }; The v2 Post counts endpoints allow developers to understand and retrieve the volume of data for a given query.  This can be beneficial for a number of reasons, including: * Understand the Post volume for a keyword to build visualizations, such as trendlines. * Understanding the time period in which an event or conversation occurred, to ensure your query captures the relevant data * Understanding how many Posts a search query will return, in order to refine your query, before using the recent search or full-archive search endpoints. **Please note:** The counts will not always match the result that will be returned from search endpoints because the search endpoints go through additional compliance that the counts endpoints do not go through * Understanding the size of the conversation around a topic, without actually having to pull the raw data, and put Posts against your monthly [Post cap](/x-api/fundamentals/post-cap).  When developing a query, you will be limited to a certain query length and to specific operators based on your [access level](/x-api/getting-started/about-x-api).  * If you are using a Project with Pro access, you can use all available operators, and use queries up to 1024 characters in length.  * If you are using a Project with Enterprise access, you can use all available operators, and use queries up to 4096 characters in length.  You can also specify the granularity (which can be day, hour, or minute) as well as the time period for which you need the Post counts (using the start\_time and end\_time parameters). The default time granularity that this endpoint uses is hour, which means if you do not specify the granularity parameter, the endpoint will give you the Post counts per hour, for the last 7 days. **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access). ### Recent Post counts The recent Post counts endpoint allows you to programmatically retrieve the numerical count of Posts for a query, over the last seven days. This endpoint is available via to anyone using keys and tokens that are associated with an [App](/resources/fundamentals/developer-apps) within a [Project](/resources/fundamentals/projects) and uses [OAuth 2.0 App-Only](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) for authentication. ### Full-archive Post counts Academic Research or Enterprise access only The full-archive Post counts endpoint allows you to programmatically retrieve the numerical count of Posts for a query, from the entire archive of public Posts. Currently, this endpoint is only available to those that have been approved for [Academic Research or Enterprise access](/x-api/getting-started/about-x-api) and use the [OAuth 2.0 App-Only](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) for authentication. One example: You could use the full-archive Post counts endpoint to see the number of Posts for the hashtag #SOSHurricaneHarvey per day between August and September 2017. **Please note:** The counts endpoint paginates at 31 days per response. For example, setting a day granularity, will return the count of results per day for 31 days per page.  Setting an hour granularity, will return the count of results per hour for 744 (31 days x 24 hours) hours per page.  If you do not specify the granularity and time period, this endpoint will give you Post counts for a query per hour, for the last 30 days. # Search Posts (Full-archive) Source: https://docs.x.com/x-api/posts/counts/quickstart/full-archive-tweet-counts export const Button = ({href, children}) => { return ; }; ### Getting started with the full-archive Post counts     endpoint This quick start guide will help you make your first request to the full-archive Post counts endpoint using Postman, a graphical tool that alows you to make HTTP requests. If you would like to see sample code in different programming languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  ### Prerequisites The full-archive Post counts endpoint is currently only available to those that have Pro or Enterprise access. In order to use this endpoint, you must apply for Pro or [Enterprise access](https://docs.google.com/forms/d/e/1FAIpQLScO3bczKWO2jFHyVZJUSEGfdyfFaqt2MvmOfl_aJp0KxMqtDA/viewform).  In addition to being approved for access, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * Navigate to your [Project](/resources/fundamentals/projects) with Enterprise access in the developer portal and make sure you have an associated [developer App](/resources/fundamentals/developer-apps) within that Project. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. #### Steps to build a full-archive Post counts request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the Post counts > Full-archive Post counts request. **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request with the [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token) authentication methods. You must add your keys and tokens, specifically the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) (also known as the App-only Bearer Token) to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). This variable will automatically be pulled into the request's authorization tab if you've done this correctly.   **Step three: Create a query** Each full-archive Post counts request requires a single [query](/x-api/posts/counts/integrate/build-a-query). For this example, we are going to use a query that matches on Posts posted by the @XDevelopers account. For this query we use the from operator and set it to XDevelopers (case insensitive): `from:XDevelopers` In Postman, navigate to the "Params" tab and enter this ID, or a string of Post IDs separated by a comma, into the "Value" column of the `ids` parameter.   | Key | Value | Description | | :------ | :----------------- | :------------------------------------------------------- | | `query` | `from:XDevelopers` | Query to submit to the full-archive Post counts endpoint | Step four (optional): Specify the granularity and time period If you click the ‘Send’ button after step three, you will get the default full-archive Post counts: by hour for the last 30 days. If you want to get full-archive Post counts by day, you will have to add the granularity parameter with a value of day. If you want Post counts for more than 30 days ago, you will have to specify the start\_time and end\_time parameters with the desired values.  In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | | :---------- | :------------------- | :----------------------------------------------------------------------------------- | | **Key** | **Value** | **Description** | | granularity | day | The granularity for the Post counts results. Possible values are day, hour or minute | | start\_time | 2021-05-01T00:00:00Z | The oldest UTC timestamp from which the Posts will be provided | | end\_time | 2021-06-01T00:00:00Z | The oldest UTC timestamp from which the Posts will be provided. | You should now see the following URL next to the "Send" button: `https://api.x.com/2/tweets/counts/all?query=from%3AXDevelopers&start_time=2021-05-01T00:00:00Z&end_time=2021-06-01T00:00:00Z&granularity=day` **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive a response similar to the following: ``` { "data": [ { "end": "2021-05-02T00:00:00.000Z", "start": "2021-05-01T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-03T00:00:00.000Z", "start": "2021-05-02T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-04T00:00:00.000Z", "start": "2021-05-03T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-05T00:00:00.000Z", "start": "2021-05-04T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-06T00:00:00.000Z", "start": "2021-05-05T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-07T00:00:00.000Z", "start": "2021-05-06T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-08T00:00:00.000Z", "start": "2021-05-07T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-09T00:00:00.000Z", "start": "2021-05-08T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-10T00:00:00.000Z", "start": "2021-05-09T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-11T00:00:00.000Z", "start": "2021-05-10T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-12T00:00:00.000Z", "start": "2021-05-11T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-13T00:00:00.000Z", "start": "2021-05-12T00:00:00.000Z", "tweet_count": 6 }, { "end": "2021-05-14T00:00:00.000Z", "start": "2021-05-13T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-05-15T00:00:00.000Z", "start": "2021-05-14T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-16T00:00:00.000Z", "start": "2021-05-15T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-17T00:00:00.000Z", "start": "2021-05-16T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-18T00:00:00.000Z", "start": "2021-05-17T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-19T00:00:00.000Z", "start": "2021-05-18T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-05-20T00:00:00.000Z", "start": "2021-05-19T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-21T00:00:00.000Z", "start": "2021-05-20T00:00:00.000Z", "tweet_count": 8 }, { "end": "2021-05-22T00:00:00.000Z", "start": "2021-05-21T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-05-23T00:00:00.000Z", "start": "2021-05-22T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-24T00:00:00.000Z", "start": "2021-05-23T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-25T00:00:00.000Z", "start": "2021-05-24T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-26T00:00:00.000Z", "start": "2021-05-25T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-05-27T00:00:00.000Z", "start": "2021-05-26T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-05-28T00:00:00.000Z", "start": "2021-05-27T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-05-29T00:00:00.000Z", "start": "2021-05-28T00:00:00.000Z", "tweet_count": 2 }, { "end": "2021-05-30T00:00:00.000Z", "start": "2021-05-29T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-05-31T00:00:00.000Z", "start": "2021-05-30T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-06-01T00:00:00.000Z", "start": "2021-05-31T00:00:00.000Z", "tweet_count": 0 } ], "meta": { "total_tweet_count": 22 } } ``` **Step six: Paginate through your results** If the ‘meta’ object in your response also contains next\_token, you can pass its value to the next\_token query parameter. | Key | Value | Description | | :---------- | :--------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | next\_token | You will add the next\_token that you pull from your previous request's meta object and add it here. | If your latest request does not deliver the remainder of the results, you will receive a next\_token in the meta object. You will pull the value of that field and add it as the value of the next\_token parameter in your next request, holding all other request parameters constant. | Once you have the right value for next\_token set, hit the "Send" button and you will receive the next page of results. # Search Posts (Recent) Source: https://docs.x.com/x-api/posts/counts/quickstart/recent-tweet-counts export const Button = ({href, children}) => { return ; }; ### Getting started with the recent Post counts endpoint This quick start guide will help you make your first request to the recent Post counts endpoint using Postman, a graphical tool that allows you to send HTTP requests. If you would like to see sample code in different programming languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  ### Prerequisites To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. #### Steps to build a recent Post counts request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the Post counts > Recent Post counts request. **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request with the [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token) authentication methods. You must add your keys and tokens, specifically the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) (also known as the App-only Bearer Token) to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). This variable will automatically be pulled into the request's authorization tab if you've done this correctly.   **Step three: Create a query** Each recent Post counts request requires a single[query](/x-api/posts/counts/integrate/build-a-query). For this example, we are going to use a query that matches on Posts posted by the @XDevelopers account. For this query we use the from: operator and set it to XDevelopers (case insensitive): `from:XDevelopers` In Postman, navigate to the "Params" tab and enter this ID, or a string of Post IDs separated by a comma, into the "Value" column of the `ids` parameter. | | | | | :------ | :--------------- | :------------------------------------------------- | | **Key** | **Value** | **Description** | | `query` | from:XDevelopers | Query to submit to the recent Post counts endpoint | **Step four (optional): Specify the granularity of the request** If you click the ‘Send’ button after step three, you will get the default recent Post counts: by hour for the last seven days. If you want to get recent Post counts by day, you will have to add the granularity parameter with a value of day. In Postman, navigate to the "Params" tab and day into the "Value" column of the granularity parameter. | | | | | :---------- | :-------- | :----------------------------------------------------------------------------------- | | **Key** | **Value** | **Description** | | granularity | day | The granularity for the Post counts results. Possible values are day, hour or minute | You should now see the following URL next to the "Send" button: `https://api.x.com/2/tweets/counts/recent?query=from%3AXDevelopers&granularity=day` **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive the following response: ``` { "data": [ { "end": "2021-06-16T00:00:00.000Z", "start": "2021-06-15T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-06-17T00:00:00.000Z", "start": "2021-06-16T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-06-18T00:00:00.000Z", "start": "2021-06-17T00:00:00.000Z", "tweet_count": 2 }, { "end": "2021-06-19T00:00:00.000Z", "start": "2021-06-18T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-06-20T00:00:00.000Z", "start": "2021-06-19T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-06-21T00:00:00.000Z", "start": "2021-06-20T00:00:00.000Z", "tweet_count": 0 }, { "end": "2021-06-22T00:00:00.000Z", "start": "2021-06-21T00:00:00.000Z", "tweet_count": 1 }, { "end": "2021-06-23T00:00:00.000Z", "start": "2021-06-22T00:00:00.000Z", "tweet_count": 2 } ], "meta": { "total_tweet_count": 6 } } ``` # Filtered stream Source: https://docs.x.com/x-api/posts/filtered-stream get /2/tweets/search/stream Streams Posts matching the stream's active rule set. # Build a rule Source: https://docs.x.com/x-api/posts/filtered-stream/integrate/build-a-rule ## Building rules for filtered stream The filtered stream endpoints deliver filtered Posts to you in real-time that match on a set of rules that are applied to the stream. Rules are made up of operators that are used to match on a variety of Post attributes. Multiple rules can be applied to a stream using the [POST /tweets/search/stream/rules](/x-api/posts/filtered-stream#post-2-tweets-search-stream-rules) endpoint. Once you’ve added rules and connect to your stream using the [GET /tweets/search/stream](/x-api/posts/filtered-stream#get-2-tweets-search-stream) endpoint, only those Posts that match your rules will be delivered in real-time through a persistent streaming connection. You do not need to disconnect from your stream to add or remove rules.  ### Table of contents * [Building a rule](#building-a-rule) * [Rule limitations](#rule-limitations) * [Operator availability](#operator-availability) * [Operator types: standalone and conjunction-required](#operator-types-standalone-and-conjunction-required) * [Boolean operators and grouping](#boolean-operators-and-grouping) * [Order of operations](#order-of-operations) * [Punctuation, diacritics, and case sensitivity](#punctuation-diacritics-and-case-sensitivity) * [Specificity and efficiency](#specificity-and-efficiency) * [Iteratively building a rule](#iteratively-building-a-rule) * [Adding and removing rules](#adding-and-removing-rules) * [Rule examples](#rule-examples) * [List of operators](#operators) ### Building a rule #### Rule limitations Limits on the number of rules will depend on which [access level](/x-api/getting-started/about-x-api) is applied to your [Project](/resources/fundamentals/projects). You can see how these limits apply via the [filtered stream introduction](/x-api/posts/filtered-stream) page.   #### Operator availability While most operators are available to any developer, there are several that are reserved for those that have been approved for Basic, Pro, or Enterprise access levels. We list which [access level](/x-api/getting-started/about-x-api) each operator is available to in the [list of operators](#list) table using the following labels: * **Essential operators:** Available when using any access level. * **Elevated operators:** Available when using a Project with Pro, or Enterprise access.   #### Operator types: standalone and conjunction-required **Standalone operators** can be used alone or together with any other operators (including those that require conjunction). For example, the following rule will work because it uses the `#hashtag` operator, which is standalone: `#xapiv2` **Conjunction required** operators cannot be used by themselves in a rule; they can only be used when at least one standalone operator is included in the rule. This is because using these operators alone would be far too general, and would match on an extremely high volume of Posts. For example, the following rules are not supported since they contain only conjunction required operators: `has:media` `has:links OR is:retweet` If we add in a standalone operator, such as the phrase `"X data"`, the rule would then work properly.  `"X data" has:mentions (has:media OR has:links)` #### Boolean operators and grouping If you would like to string together multiple operators in a single rule, you have the following tools at your disposal: | | | | :---------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **AND logic** | Successive operators **with a space between them** will result in boolean "AND" logic, meaning that Posts will match only if both conditions are met. For example, `snow day #NoSchool` will match Posts containing the terms snow and day and the hashtag #NoSchool. | | **OR logic** | Successive operators with OR between them will result in OR logic, meaning that Posts will match if either condition is met. For example, specifying `grumpy OR cat OR #meme` will match any Posts containing at least the terms grumpy or cat, or the hashtag #meme. | | **NOT logic, negation** | Prepend a dash (-) to a keyword (or any operator) to negate it (NOT). For example, `cat #meme -grumpy` will match Posts containing the hashtag #meme and the term cat, but only if they do not contain the term grumpy. One common rule clause is `-is:retweet`, which will not match on Retweets, thus matching only on original Posts, Quote Tweets, and replies. All operators can be negated, but negated operators cannot be used alone. | | **Grouping** | You can use parentheses to group operators together. For example, `(grumpy cat) OR (#meme has:images)` will return either Posts containing the terms grumpy and cat, or Posts with images containing the hashtag #meme. Note that ANDs are applied first, then ORs are applied. | **A note on negations** All operators can be negated except for `sample:`, and `-is:nullcast` must always be negated. Negated operators cannot be used alone. Do not negate a set of operators grouped together in a set of parentheses. Instead, negate each individual operator. For example, instead of using `skiing -(snow OR day OR noschool)`, we suggest that you use `skiing -snow -day -noschool`.  #### Order of operations When combining AND and OR functionality, the following order of operations will dictate how your rule is evaluated. 1. Operators connected by AND logic are combined first 2. Then, operators connected with OR logic are applied For example: * `apple OR iphone ipad` would be evaluated as `apple OR (iphone ipad)` * `ipad iphone OR android` would be evaluated as `(iphone ipad) OR android` To eliminate uncertainty and ensure that your rule is evaluated as intended, group terms together with parentheses where appropriate.  For example: * `(apple OR iphone) ipad` * `iphone (ipad OR android)` #### Punctuation, diacritics, and case sensitivity If you specify a keyword or hashtag rule with character accents or diacritics, it will match Posts that contain the exact word with proper accents or diacritics, but not those that have the proper letters, but without the accent or diacritic.  For example, rules with the keyword `diacrítica` or hashtag `#cumpleaños` will match Posts that contain *diacrítica* or *#cumpleaños* because they include the accent or diacritic. However, these rules will not match Posts that contain *Diacritica* or *#cumpleanos* without the tilde í or eñe. Characters with accents or diacritics are treated the same as normal characters and are not treated as word boundaries. For example, a rule with the keyword *cumpleaños* would only match Posts containing the word *cumpleaños* and would not match Posts containing *cumplea*, *cumplean*, or *os*. All operators are evaluated in a case-insensitive manner. For example, the rule cat will match all of the following: *cat*, *CAT*, *Cat*. The [Search Posts](/x-api/posts/search/introduction) matching behavior acts differently from filtered stream. When [building a Search Posts query](/x-api/posts/search/integrate/build-a-query), know that keywords and hashtags that include accents or diacritics will match both the term with the accents and diacritics, as well as with normal characters.  For example, Search Posts queries that include a keyword `Diacrítica` or hashtag `#cumpleaños` will match both *Diacrítica* and *#cumpleaños*, as well as *Diacritica* or *#cumpleanos* without the tilde í or eñe. #### Specificity and efficiency When you start to build your rule, it is important to keep a few things in mind. * Using broad, standalone operators for your rule such as a single keyword or #hashtag is generally not recommended since it will likely match on a massive volume of Posts. Creating a more robust rule will result in a more specific set of matching Posts, and will hopefully reduce the amount of noise in the payload that you will need to sift through to find valuable insights.  * For example, if your rule was just the keyword `happy` you will likely get anywhere from 200,000 - 300,000 Posts per day. * Adding more conditional operators narrows your search results, for example `(happy OR happiness) place_country:GB -birthday -is:retweet` * Writing efficient rules is also beneficial for staying within the characters rule length restriction. The character count includes the entire rule string including spaces and operators. * For example, the following rule is 59 characters long: `(happy OR happiness) place_country:GB -birthday -is:retweet` #### Quote Tweet matching behavior When using the filtered stream endpoints, operators will match on both the content from the original Post that was quoted, as well as the content included in the Quote Tweet. However, please note that the [Search Posts](/x-api/posts/search/introduction) endpoints will not match on the content from the original Post that was quoted, but will match on the Quote Tweet's content. #### Iteratively building a rule ##### Test your rule early and often Getting a rule to return the "right" results the first time is rare. There is so much on X that may or may not be obvious at first and the rule syntax described above may be hard to match to your desired search. As you build a rule, it is important for you to periodically test it out with the stream endpoint to see what data it returns. You can also test with one of the [Search Post](/x-api/posts/search/introduction) endpoints, assuming the operators that you are using are also available via that endpoint.  For this section, we are going to start with the following rule and adjust it based on the results that we receive during our test:  `happy OR happiness` ##### Use results to narrow the rule As you test the rule, you should scan the returned Posts to see if they include the data that you are expecting and hoping to receive. Starting with a broad rule and a superset of Post matches allows you to review the result and narrow the rule to filter out undesired results.   When we tested the example rule, we noticed that we were getting Posts in a variety of different languages. In this situation, we want to only receive Posts that are in english, so we’re going to add the `lang:` operator: `(happy OR happiness) lang:en` The test delivered a number of Posts wishing people a happy birthday, so we are going to add `-birthday` as a negated keyword operator. We also want to only receive original Posts, so we’ve added the negated `-is:retweet` operator: `(happy OR happiness) lang:en -birthday -is:retweet` ##### Adjust for inclusion where needed If you notice that you are not receiving data that you expect and know that there are existing Posts that should return, you may need to broaden your rule by removing operators that may be filtering out the desired data.  For our example, we noticed that there were other Posts in our personal timeline that expressed the emotion that we are looking for and weren’t included in the test results. To ensure we have greater coverage, we are going to add the keywords, `excited` and `elated`. `(happy OR happiness OR excited OR elated) lang:en -birthday -is:retweet` ##### Adjust for popular trends/bursts over the time period Trends come and go on X quickly. Maintaining your rule should be an active process. If you plan to use a single rule for a while, we suggest that you periodically check in on the data that you are receiving to see if you need to make any adjustments. In our example, we notice that we started to receive some Posts that are wishing people a “happy holidays”. Since we don’t want these Posts included in our results, we are going to add a negated `-holidays` keyword. `(happy OR happiness OR excited OR elated) lang:en -birthday -is:retweet -holidays` #### Adding and removing rules You will be using the [POST /2/tweets/search/stream/rules](/x-api/posts/filtered-stream#post-2-tweets-search-stream-rules) endpoint when both adding and deleting rules from your stream. To add one or more rule to your stream, submit an `add` JSON body with an array that contains the value parameter including the rule, and the optional `tag` parameter including free-form text that you can use to [identify which returned Posts match this rule](/x-api/posts/filtered-stream#matching-returned-posts-to-their-associated-rule).  For example, if you were trying to add a set of rules to your stream, your cURL command might look like this: ```bash curl -X POST 'https://api.x.com/2/tweets/search/stream/rules' \ -H "Content-type: application/json" \ -H "Authorization: Bearer $ACCESS_TOKEN" -d \ '{ "add": [ {"value": "cat has:media", "tag": "cats with media"}, {"value": "cat has:media -grumpy", "tag": "happy cats with media"}, {"value": "meme", "tag": "funny things"}, {"value": "meme has:images"} ] }' ``` Similarly, to remove one or more rules from your stream, submit a `delete` JSON body with the array of that contains the `id` parameter including the rule IDs that you would like to delete. For example, if you were trying to remove a set of rules from your stream, your cURL command might look like this: ```bash curl -X POST 'https://api.x.com/2/tweets/search/stream/rules' \ -H "Content-type: application/json" \ -H "Authorization: Bearer $ACCESS_TOKEN" -d \ '{ "delete": { "ids": [ "1165037377523306498", "1165037377523306499" ] } }' ``` We have sample code in different languages available via our [Github](https://github.com/xdevplatform/Twitter-API-v2-sample-code/tree/master/Filtered-Stream).  #### Rule examples ##### Tracking a natural disaster The following rule matched on Posts coming from weather agencies and gauges that discuss Hurricane Harvey, which hit Houston in 2017. Notice the use of the [matching rules](/x-api/posts/filtered-stream#matching-returned-posts-to-their-associated-rule) tag, and the JSON format that you will need to use when submitting the rule to the [POST /2/tweets/search/stream/rules endpoint](/x-api/posts/filtered-stream#post-2-tweets-search-stream-rules). ```json { "value": "-is:retweet has:geo (from:NWSNHC OR from:NHC_Atlantic OR from:NWSHouston OR from:NWSSanAntonio OR from:USGS_TexasRain OR from:USGS_TexasFlood OR from:JeffLindner1)", "tag": "theme:info has:geo original from weather agencies and gauges" } ``` ##### Reviewing the sentiment of a conversation The next rule could be used to better understand the sentiment of the conversation developing around the hashtag, *#nowplaying*, but only from Posts published within North America. ```json { "value": "#nowplaying (happy OR exciting OR excited OR favorite OR fav OR amazing OR lovely OR incredible) (place_country:US OR place_country:MX OR place_country:CA) -horrible -worst -sucks -bad -disappointing", "tag": "#nowplaying positive" }, { "value": "#nowplaying (horrible OR worst OR sucks OR bad OR disappointing) (place_country:US OR place_country:MX OR place_country:CA) -happy -exciting -excited -favorite -fav -amazing -lovely -incredible", "tag": "#nowplaying negative" } ``` ##### Find Posts that relate to a specific Post annotation This rule was built to search for original Posts that included an image of a pet that is not a cat, where the language identified in the Post is Japanese. To do this, we used the `context:` operator to take advantage of the [Post annotation](/x-api/fundamentals/post-annotations) functionality. We first used the [Post lookup](/x-api/posts/lookup/introduction) endpoint and the `tweet.fields=context_annotations` fields parameter to identify which domain.entity IDs we need to use in our query: * Posts that relate to cats return `domain` 66 (Interests and Hobbies category) with `entity` 852262932607926273 (Cats).  * Posts that relate to pets return `domain` 65 (Interests and Hobbies Vertical) with `entity` 852262932607926273 (Pets).    Here is what the rule would look like: ```json { "value": "context:65.852262932607926273 -context:66.852262932607926273 -is:retweet has:images lang:ja", "tag": "Japanese pets with images - no cats" } ``` ### Operators * **Essential:** Available when using any access level. * **Elevated:** Available when using a Project with Pro, or Enterprise access. * For some operators, an alternate name, or alias, is available. | **Operator** | **Type** | **Availability** | **Description** | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | :---------------------- | :------------------- | :--------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------ | ------ | - | - | ------ | ------- | ---- | ------ | ------ | ---- | ------ | -------- | ---- | ------ | ------ | ---- | ------ | ------- | ---- | ------ | ------- | ---- | ------ | --------- | ---- | ------ | ------- | ---- | ------ | -------- | ---- | ------ | ------- | ---- | ------ | ----- | ---- | ------ | ------ | ---- | ------ | ----- | ---- | ------ | ------- | ---- | ------ | -------- | ---- | ------ | ------- | ---- | ------ | ------ | ---- | ------ | -------- | ---- | ------ | ------ | ---- | ------ | ----- | ---- | ------ | -------- | ---- | ------ | -------------- | ---- | ------ | ------ | ---- | ------ | ----- | ---- | ------ | --------------- | --------- | ------ | --------- | ---- | ------ | --------- | ---- | ------ | ---------- | ---- | ------ | ------- | ---- | ------ | -------- | ---- | ------ | ------- | ---- | ------ | ----- | ---- | ------ | ------ | ---- | ------ | --- | ---- | ------ | ------- | ---- | ------ | ---------- | ---- | ------ | --------- | ---- | ------ | --------- | ---- | ------ | ------- | ---- | ------ | ------ | ---- | ------ | --------- | ---- | ------ | ----- | ---- | ------ | ------- | ---- | ------ | ------ | ---- | ------ | ------- | ---- | ------ | ------ | ---- | ------ | ---------- | ---- | ------ | -------- | ---- | ------ | ------- | ---- | ------ | ------- | ---- | ------ | ------------------ | ------- | ------ | ------ | ---- | ------ | ------- | ---- | ------ | ------ | ---- | ------ | --------- | ---- | ------ | -------------- | ----- | ------ | ------- | ---- | ------ | ------- | ---- | ------ | ------- | ---- | ------ | ----- | ---- | ------ | ------ | ---- | ------ | ---- | ---- | ------ | ------- | ---- | ------ | ------------------- | ------- | ------ | ------- | ---- | ------ | --------- | ---- | ------ | ---- | ---- | ------ | ------ | ---- | ------ | ---------- | ---- | ------ | ----- | ---- | - | | `keyword` | Standalone | Essential | Matches a keyword within the body of a Post. This is a tokenized match, meaning that your keyword string will be matched against the tokenized text of the Post body. Tokenization splits words based on punctuation, symbols, and Unicode basic plane separator characters.
For example, a Post with the text “I like coca-cola” would be split into the following tokens: I, like, coca, cola. These tokens would then be compared to the keyword string used in your rule. To match strings containing punctuation (for example, coca-cola), symbol, or separator characters, you must wrap your keyword in double-quotes.

Example: `pepsi OR cola OR "coca cola"` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `emoji` | Standalone | Essential | Matches an emoji within the body of a Post. Similar to a keyword, emojis are a tokenized match, meaning that your emoji will be matched against the tokenized text of the Post body.

Note that if an emoji has a variant, you must wrap it in double quotes to add to a rule.

Example: `(😃 OR 😡) 😬` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `"exact phrase match"` | Standalone | Essential | Matches the exact phrase within the body of a Post.

Example: `("X API" OR #v2) -"filtered stream"` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `#` | Standalone | Essential | Matches any Post containing a recognized hashtag, if the hashtag is a recognized entity in a Post.

This operator performs an exact match, NOT a tokenized match, meaning the rule `#thanku` will match posts with the exact hashtag #thanku, but not those with the hashtag #thankunext.

Example: `#thankunext #fanart OR @arianagrande` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `@` | Standalone | Essential | Matches any Post that mentions the given username, if the username is a recognized entity (including the @ character).

Example: `(@XDevelopers OR @api) -@x` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `$` | Standalone | Essential | Matches any Post that contains the specified 'cashtag' (where the leading character of the token is the \$ character).

Note that the cashtag operator relies on X's 'symbols' entity extraction to match cashtags, rather than trying to extract the cashtag from the body itself.

Example: `$twtr OR @XDevelopers -$fb` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `from:` | Standalone | Essential | Matches any Post from a specific user.
The value can be either the username (excluding the @ character) or the user's numeric user ID.

You can only pass a single username/ID `from:` operator.

Example: `from:XDevelopers OR from:api -from:X` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `to:` | Standalone | Essential | Matches any Post that is in reply to a particular user.
The value can be either the username (excluding the @ character) or the user's numeric user ID.

You can only pass a single username/ID per `to:` operator.

Example: `to:XDevelopers OR to:api -to:x` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `url:` | Standalone | Essential | Performs a tokenized match on any validly-formatted URL of a Post.

This operator can match on the contents of both the `url` or `expanded_url` fields. For example, a Post containing "You should check out X Developer Labs: [https://t.co/c0A36SWil4](https://t.co/c0A36SWil4)" (with the short URL redirecting to [https://developer.x.com](https://developer.x.com)) will match both the following rules:

`from:XDevelopers url:"https://developer.x.com"`
(because it will match the contents of `entities.urls.expanded_url`)

`from:XDevelopers url:"https://t.co"`
(because it will match the contents of `entities.urls.url`)

Tokens and phrases containing punctuation or special characters should be double-quoted (for example, `url:"/developer"`). Similarly, to match on a specific protocol, enclose in double-quotes (for example, `url:"https://developer.x.com"`).

You can only pass a single URL per `url:` operator. | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `retweets_of:` | Standalone | Essential | *Available alias:* `retweets_of_user:`
Matches Posts that are Retweets of the specified user. The value can be either the username (excluding the @ character) or the user's numeric user ID.

You can only pass a single username/ID per `retweets_of:` operator.

Example: `retweets_of:XDevelopers OR retweets_of:twitterapi`
See [HERE](/x-api/users/lookup/introduction) for methods for looking up numeric X Account IDs. | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `context:` | Standalone | Essential | Matches Posts with a specific domain id and/or domain id, entity id pair where \* represents a wildcard. To learn more about this operator, please visit our page on [Post annotations](/x-api/fundamentals/post-annotations).

You can only pass a single domain/entity per `context:` operator.

`context:domain_id.entity_id`
`context:domain_id.*`
`context:*.entity_id`

Examples:
`context:10.799022225751871488`
(`domain_id.entity_id` returns Posts matching that specific domain-entity pair)

`context:47.*`
(`domain_id.*` returns Posts matching that domain ID, with any domain-entity pair)

`context:*.799022225751871488`
(`*.entity_id` returns Posts matching that entity ID, with any domain-entity pair) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `entity:` | Standalone | Essential | Matches Posts with a specific entity string value. To learn more about this operator, please visit our page on [annotations](/x-api/fundamentals/post-annotations).

You can only pass a single entity per `entity:` operator.

`entity:"string declaration of entity/place"`

Examples: `entity:"Michael Jordan" OR entity:"Barcelona"` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `conversation_id:` | Standalone | Essential | Matches Posts that share a common conversation ID. A conversation ID is set to the Post ID of a Post that started a conversation. As Replies to a Post are posted, even Replies to Replies, the `conversation_id` is added to its JSON payload.

You can only pass a single conversation ID per `conversation_id:` operator.

Example: `conversation_id:1334987486343299072 (from:XDevelopers OR from:api)` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `bio:` | Standalone | Essential | *Available alias:* `user_bio:`
Matches a keyword or phrase within the Post publisher's bio. This is a tokenized match within the contents of the `description` field within the [User object](/x-api/fundamentals/data-dictionary#user).

Example: `bio:developer OR bio:"data engineer" OR bio:academic` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `bio_name:` | Standalone | Essential | Matches a keyword within the Post publisher's user bio name. This is a tokenized match within the contents of a user's "name" field within the [User object](/x-api/fundamentals/data-dictionary#user).

Example: `bio_name:phd OR bio_name:md` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `bio_location:` | Standalone | Essential | *Available alias:* `user_bio_location:`
Matches Posts that are published by users whose location contains the specified keyword or phrase. This operator performs a tokenized match, similar to the normal keyword rules on the message body.

This location is part of the [User object](/x-api/fundamentals/data-dictionary#user), matches on the 'location' field, and is a non-normalized, user-generated, free-form string. It is also different from a Post's location (see `place:`).

Example: `bio_location:"big apple" OR bio_location:nyc OR bio_location:manhattan` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `place:` | Standalone | Elevated | Matches Posts tagged with the specified location or X place ID. Multi-word place names (“New York City”, “Palo Alto”) should be enclosed in quotes.

You can only pass a single place per `place:` operator.

Note: See the [GET geo/search](https://developer.x.com/content/developer-twitter/en/docs/geo/places-near-location/api-reference/get-geo-search) standard v1.1 endpoint for how to obtain X place IDs.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `place:"new york city" OR place:seattle OR place:fd70c22040963ac7` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `place_country:` | Standalone | Elevated | Matches Posts where the country code associated with a tagged place/location matches the given ISO alpha-2 character code.

You can find a list of valid ISO codes on [Wikipedia](http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).

You can only pass a single ISO code per `place_country:` operator.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `place_country:US OR place_country:MX OR place_country:CA` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `point_radius:` | Standalone | Elevated | Matches against the `place.geo.coordinates` object of the Post when present, and in X, against a place geo polygon, where the Place polygon is fully contained within the defined region.

`point_radius:[longitude latitude radius]`

- Units of radius supported are miles (mi) and kilometers (km)
- Radius must be less than 25mi
- Longitude is in the range of ±180
- Latitude is in the range of ±90
- All coordinates are in decimal degrees
- Rule arguments are contained within brackets, space delimited

You can only pass a single geo polygon per `point_radius:` operator.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `point_radius:[2.355128 48.861118 16km] OR point_radius:[-41.287336 174.761070 20mi]` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `bounding_box:` | Standalone | Elevated | *Available alias:* `geo_bounding_box:`
Matches against the place.geo.coordinates object of the Post when present, and in X, against a place geo polygon, where the place polygon is fully contained within the defined region.

`bounding_box:[west_long south_lat east_long north_lat]`

- `west_long south_lat` represent the southwest corner of the bounding box where `west_long` is the longitude of that point, and `south_lat` is the latitude.
- `east_long north_lat` represent the northeast corner of the bounding box, where `east_long` is the longitude of that point, and `north_lat` is the latitude.
- Width and height of the bounding box must be less than 25mi
- Longitude is in the range of ±180
- Latitude is in the range of ±90
- All coordinates are in decimal degrees.
- Rule arguments are contained within brackets, space delimited.

You can only pass a single geo polygon per `bounding_box:` operator.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `bounding_box:[-105.301758 39.964069 -105.178505 40.09455]` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `is:retweet` | Conjunction required | Essential | Matches on Retweets that match the rest of the specified rule. This operator looks only for true Retweets (for example, those generated using the Retweet button). Quote Tweets will not be matched by this operator.

Example: `data @XDevelopers -is:retweet` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `is:reply` | Conjunction required | Essential | Deliver only explicit replies that match a rule. Can also be negated to exclude replies that match a rule from delivery.

When used with the filtered stream, this operator matches on replies to an original Post, replies in quoted Posts, and replies in Retweets.

Example: `from:XDevelopers is:reply` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `is:quote` | Conjunction required | Essential | Returns all Quote Tweets, also known as Posts with comments.

Example: `"sentiment analysis" is:quote` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `is:verified` | Conjunction required | Essential | Deliver only Posts whose authors are verified by X.

Example: `#nowplaying is:verified` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `-is:nullcast` | Conjunction required | Elevated | Removes Posts created for promotion only on ads.twitter.com that have a `source:"Twitter for Advertisers (legacy)"` or `source:"Twitter for Advertisers".`
This operator must be negated.

For more info on Nullcasted Posts, see our page on [Post availability](https://developer.x.com/content/developer-twitter/en/docs/twitter-api/v1/tweets/post-and-engage/guides/tweet-availability).

Example: `"mobile games" -is:nullcast` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:hashtags` | Conjunction required | Essential | Matches Posts that contain at least one hashtag.

Example: `from:XDevelopers -has:hashtags` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:cashtags` | Conjunction required | Essential | Matches Posts that contain a cashtag symbol (with a leading '$' character. For example, `$tag`).

Example: `#stonks has:cashtags\` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:links` | Conjunction required | Essential | This operator matches Posts which contain links and media in the Post body.

Example: `from:XDevelopers announcement has:links` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:mentions` | Conjunction required | Essential | Matches Posts that mention another X user.

Example: `#nowplaying has:mentions` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:media` | Conjunction required | Essential | *Available alias:* `has:media_link`
Matches Posts that contain a media object, such as a photo, GIF, or video, as determined by X. This will not match on media created with Periscope, or Posts with links to other media hosting sites.

Example: `(kittens OR puppies) has:media` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:images` | Conjunction required | Essential | Matches Posts that contain a recognized URL to an image.

Example: `#meme has:images` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:video_link` | Conjunction required | Essential | *Available alias:* `has:videos`
Matches Posts that contain native X videos, uploaded directly to X. This will not match on videos created with Periscope, or Posts with links to other video hosting sites.

Example: `#icebucketchallenge has:video_link` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `has:geo` | Conjunction required | Essential | Matches Posts that have Post-specific geolocation data provided by the X user. This can be either a location in the form of a X place, with the corresponding display name, geo polygon, and other fields, or in rare cases, a geo lat-long coordinate.

Note: Operators matching on place (Post geo) will only include matches from original posts. Retweets do not contain any place data.

Example: `recommend #paris has:geo -bakery` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `sample:` | Conjunction required | Essential | Returns a random percent sample of Posts that match a rule rather than the entire set of Posts. The percent value must be represented by an integer between 1 and 100 (for example, `sample:10` will return a random 10% sample).

This operator first reduces the scope of the stream to the percentage you specified, then the rule/filter is applied to that sampled subset. In other words, if you are using, for example, `sample:10`, each Post will have a 10% chance of being in the sample.

This operator applies to the entire rule and requires all OR'd terms to be grouped.

Example: `#nowplaying @spotify sample:15` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `lang:` | Conjunction required | Essential | Matches Posts that have been classified by X as being of a particular language (if, and only if, the post has been classified). It is important to note that each Post is currently only classified as being of one language, so AND’ing together multiple languages will yield no results.

You can only pass a single BCP 47 language identifier per `lang:` operator.

Note: if no language classification can be made the provided result is 'und' (for undefined).

Example: `recommend #paris lang:en`

The list below represents the currently supported languages and their corresponding BCP 47 language identifier:

| Language | BCP 47 |
| - | - |
| Amharic | `am` |
| Arabic | `ar` |
| Armenian | `hy` |
| Basque | `eu` |
| Bengali | `bn` |
| Bosnian | `bs` |
| Bulgarian | `bg` |
| Burmese | `my` |
| Croatian | `hr` |
| Catalan | `ca` |
| Czech | `cs` |
| Danish | `da` |
| Dutch | `nl` |
| English | `en` |
| Estonian | `et` |
| Finnish | `fi` |
| French | `fr` |
| Georgian | `ka` |
| German | `de` |
| Greek | `el` |
| Gujarati | `gu` |
| Haitian Creole | `ht` |
| Hebrew | `iw` |
| Hindi | `hi` |
| Latinized Hindi | `hi-Latn` |
| Hungarian | `hu` |
| Icelandic | `is` |
| Indonesian | `in` |
| Italian | `it` |
| Japanese | `ja` |
| Kannada | `kn` |
| Khmer | `km` |
| Korean | `ko` |
| Lao | `lo` |
| Latvian | `lv` |
| Lithuanian | `lt` |
| Malayalam | `ml` |
| Maldivian | `dv` |
| Marathi | `mr` |
| Nepali | `ne` |
| Norwegian | `no` |
| Oriya | `or` |
| Panjabi | `pa` |
| Pashto | `ps` |
| Persian | `fa` |
| Polish | `pl` |
| Portuguese | `pt` |
| Romanian | `ro` |
| Russian | `ru` |
| Serbian | `sr` |
| Simplified Chinese | `zh-CN` |
| Sindhi | `sd` |
| Sinhala | `si` |
| Slovak | `sk` |
| Slovenian | `sl` |
| Sorani Kurdish | `ckb` |
| Spanish | `es` |
| Swedish | `sv` |
| Tagalog | `tl` |
| Tamil | `ta` |
| Telugu | `te` |
| Thai | `th` |
| Tibetan | `bo` |
| Traditional Chinese | `zh-TW` |
| Turkish | `tr` |
| Ukrainian | `uk` |
| Urdu | `ur` |
| Uyghur | `ug` |
| Vietnamese | `vi` |
| Welsh | `cy` | | | `followers_count:` | | Essential | Matches Posts when the author has a followers count within the given range.
If a single number is specified, any number equal to or higher will match.

Example: `followers_count:500`

Additionally, a range can be specified to match any number in the given range.

Example: `followers_count:1000..10000` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `tweets_count:` | | Essential | *Available alias:* `statuses_count:`
Matches Posts when the author has posted a number of Posts that falls within the given range.
If a single number is specified, any number equal to or higher will match.

Example: `tweets_count:1000`

Additionally, a range can be specified to match any number in the given range.

Example: `tweets_count:1000..10000` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `following_count:` | | Essential | *Available alias:* `friends_count:`
Matches Posts when the author has a friends count (the number of users they follow) that falls within the given range.
If a single number is specified, any number equal to or higher will match.

Example: `following_count:500`

Additionally, a range can be specified to match any number in the given range.

Example: `following_count:1000..10000` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `listed_count:` | | Essential | *Available alias:* `user_in_lists_count:`
Matches Posts when the author is included in the specified number of Lists.
If a single number is specified, any number equal to or higher will match.

Example: `listed_count:10`

Additionally, a range can be specified to match any number in the given range.

Example: `listed_count:10..100` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `url_title:` | | Essential | *Available alias:* `within_url_title:`
Performs a keyword/phrase match on the expanded URL HTML title metadata.

Example: `url_title:snow` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `url_description:` | | Essential | *Available alias:* `within_url_description:`
Performs a keyword/phrase match on the expanded page description metadata.

Example: `url_description:weather` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `url_contains:` | | Essential | Matches Posts with URLs that literally contain the given phrase or keyword. To search for patterns with punctuation in them (i.e., google.com) enclose the search term in quotes.
NOTE: This will match against the expanded URL as well.

Example: `url_contains:photos` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `source:` | | Essential | Matches any Post generated by the given source application. The value must be either the name of the application or the application's URL. Cannot be used alone.

Example: `source:"X for iPhone"`

Note: As an X app developer, Posts created programmatically by your application will have the source of your application Name and Website URL set in your [app settings](/resources/fundamentals/developer-apps#app-management). | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `in_reply_to_tweet_id:` | | Essential | *Available alias:* `in_reply_to_status_id:`
Deliver only explicit Replies to the specified Post.

Example: `in_reply_to_tweet_id:1539382664746020864` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `retweets_of_tweet_id:` | | Essential | *Available alias:* `retweets_of_status_id:`
Deliver only explicit (or native) Retweets of the specified Post. Note that the status ID used should be the ID of an original Post and not a Retweet.

Example: `retweets_of_tweet_id:1539382664746020864` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Consuming streaming data Source: https://docs.x.com/x-api/posts/filtered-stream/integrate/consuming-streaming-data ### Building a client to consume streaming data When using a streaming endpoint, there are some general best practices to consider in order to optimize usage.     #### Client design When building a solution with the filter stream endpoint, you will need a client that can do the following: 1. Establish an HTTPS streaming connection to the filter stream endpoint. 2. Asynchronously send POST requests to the filter stream rules endpoint to add and delete rules from the stream. 3. Handle low data volumes – Maintain the streaming connection, detecting Post objects and keep-alive signals 4. Handle high data volumes – de-couple stream ingestion from additional processing using asynchronous processes, and ensure client side buffers are flushed regularly. 5. Manage volume consumption tracking on the client side. 6. Detect stream disconnections, evaluate and reconnect to the stream automatically.   #### Connecting to a streaming endpoint Establishing a connection to X API v2 streaming endpoints means making a very long lived HTTP request, and parsing the response incrementally. Conceptually, you can think of it as downloading an infinitely long file over HTTP.  Once a connection has been established, the X server will deliver Post events through the connection as long as the connection is open.   #### Consuming data in real time Note that the individual fields of JSON objects are not ordered, and not all fields will be present in all circumstances. Similarly, separate activities are not delivered in sorted order, and duplicate messages may be encountered. Keep in mind that over time, new message types may be added and sent through the stream. Thus, your client must tolerate: * Fields appearing in any order * Unexpected or missing fields * Non-sorted Posts * Duplicate messages * New arbitrary message types coming down the stream at any time In addition to relevant Post data and requested field parameters, the following kinds of messages may be delivered on a stream connection. Note that this list may not be comprehensive—additional objects may be introduced into streams. Ensure that your parser is tolerant of unexpected message formats.   #### Buffering  The streaming endpoints will send data to you as quickly as it becomes available, which can result in high volumes in many cases. If the X server cannot write new data to the stream right away (for example if your client is not reading fast enough, see [handling disconnections](/x-api/posts/filtered-stream#what-is-a-disconnection) for more), it will buffer the content on its end to allow your client to catch up. However, when this buffer is full, a forced disconnect will be initiated to drop the connection, and the buffered Posts will be dropped and not resent. See below for more details. One way to identify times where your app is falling behind is to compare the timestamp of the Posts being received with the current time, and track this over time. Although stream backups cannot ever be completely eliminated due to potential latency and hiccups over the public internet, they can be largely eliminated through proper configuration of your app. To minimize the occurrence of backups: * Ensure that your client is reading the stream fast enough. Typically you should not do any real processing work as you read the stream. Read the stream and hand the activity to another thread/process/data store to do your processing asynchronously. * Ensure that your data center has inbound bandwidth sufficient to accomodate large sustained data volumes as well as significantly larger spikes (e.g. 5-10x normal volume). For filtered stream, the volume and corresponding bandwidth required on your end are wholly dependent on what Posts your rules are matching.   #### Usage tracking and rule management As developers expectations around what “normal” data volume should be for their streams, we do not have a general recommendation for a specific percentage decrease/increase or period of time.  Consider monitoring your stream data volumes for unexpected deviations. A data volume decrease may be symptomatic of a different issue than a stream disconnection. In such a situation, a stream would still be receiving the keep-alive signal and probably some new activity data. However, a significantly decreased number of Posts should lead you to investigate whether there is anything causing the decrease in inbound data volume to your application or network, check the [status page](https://api.twitterstat.us/) for any related notices. To create such monitoring, you could track the number of new Posts you expect to see in a set amount of time. If a stream’s data volume falls far enough below the specified threshold, and does not recover within a set period of time, then alerts and notifications should be initiated. You may also want to monitor for a large increase in data volume, particularly if you are in the process of modifying rules in a filtered stream, or if an event occurs that produces a spike in Post activity. It's important to note that Posts delivered through filtered stream do count towards the total monthly Post volume, and you should track and adjust consumption in order to optimize.  If volume is high, consider adding a sample: operator to each of your rules to reduce from 100% matching to sample:50 or sample:25 when necessary. Additionally, we encourage you to implement measures within your app that will alert your team if the volume passes a pre-set threshold, and to possibly introduce other measures such as automated deletion of rules that are bringing in too much data, or disconnecting from the stream completely in extreme circumstances.   #### Responding to system messages Keep-alive signals At least every 20 seconds, the stream will send a keep-alive signal, or heartbeat in the form of an \r\n carriage return through the open connection to prevent your client from timing out. Your client application should be tolerant of the \r\n characters in the stream. If your client properly implements a read timeout on your HTTP library, your app will be able to rely on the HTTP protocol and your HTTP library to throw an event if no data is read within this period, and you will not need to explicitly monitor for the \r\n character. This event will typically be an exception being thrown or some other event depending on the HTTP library used. It is highly recommended to wrap your HTTP methods with error/event handlers to detect these timeouts. On timeout, your application should attempt to reconnect. Error messages The v2 streaming endpoints may also deliver in stream error messages. Provided below is the basic format of these messages, along with some examples. Please note that the messages delivered could change, with new message being introduced. Client applications need to be tolerant of changing system message payloads. Note that error messages will link to the documentation describing how to solve the problem. Message format: ```{ "errors": [{ "title": "operational-disconnect", "disconnect_type": "UpstreamOperationalDisconnect", "detail": "This stream has been disconnected upstream for operational reasons.", "type": "https://api.x.com/2/problems/operational-disconnect" }] } ``` Note that error messages indicating a force disconnect for a full buffer may never get to your client, if the backup which caused the force disconnect prevents it from getting through. Accordingly, your app should not depend on these messages to initiate a reconnect. # Handling disconnections Source: https://docs.x.com/x-api/posts/filtered-stream/integrate/handling-disconnections ### What is a disconnection? Establishing a connection to the streaming APIs means making a very long lived HTTPS request, and parsing the response incrementally. When connecting to the filtered stream endpoint, you should form a HTTPS request and consume the resulting stream for as long as is practical. Our servers will hold the connection open indefinitely, barring server-side error, excessive client-side lag, network issues, routine server maintenance, or duplicate logins. With connections to streaming endpoints, it is likely, and should be expected, that disconnections will take place and reconnection logic built.   #### Why a streaming connection might be disconnected Your stream can disconnect for a number of reasons. Inspect the error message returned by the stream to understand the reason for the failure. Possible reasons for disconnections are as follows: * An authentication error (such as a wrong token or a wrong authentication method being used). * A streaming server is restarted on the X side. This is usually related to a code deploy and should be generally expected and designed around. * Your client is not keeping up with the volume of Posts the stream is delivering or is reading data too slowly. Every streaming connection is backed by a queue of messages to be sent to the client. If this queue grows too large over time, the connection will be closed. * Your account exceeded your daily/monthly quota of Posts. * You have too many active redundant connections. * A client stops reading data suddenly. If the rate of Posts being read off of the stream drops suddenly, the connection will be closed. * Possible networking issues between server and client * A temporary server side issue, scheduled maintenance and updates. (Check the [status page](https://api.twitterstat.us/))   #### Common disconnection errors include:  ```{ "errors": [{ "title": "operational-disconnect", "disconnect_type": "UpstreamOperationalDisconnect", "detail": "This stream has been disconnected upstream for operational reasons.", "type": "https://api.x.com/2/problems/operational-disconnect" }] } ``` ``` { "title": "ConnectionException", "detail": "This stream is currently at the maximum allowed connection limit.", "connection_issue": "TooManyConnections", "type": "https://api.x.com/2/problems/streaming-connection" } ``` #### Anticipating disconnects and reconnecting When streaming Posts, the goal is to stay connected for as long as possible, recognizing that disconnects may occur. The endpoint provides a 20-second keep alive heartbeat (it will look like a new line character). Use this signal to detect if you’re being disconnected. 1. Your code should detect when fresh content and the heartbeat stop arriving. 2. If that happens, your code should trigger a reconnection logic. Some clients and languages allow you to specify a read timeout, which you can set to 20 seconds. 3. Your service should detect these disconnections and reconnect as soon as possible. Once an established connection drops, attempt to reconnect immediately. If the reconnect fails, slow down your reconnect attempts according to the type of error experienced: * Back off linearly for TCP/IP level network errors. These problems are generally temporary and tend to clear quickly. Increase the delay in reconnects by 250ms each attempt, up to 16 seconds. * Back off exponentially for HTTP errors for which reconnecting would be appropriate. Start with a 5 second wait, doubling each attempt, up to 320 seconds. * Back off exponentially for HTTP 429 errors Rate limit exceeded. Start with a 1 minute wait and double each attempt. Note that every HTTP 429 received increases the time you must wait until rate limiting will no longer be in effect for your account.   #### Recovering lost data If you do experience a disconnect, there are some different strategies that you can use to ensure that you receive all of the data that you might have missed. We've documented some key steps that you can take to recover missed data on our integration guide on [recovering data](/x-api/posts/filtered-stream/integrate/recovery-and-redundancy-features).    #### Rate limits and usage To check connection limits response will return three headers. This is useful to understand how many times you can use the rule endpoint, and how many reconnections attempts are allowed for the streaming endpoint. * x-rate-limit-limit indicates the number of allotted requests your client is allowed to make during the 15-minute window. * x-rate-limit-remaining indicates the number of requests made so far in the 15-minute window. * x-rate-limit-reset is a UNIX timestamp indicating when the 15-minute window will restart, resetting x-rate-limit-remaining to 0. The filter stream endpoint does not currently report usage data. To check how many Posts have been delivered, your code can implement a metering logic, so that consumption can be measured and paused if needed.  Your code that hosts the client side of the stream simply inserts incoming Posts into a first in, first out (FIFO) queue, or a similar memory structure; a separate process/thread should consume Posts from that queue to parse and prepare content for storage. With this design, you can implement a service that can scale efficiently in case incoming Post volumes changes dramatically. Conceptually, you can think of it as downloading an infinitely long file over HTTP. #### Reconnection best practices **Test backoff strategies** A good way to test a backoff implementation is to use invalid authorization credentials and examine the reconnect attempts. A good implementation will not get any 429 responses. **Issue alerts for multiple reconnects** If a client reaches its upper threshold of its time between reconnects, it should send you notifications so you can triage the issues affecting your connection. **Handle DNS changes** Test that your client process honors the DNS Time To live (TTL). Some stacks will cache a resolved address for the duration of the process and will not pick up DNS changes within the prescribed TTL. Such aggressive caching will lead to service disruptions on your client as X shifts load between IP addresses. **User Agent** Ensure your user-agent HTTP header includes the client’s version. This will be critical in diagnosing issues on X's end. If your environment precludes setting the user-agent field, then set an x-user-agent header. # Handling high-volume capacity Source: https://docs.x.com/x-api/posts/filtered-stream/integrate/handling-high-volume-capacity ### How to plan for high-volume social data events Major national and global events are often accompanied by dramatic spikes in user activity across social media platforms. Sometimes these events are known about in advance, like the Super Bowl, political elections, and New Year’s celebrations around the world. Other times, the spikes in volume are due to unexpected happenings such as natural disasters, unplanned political events, pop culture moments, or health pandemics like COVID-19. These bursts of user activity may sometimes be short-lived (measured in seconds), or they may even be sustained over several minutes’ time. No matter their origin, it is important to consider the impact that they can have on applications consuming real-time data from X. Here are some best practices that will help your team prepare for high-volume social data events. #### Review your current filtered stream rules * Certain keywords can skyrocket during high volume events, such as brand mentions when a brand sponsors a major sporting event. * Be careful to avoid any unnecessary or overly generic rules that may generate unnecessary activity volumes. * Consider communicating with your clients prior to known high-volume events to help them plan appropriately.   #### Stress test your application Anticipate that burst volumes may reach 5-10x average daily consumption levels. Depending on your rule set, the increase may be much higher. #### Understand delivery caps for connections Flow and delivery caps are based on levels of access. This results in a static volume of delivered results for streams. * **Academic**: 250 Posts/second * **Enterprise**: Posts/second is set at access level #### Optimize to stay connected With real-time streams, staying connected is essential to avoid missing data. Your client application should be able to detect a disconnect and have logic to immediately retry its connection, using an exponential backoff if the reconnect attempt fails.   #### Add built-in buffering on your end Building a multi-threaded application is a key strategy for handling high-volume streams. At a high-level, a best practice for managing data streams is to have a separate thread/process that establishes the streaming connection and then writes received JSON activities to a memory structure or a buffered stream reader. This ‘light-weight’ stream processing thread is responsible for handling incoming data, which can be buffered in memory, growing and shrinking as needed. Then a different thread consumes that hash and does the ‘heavy lifting’ of parsing the JSON, preparing database writes, or whatever else your application needs to do.   #### Global events = global time zones The events may occur after business hours or over the weekend, so be sure that your team is prepared for spikes to occur outside your normal business hours. # Matching Posts to Rules Source: https://docs.x.com/x-api/posts/filtered-stream/integrate/matching-returned-tweets ### Matching returned Posts to their associated rule The filtered stream endpoint gives you the ability to have multiple rules in place through a single connection. Before you start receiving Posts in your stream, you’ll need to create a rule which specifies what types of Posts you’re interested in.  When you specify your rules to match Posts based on a wide variety of attributes, including user attributes, geo-location, language, and many others, you can attach a tag to distinguish this rule at a higher level. Tags are a good way to contextualize your rule, especially if you have many rules in place. The filtering rules determine which Post activities will be sent through the connection. If you need to add a new filtering rule to capture a different type of Post, or remove an existing rule, your app can send a request to the [POST tweets/search/stream/rules](/x-api/posts/filtered-stream#post-2-tweets-search-stream-rules) endpoint to make it happen. When that request is sent, the filtering rules are automatically modified and the changes simply take effect in the data stream with no need to reconnect. Most rule additions take effect  about 20 seconds or less. It’s unlikely, but depending on external factors (for example, network connectivity), it may take longer before you start receiving matching Posts. If you can’t find a rule in the list rule endpoint, make sure that the rule creation request succeeded; this can be done by checking your logs for any error messages. #### Matching rules When an activity is delivered through your filtered stream connection, in a matching\_rules array, it contains which list of filters matched against the Post delivered. In the Post payload there is additional string metadata which includes the rule id and tag that caused a specific Post to be delivered. If multiple rules match a single Post, the activity is delivered a single time with each of the matching rules included in this metadata. The matching rules provide an easy way to associate a specific Post with specific rules, which is especially helpful if you have many distinct rules. Since the data is delivered through a single stream in this manner, ensuring you have unique id and tag is essential for matching.  **Here is an example of how the ”matching\_rules” array appears in the Post payload:**   ```"matching_rules": [ { "id": "1166916266197536768", "tag": "test-rule-tag-00000" }, { "id": "1166916266197536769", "tag": "test-rule-tag-12345" } ] ``` #### Rule tags At the time they are created, each filtering rule may be created with a tag. Rule tags have no special meaning as they are simply treated as opaque strings carried along with a rule. They will be included in the matching\_rules metadata in activities returned, and are aimed at making distinguishing your rules easier at a higher level.  Tags provide an easy way to create logical groupings of filtering rules. For example, you may generate a unique ID for a specific rule as its tag, and allow your app to reference that ID within activities it processes to associate a result with specific customers, campaigns, categories, or other related groups. Note that tags cannot be updated on an existing rule and can only be included when a rule is created. In order to “update” or “rename” a tag, you need to first delete the rule, then add it again with the desired tag. The best solution is to simply use a unique identifier as your tag, which your system can associate with various other data points within your own app, all without having to change anything in the rule set. ### Filtered stream - Recovery and redundancy features Note:These recovery and redundancy features are only available to those that have Enterprise access. # Recovery and redundancy Source: https://docs.x.com/x-api/posts/filtered-stream/integrate/recovery-and-redundancy-features #### Introduction When consuming realtime data, maximizing your connection time and receiving all matched data is a fundamental goal. This means that it is important to take advantage of redundant connections, automatically detect disconnections, to reconnect quickly, and to have a plan for recovering lost data. In this integration guide, we will discuss different recovery and redundancy features: redundant connections, backfill, and recovery.   **Redundant connections** A redundant connection simply allows you to establish more than one simultaneous connections to the filtered stream. This provides redundancy by allowing you to connect to the same stream with two separate consumers, receiving the same data through both connections. Thus, your app has a hot failover for various situations such as if one stream is disconnected or if your application's primary server fails. Filtered stream currently only allows Projects with Enterprise access to connect to up to two redundant connections. To use a redundant stream, simply connect to the same URL used for your primary connection. The data for your stream will be sent through both connections. #### Recovering missed data after a disconnection: Backfill After you've detected a disconnection, your system should be smart enough to reconnect to the stream. If possible, your system should take note of how long the disconnection lasted so that you can use the proper recovery feature to backfill the data.  If you are using a Project with Enterprise access and identified that the disconnection lasted five minutes or less, you can use the backfill parameter, backfill\_minutes. If you pass this parameter with your [GET /tweets/search/stream](/x-api/posts/filtered-stream#get-2-tweets-search-stream) request, you will receive the Posts that match your rules within the past one to five minutes. We generally deliver these older Posts first before any newly matched Posts, and also do not deduplicate Posts. This means that if you were disconnected for 90 seconds, but request two minutes worth of backfill data, you will receive 30 seconds worth of duplicate Posts, which your system should be tolerant of. Here is an example of what a request might look like with the backfill parameter: `curl 'https://api.x.com/2/tweets/search/stream?backfill_minutes=5' -H "Authorization: Bearer $ACCESS_TOKEN"` If you don't have Enterprise access, or identified that the disconnection time lasted for longer than five minutes, you can utilize the [recent search endpoint](/x-api/posts/search/introduction) or the recovery feature to request missed data. However, note that the search Posts endpoints do not include the sample:, bio:, bio\_name:, or bio\_location: operators, and has certain differences in matching behavior when using accents and diacritics with the keyword and #hashtag operators. These differences could mean that you don't fully recover all Posts that might have been received via the filtered stream endpoints.  **Recovering missed data after a disconnection: Recovery** If you are using a Project with Enterprise access, you can use the Recovery feature to recover missed data within the last 24 hours if you are unable to reconnect with the 5 minute backfill window. The streaming recovery feature allows you to have an extended backfill window of 24 hours. Recovery enables you to 'replay' the time period of missed data. A recovery stream is started when you make a connection request using 'start\_time' and 'end\_time' request parameters. Once connected, Recovery will re-stream the time period indicated, then disconnect.   You will be able to make 2 concurrent requests to recovery at the same time, i.e. “two recovery jobs”. Recovery works technically in the same way as backfill, except a start and end time is defined. A recovery period is for a single time range. | | | | | :---------- | :-------------- | :---------------------------------------------------------------------------------------------------------- | | **Name** | **Type** | **Description** | | start\_time | date (ISO 8601) | YYYY-MM-DDTHH:mm:ssZ (ISO 8601/RFC 3339).

Date in UTC signifying the start time to recover from. | | end\_time | date (ISO 8601) | YYYY-MM-DDTHH:mm:ssZ (ISO 8601/RFC 3339).

Date in UTC signifying the end time to recover to. | Example request URL: [https://api.x.com/2/tweets/search/stream?start\_time=2022-07-12T15:10:00Z\&end\_time=2022-07-12T15:20:00Z](https://api.x.com/2/tweets/search/stream?start_time=1985-04-12T23:20:50.52Z\&end_time=1985-04-13T00:20:50.52Z) # Introduction Source: https://docs.x.com/x-api/posts/filtered-stream/introduction export const Button = ({href, children}) => { return ; }; The filtered stream endpoint group enables developers to filter the real-time stream of public Posts. This endpoint group’s functionality includes multiple endpoints that enable you to create and manage rules, and apply those rules to filter a stream of real-time Posts that will return matching public Posts. This endpoint group allows users to listen for specific topics and events in real-time, monitor the conversation around competitions, understand how trends develop in real-time, and much more. Developers can use the REST [rules endpoint](/x-api/posts/filtered-stream#post-2-tweets-search-stream-rules) to add and remove rules to a persistent stream connection without needing to disconnect. These [rules](/x-api/posts/filtered-stream#building-rules-for-filtered-stream) can be created with operators that match on Post attributes such as message keywords, hashtags, and URLs. Operators and rule clauses can be combined with boolean logic and parentheses to help refine the filter’s matching behavior.  Once you've added a set of rules, you can [establish a streaming connection](/x-api/posts/filtered-stream#get-2-tweets-search-stream) which will start to deliver [Post objects](/x-api/fundamentals/data-dictionary#tweet) in JSON format through a persistent HTTP Streaming connection. You will only receive content matching your rules while connected to the stream. The filtered search endpoint supports edited Posts. This endpoint will deliver edited Posts that match one or more of your filters, along with its edit history, including an array of Post IDs. For Posts with no edit history, this array will hold a single ID. For Posts that have been edited, this array contains multiple IDs, arranged in ascending order reflecting the order of edits, with the most recent version in the last position of the array. To learn more about how Post edits work, see the [Posts edits fundamentals](/x-api/fundamentals/edit-posts) page.  Certain aspects of the filtered stream endpoint are limited by [access level](/x-api/getting-started/about-x-api): **Pro access** * 1000 rules per stream * 100 requests per 15 minutes when using the POST /2/tweets/search/stream/rules endpoint to add rules * Can use all operators when building your rule * Can build rules up to 1024 characters in length **Enterprise access** * 25,000+ rules per stream * Can use all operators when building your rule * Can build rules up to 2048 characters in length * Apply [here](https://developer.x.com/en/products/x-api/enterprise/enterprise-api-interest-form) for Enterprise access The returned Posts from filtered stream count towards the monthly [Post cap](/x-api/fundamentals/post-cap). **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).
# Quickstart Source: https://docs.x.com/x-api/posts/filtered-stream/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the filtered stream endpoints This quick start guide will help you make your first request to the filtered stream endpoint group using a cURL request. cURL is a command line tool which allows you to make requests with minimal configuration. If you would like to see sample code in different languages, please visit our[X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a filtered stream request using cURL **Step one: Create a rule** Rules are made up of one or many different [operators](/x-api/posts/filtered-stream#building-rules-for-filtered-stream) that are combined using boolean logic and parentheses to help define which Posts will deliver to your stream. In this guide, we will filter the stream to find Posts that contain both the keyword “cat” and images. Here is our rule: cat has:images **Step two: Add a tag to your rule** You can add multiple concurrent rules to your stream. When you open your streaming connection, Posts that match any of these rules will flow through the same streaming connection. To ensure that you know which Post matches which rule, you can pass a tag along with your rule creation request. Each Post that matches that rule will then include a tag field within the Post payload noting which rule it matched. For this rule, we are going to assign the following tag: cats with images **Step three: Add your rule to the stream** This endpoint requires you to pass an application/JSON body along with this request that contains your rule and its tag. You will also notice that we have included the rule value and tag within an add object since we are trying to add this rule to the stream. This JSON body will look like this: ``` { "add": \[ {"value": "cat has:images", "tag": "cats with images"} \] } ``` Now that you have fully set up this JSON body, you can add that to a cURL request, which will look like the following. This request isn't ready yet, so please hold off on submitting it until a later step. ```json curl -X POST 'https://api.x.com/2/tweets/search/stream/rules' \ -H "Content-type: application/json" \ -H "Authorization: Bearer $APP_ACCESS_TOKEN" -d \ ``` ```json '{ "add": [ {"value": "cat has:images", "tag": "cats with images"} ] }'` ``` **Step four: Authenticate your request** Since the filtered stream rules endpoints require [OAuth 2.0 App-Only authentication](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token), you will need to replace \$APP\_ACCESS\_TOKEN in the cURL command from step three with the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) that you generated in the prerequisites.    **Step five: Add your rule to the stream** Next step is to execute your cURL request, which will add the rule to your stream. Copy and paste the cURL command into your command line interface and press "return".  If your cURL request was successful, you’ll receive a response containing data about your value, tag, and id (serves as a unique identifier for your rule). This response will look similar to this:   ``` { "data": [{ "value": "cat has:images", "tag": "cats with images", "id": "1273026480692322304" }], "meta": { "sent": "2020-06-16T22:55:39.356Z", "summary": { "created": 1, "not_created": 0, "valid": 1, "invalid": 0 } } } ``` You can validate that your rule was added successfully by sending the following GET request to the rules endpoint, once again making sure to replace \$APP\_ACCESS\_TOKEN with your token. This request will return a full list of all the rules that have been added to your stream. ```curl -X GET 'https://api.x.com/2/tweets/search/stream/rules' \ -H "Authorization: Bearer $APP_ACCESS_TOKEN" ``` If your cURL request was successful, you should receive the following:   ```{ "data": [{ "id": "1273028376882589696", "value": "cat has:images", "tag": "cats with images" }], "meta": { "sent": "2020-06-16T23:14:06.498Z" } } ``` #### Step six: Identify and specify which fields you would like to retrieve If you connect to the stream after step five, you will receive the default [Post object](/x-api/fundamentals/data-dictionary#tweet) fields in your response: id , text, and edit\_history\_tweet\_ids. If you would like to receive additional fields beyond these, you will have to specify those fields in your request with the [field](/x-api/fundamentals/fields) and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request a three different sets of fields from different objects: 1. The additional tweet.created\_at field in the primary Post objects. 2. The associated authors’ [user object’s](/x-api/fundamentals/data-dictionary#user) default fields for the returned Posts: id, name, and username 3. The additional  user.created\_at field in the associated user objects.   To request these fields, you will need to pass the following in your request: | | | | | :----------- | :---------- | :-------------------------------------------------------------- | | Key | Value | Returned fields | | tweet.fields | created\_at | tweets.created\_at | | expansions | author\_id | includes.users.id, includes.users.name, includes.users.username | | user.fields | created\_at | includes.users.created\_at | Now that you know this, you can piece together your request URL to connect to the stream, which will look like this:   `https://api.x.com/2/tweets/search/stream?tweet.fields=created_at&expansions=author_id&user.fields=created_at` #### Step seven: Connect to the stream and review your response Now that your rule is in place and you’ve specified which fields you want returned, you’re ready to connect to the stream, which will deliver Post objects that match the rule you’ve submitted. This is what the cURL command looks like once you’ve added the URL from step six into your request:   `curl -X GET -H "Authorization: Bearer $APP_ACCESS_TOKEN" "https://api.x.com/2/tweets/search/stream?tweet.fields=created_at&expansions=author_id&user.fields=created_at"` Once again, this request must be authenticated using OAuth 2.0 App-Only, so make sure to replace \$APP\_ACCESS\_TOKEN with your credentials before copying and pasting it into your command line tool. Once you are connected to the filtered stream you will start to receive Posts that match your rules in the following JSON format:   ``` { "data": [ { "author_id": "2244994945", "created_at": "2022-09-14T19:00:55.000Z", "id": "1228393702244134912", "edit_history_tweet_ids": ["1228393702244134912"], "text": "What did the developer write in their Valentine’s card?\n \nwhile(true) {\n I = Love(You); \n}" }, { "author_id": "2244994945", "created_at": "2022-09-12T17:09:56.000Z", "id": "1227640996038684673", "edit_history_tweet_ids": ["1227640996038684673"], "text": "Doctors: Googling stuff online does not make you a doctor\n\nDevelopers: https://t.co/mrju5ypPkb" }, { "author_id": "2244994945", "created_at": "2022-09-27T20:26:41.000Z", "id": "1199786642791452673", "edit_history_tweet_ids": ["1199786642791452673"], "text": "C#" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "name": "Twitter Dev", "username": "TwitterDev" } ] } } ``` If you would like to close your connection, you can press Control-C in your command line tool on either Mac or Windows systems to break the connection, or you can also close the window.  # Full-archive search Source: https://docs.x.com/x-api/posts/full-archive-search get /2/tweets/search/all Returns Posts that match a search query. # Full archive search counts Source: https://docs.x.com/x-api/posts/full-archive-search-counts get /2/tweets/counts/all Returns Post Counts that match a search query. # Integration guide Source: https://docs.x.com/x-api/posts/lookup/integrate export const Button = ({href, children}) => { return ; }; This page contains information on several tools and key concepts to help you integrate the Posts lookup endpoints into your system. We’ve organized the page into a few sections: * [Helpful tools](#helpful) * Key Concepts * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#portal) * [Rate limits](#limits) * [Fields and expansions](#fields) * [Post edits](#edits) * [Edge cases](#edge) ## Helpful tools Before we dive into some key concepts, we recommend familiarizing yourself with the following tools: **Postman**\ Postman is an excellent tool to test out an endpoint, including every path and body parameter to help you understand what’s available. Check out our [getting started with Postman guide](/tutorials/postman-getting-started) to learn more. **Code samples**\ Find code samples for your preferred programming language on our [Github page](https://github.com/xdevplatform/Twitter-API-v2-sample-code). **Third-party libraries**\ Utilize community-built [third-party libraries](/resources/tools-and-libraries) compatible with v2 endpoints. ## Key Concepts ### Authentication All X API v2 endpoints require authenticated requests. You can authenticate with either: * [OAuth 1.0a User Context](/resources/fundamentals/authentication) using API Keys, Access Tokens, and additional parameters to [create an authorization header](/resources/fundamentals/authentication#authorizing-a-request). * [OAuth 2.0 App-Only](/resources/fundamentals/authentication#oauth-2-0) by passing an [App Access Token](/resources/fundamentals/authentication) with your request. * [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication) for greater control over app scope and multi-device authorization. OAuth 1.0a can be challenging to implement. If unfamiliar, consider using a [library](/resources/tools-and-libraries) or OAuth 2.0 for requests. For private metrics or Posts, use OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE. **Please note** > If you are requesting the following fields, OAuth 1.0a User Context or OAuth 2.0 Authorization Code is required: > > * `tweet.fields.non_public_metrics` > * `tweet.fields.promoted_metrics` > * `tweet.fields.organic_metrics` > * `media.fields.non_public_metrics` > * `media.fields.promoted_metrics` > * `media.fields.organic_metrics` ### Developer portal, Projects, and Apps To obtain credentials for X API v2, you need: 1. An approved [developer account](/resources/fundamentals/developer-portal). 2. A [Project](/resources/fundamentals/projects) within the developer account. 3. A [developer App](/resources/fundamentals/developer-apps) within that Project, where keys and tokens can be found. ### Rate limits X API requests are subject to [rate limits](/resources/fundamentals/rate-limits) to manage volume. Limits apply at both the App and user levels: * **App-level**: Limits the number of requests made per period by any app. * **User-level**: Limits how frequently an authenticated user can perform Post lookups across developer Apps. ### Fields and expansions The X API v2 allows selection of specific data fields using `fields` and `expansions`: * **Expansions**: Enable retrieval of additional related objects. Supported expansions include: * `edit_history_tweet_ids` * `attachments.poll_ids` * `attachments.media_keys` * `author_id` * `entities.mentions.username` * `geo.place_id` * `in_reply_to_user_id` * `referenced_tweets.id` * `referenced_tweets.id.author_id` * **Fields**: Specify data fields within objects to return additional data. The Post object defaults to `id`, `text`, and `edit_history_tweet_ids`. Other options, like `tweet.created_at` and `tweet.entities`, must be explicitly requested. For more, refer to the fields and expansions guide in the [X API v2 data dictionary](/x-api/fundamentals/data-dictionary). ### Post edits Eligible Posts can be edited up to five times within 30 minutes of publishing. The Posts lookup endpoint always provides the latest Post version. For near-real-time use cases, be aware of this time window. For more details, see [Edit Posts fundamentals](/x-api/fundamentals/edit-posts). ### Edge cases * **Promoted metrics**: Requesting promoted metrics for non-promoted Posts returns an empty response. * **Truncated text**: Post text is truncated for Retweets. To retrieve full text, expand the referenced Post # Introduction Source: https://docs.x.com/x-api/posts/lookup/introduction export const Button = ({href, children}) => { return ; }; The Post is one of the primary resources on X. In its simplest form, a Post can contain up to 280 characters and can be posted either publicly or privately, depending on an account’s settings. However, a variety of different objects can also be attached to Post, including media, a place, polls, and URLs. In addition, most Posts can be edited for up to 30 minutes after being created. While there are a variety of HTTP, selection, and delivery methods for Posts, this group of REST endpoints focuses on returning a Post or group of Posts, specified by a [Post ID](/resources/fundamentals/x-ids). These endpoints can receive up-to-date details on a Post, verify that a Post is available, and examine its edit history. They are also crucial for managing [compliance events](/x-api/enterprise-gnip-2.0/fundamentals/firehouse). The Post lookup endpoint provides edited Post metadata. All Posts created since September 29, 2022, include edit metadata, even if they were never edited. Each edit results in a new Post ID, with a Post's edit history represented by an array of Post IDs, beginning with the original. This endpoint will always return the most recent edit along with its edit history. Any Post collected after its 30-minute edit window has expired will represent its final version. To learn more about Edit Post metadata, check out the [Edit Posts fundamentals](/x-api/fundamentals/edit-posts) page. These endpoints use the GET HTTP method and return one or many [Posts objects](/x-api/fundamentals/data-dictionary), which include fields such as the Post text, creation timestamp, and lists and metadata of hashtags, mentions, and photos. *** ### Account setup To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * Authentication using keys and tokens from a [developer App](/resources/fundamentals/developer-apps) within a [Project](/resources/fundamentals/projects). Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access). *** ## Quick Links
# Quickstart Source: https://docs.x.com/x-api/posts/lookup/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the Posts lookup endpoints This quick start guide will help you make your first request to the Posts lookup endpoints with a set of specified fields using Postman. If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository. ### Prerequisites To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/portal/petition/essential/basic-info) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a GET /tweets request #### Step one: Start with a tool or library There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load the X API v2 Postman collection into your environment, click the button below: Once you have the X API v2 collection loaded in Postman, navigate to the "Post Lookup > Multiple Posts" request. #### Step two: Authenticate your request To properly make a request to the X API, you need to verify that you have permission. You can authenticate your request with: * [OAuth 2.0 App-Only](resources/fundamentals/authentication) * [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication) * [OAuth 1.0a User Context](resources/fundamentals/authentication) For simplicity's sake, we are going to utilize OAuth 2.0 App-Only with this request, but if you'd like to request private [metrics](/x-api/fundamentals/metrics) or Posts, you will need to use one of the other authentication methods. To utilize OAuth 2.0 App-Only, you must add your keys and tokens (and specifically the App Access Token, also known as the App-only Bearer Token) to Postman by selecting the environment named “X API v2” (in the top-right corner of Postman), and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). If you've done this correctly, these variables will automatically be pulled into the request's authorization tab. #### Step three: Identify and specify which Posts you would like to retrieve You must specify a Post or a set of Posts that you would like to receive within the request. You can find the Post ID by navigating to X.com and clicking on a Post and then looking in the URL. For example, the following URL's Post ID is `1228393702244134912`. `https://x.com/TwitterDev/status/1228393702244134912` In Postman, navigate to the "Params" tab and enter this ID, or a string of Post IDs separated by a comma, into the "Value" column of the ids parameter. | Key | Value | | :---- | :------------------------------------------------------------ | | `ids` | `1228393702244134912,1227640996038684673,1199786642791452673` | *** #### Step four: Identify and specify which fields you would like to retrieve If you click the "Send" button after step three, you will receive the default [Post object fields](/x-api/fundamentals/data-dictionary) in your response: `id`, `text`, and `edit_history_tweet_ids`. For this exercise, we will request a three additional different sets of fields from different objects: * The additional `tweet.created_at field` in the primary user objects. * The associated authors’ user object’s default fields for the returned Posts: `id`, `name`, and `username` * The additional `user.created_at field` in the associated user objects. In Postman, navigate to the "Params" tab and add the following `key:value` pair to the "Query Params" table: | Key | Value | Returned fields | | :------------- | :----------- | :-------------------------------------------------------------------- | | `tweet.fields` | `created_at` | `tweets.created_at` | | `expansions` | `author_id` | `includes.users.id`, `includes.users.name`, `includes.users.username` | | `user.fields` | `created_at` | `includes.users.created_at` | You should see this URL next to the "Send" button: ``` https://api.x.com/2/tweets?ids=1228393702244134912,1227640996038684673,1199786642791452673&tweet.fields=created_at&expansions=author_id&user.fields=created_at ``` #### Step five: Make your request and review your response Once you have everything set up, hit the "Send" button and you will receive the following response: ``` { "data": [ { "edit_history_tweet_ids": [ "1228393702244134912" ], "text": "What did the developer write in their Valentine’s card?\n \nwhile(true) {\n I = Love(You); \n}", "id": "1228393702244134912", "created_at": "2020-02-14T19:00:55.000Z", "author_id": "2244994945" }, { "edit_history_tweet_ids": [ "1227640996038684673" ], "text": "Doctors: Googling stuff online does not make you a doctor\n\nDevelopers: https://t.co/mrju5ypPkb", "id": "1227640996038684673", "created_at": "2020-02-12T17:09:56.000Z", "author_id": "2244994945" }, { "edit_history_tweet_ids": [ "1199786642791452673" ], "text": "C#", "id": "1199786642791452673", "created_at": "2019-11-27T20:26:41.000Z", "author_id": "2244994945" } ], "includes": { "users": [ { "name": "Developers", "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "username": "XDevelopers" } ] } } ``` # Post lookup by Post ID Source: https://docs.x.com/x-api/posts/post-lookup-by-post-id get /2/tweets/{id} Returns a variety of information about the Post specified by the requested ID. # Post lookup by Post IDs Source: https://docs.x.com/x-api/posts/post-lookup-by-post-ids get /2/tweets Returns a variety of information about the Post specified by the requested ID. # Recent search Source: https://docs.x.com/x-api/posts/recent-search get /2/tweets/search/recent Returns Posts from the last 7 days that match a search query. # Recent search counts Source: https://docs.x.com/x-api/posts/recent-search-counts get /2/tweets/counts/recent Returns Post Counts from the last 7 days that match a search query. # Rules Count Source: https://docs.x.com/x-api/posts/rules-count get /2/tweets/search/stream/rules/counts Returns the counts of rules from a User's active rule set, to reflect usage by project and application. # Rules lookup Source: https://docs.x.com/x-api/posts/rules-lookup get /2/tweets/search/stream/rules Returns rules from a User's active rule set. Users can fetch all of their rules or a subset, specified by the provided rule ids. # Build a query Source: https://docs.x.com/x-api/posts/search/integrate/build-a-query ## Building queries for Search Posts The search endpoints accept a single query with a GET request and return a set of historical Posts that match the query.  Queries are made up of operators that are used to match on a variety of Post attributes.  ### Table of contents * [Building a query](#build) * [Query limitations](#limits) * [Operator availability](#availability) * [Operator types: standalone and conjunction-required](#types) * [Boolean operators and grouping](#boolean) * [Order of operations](#order-of-operations) * [Punctuation, diacritics, and case sensitivity](#punctuation) * [Specificity and efficiency](#specificity) * [Quote Tweet matching behavior](#quote-tweets) * [Iteratively building a query](#iterative) * [Adding a query to your request](#adding-a-query) * [Query examples](#examples) * [List of operators](#list) ### Building a query #### Query limitations Your queries will be limited depending on which [access level](/x-api/getting-started/about-x-api) you are using.  If you have Basic or Pro access, your query can be 512 characters long for recent search endpoint.  If you have Pro access, your query can be 1,024 characters long for full archive search endpoint.  #### Operator availability While most operators are available to any developer, there are several that are reserved for certain access levels. We list which access level each operator is available to in the [list of operators](/x-api/posts/search/integrate/build-a-query) table using the following labels: * **Core operators:** Available when using any [Project](/resources/fundamentals/projects). * **Advanced operators:** Available when using a Project with certain access level #### Operator types: standalone and conjunction-required **Standalone operators** can be used alone or together with any other operators (including those that require conjunction). For example, the following query will work because it uses the `#hashtag` operator, which is standalone: `#xapiv2` **Conjunction-required** operators cannot be used by themselves in a query; they can only be used when at least one standalone operator is included in the query. This is because using these operators alone would be far too general, and would match on an extremely high volume of Posts. For example, the following queries are not supported since they contain only conjunction-required operators: `has:media` `has:links OR is:retweet` If we add in a standalone operator, such as the phrase `"X data"`, the query would then work properly.  `"X data" has:mentions (has:media OR has:links)` #### Boolean operators and grouping If you would like to string together multiple operators in a single query, you have the following tools at your disposal: | | | | :---------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **AND logic** | Successive operators with a space between them will result in boolean "AND" logic, meaning that Posts will match only if both conditions are met. For example, `snow day #NoSchool` will match Posts containing the terms snow and day and the hashtag #NoSchool. | | **OR logic** | Successive operators with OR between them will result in OR logic, meaning that Posts will match if either condition is met. For example, specifying `grumpy OR cat OR #meme` will match any Posts containing at least the terms grumpy or cat, or the hashtag #meme. | | **NOT logic, negation** | Prepend a dash (-) to a keyword (or any operator) to negate it (NOT). For example, `cat #meme -grumpy` will match Posts containing the hashtag #meme and the term cat, but only if they do not contain the term grumpy. One common query clause is `-is:retweet`, which will not match on Retweets, thus matching only on original Posts, Quote Tweets, and replies. All operators can be negated, but negated operators cannot be used alone. | | **Grouping** | You can use parentheses to group operators together. For example, `(grumpy cat) OR (#meme has:images)` will return either Posts containing the terms grumpy and cat, or Posts with images containing the hashtag #meme. Note that ANDs are applied first, then ORs are applied. | **A note on negations** The operators `-is:nullcast` must always be negated. Negated operators cannot be used alone. Do not negate a set of operators grouped together in a set of parentheses. Instead, negate each individual operator. For example, instead of using `skiing -(snow OR day OR noschool)`, we suggest that you use `skiing -snow -day -noschool`.  #### Order of operations When combining AND and OR functionality, the following order of operations will dictate how your query is evaluated. 1. Operators connected by AND logic are combined first 2. Then, operators connected with OR logic are applied For example: * `apple OR iphone ipad` would be evaluated as `apple OR (iphone ipad)` * `ipad iphone OR android` would be evaluated as `(iphone ipad) OR android` To eliminate uncertainty and ensure that your query is evaluated as intended, group terms together with parentheses where appropriate.  For example: * `(apple OR iphone) ipad` * `iphone (ipad OR android)` #### Punctuation, diacritics, and case sensitivity If you specify a keyword or hashtag query with character accents or diacritics, it will match Post text that contains both the term with the accents and diacritics, as well as those terms with normal characters. For example, queries with a keyword `Diacrítica` or hashtag `#cumpleaños` will match *Diacrítica* or *#cumpleaños*, as well as with *Diacritica* or *#cumpleanos* without the tilde í or eñe. Characters with accents or diacritics are treated the same as normal characters and are not treated as word boundaries. For example, a query with the keyword `cumpleaños` would only match activities containing the word *cumpleaños* and would not match activities containing *cumplea*, *cumplean*, or *os*. All operators are evaluated in a case-insensitive manner. For example, the query `cat` will match Posts with all of the following: *cat*, *CAT*, *Cat*. The [filtered stream](/x-api/posts/filtered-stream) matching behavior acts differently from Search Posts. When [building a filtered stream rule](/x-api/posts/filtered-stream#building-rules-for-filtered-stream), know that keywords and hashtags that include accents and diacritics will only match on terms that also include the accent and diacritic, and will not match on terms that use normal characters instead.  For example, filtered stream rules that include a keyword `Diacrítica` or hashtag `#cumpleaños` will only match the terms *Diacrítica* and *#cumpleaños*, and will not match on *Diacritica* or *#cumpleanos* without the tilde í or eñe #### Specificity and efficiency When you start to build your query, it is important to keep a few things in mind. * Using broad, standalone operators for your query such as a single keyword or #hashtag is generally not recommended since it will likely match on a massive volume of Posts. Creating a more robust query will result in a more specific set of matching Posts, and will hopefully reduce the amount of noise in the payload that you will need to sift through to find valuable insights.  * For example, if your query was just the keyword `happy` you will likely get anywhere from 200,000 - 300,000 Posts per day. * Adding more conditional operators narrows your search results, for example `(happy OR happiness) place_country:GB -birthday -is:retweet` * Writing efficient queries is also beneficial for staying within the characters query length restriction. The character count includes the entire query string including spaces and operators. * For example, the following query is 59 characters long: `(happy OR happiness) place_country:GB -birthday -is:retweet` #### Quote Tweet matching behavior When using the Search Posts endpoints, operators will not match on the content from the original Post that was quoted, but will match on the content included in the Quote Tweet. However, please note that [filtered stream](/x-api/posts/filtered-stream) will match on both the content from the original P that was quoted and the Quote Tweet's content. #### Iteratively building a query ##### Test your query early and often Getting a query to return the "right" results the first time is rare. There is so much on X that may or may not be obvious at first and the query syntax described above may be hard to match to your desired search. As you build a query, it is important for you to periodically test it out. For this section, we are going to start with the following query and adjust it based on the results that we receive during our test:  `happy OR happiness` ##### Use results to narrow the query As you test the query, you should scan the returned Posts to see if they include the data that you are expecting and hoping to receive. Starting with a broad query and a superset of Post matches allows you to review the result and narrow the query to filter out undesired results.   When we tested the example query, we noticed that we were getting Po in a variety of different languages. In this situation, we want to only receive Posts that are in english, so we’re going to add the `lang:` operator: `(happy OR happiness) lang:en` The test delivered a number of Posts wishing people a happy birthday, so we are going to add `-birthday` as a negated keyword operator. We also want to only receive original Posts, so we’ve added the negated `-is:retweet` operator: `(happy OR happiness) lang:en -birthday -is:retweet` ##### Adjust for inclusion where needed If you notice that you are not receiving data that you expect and know that there are existing Posts that should return, you may need to broaden your query by removing operators that may be filtering out the desired data.  For our example, we noticed that there were other Posts in our personal timeline that expressed the emotion that we are looking for and weren’t included in the test results. To ensure we have greater coverage, we are going to add the keywords, `excited` and `elated`. `(happy OR happiness OR excited OR elated) lang:en -birthday -is:retweet` ##### Adjust for popular trends/bursts over the time period Trends come and go on X quickly. Maintaining your query should be an active process. If you plan to use a query for a while, we suggest that you periodically check in on the data that you are receiving to see if you need to make any adjustments. In our example, we notice that we started to receive some Posts that are wishing people a “happy holidays”. Since we don’t want these Posts included in our results, we are going to add a negated `-holidays` keyword. `(happy OR happiness OR excited OR elated) lang:en -birthday -is:retweet -holidays` ### Adding a query to your request To add your query to your request, you must use the `query` parameter. As with any query parameters, you must make sure to HTTP encode the query that you developed. Here is an example of what this might look like using a cURL command, with an additional `tweet.fields` and `max_results` parameter included. If you would like to use this command, please make sure to replace `$BEARER_TOKEN` with your own [Bearer Token](/resources/fundamentals/authentication#oauth-2-0): ```bash curl https://api.x.com/2/tweets/search/recent?query=cat%20has%3Amedia%20-grumpy&tweet.fields=created_at&max_results=100 -H "Authorization: Bearer $BEARER_TOKEN" ``` ### Query examples #### Tracking a natural disaster The following query matched on original Posts coming from weather agencies and gauges that discuss Hurricane Harvey, which hit Houston in 2017. Here is what the query would look like without the HTTP encoding: `has:geo (from:NWSNHC OR from:NHC\_Atlantic OR from:NWSHouston OR from:NWSSanAntonio OR from:USGS\_TexasRain OR from:USGS_TexasFlood OR from:JeffLindner1) -is:retweet` And here is what the query would look like with the HTTP encoding, the query parameter, and the recent search URI: `https://api.x.com/2/tweets/search/recent?query=-is%3Aretweet%20has%3Ageo%20(from%3ANWSNHC%20OR%20from%3ANHC\_Atlantic%20OR%20from%3ANWSHouston%20OR%20from%3ANWSSanAntonio%20OR%20from%3AUSGS\_TexasRain%20OR%20from%3AUSGS_TexasFlood%20OR%20from%3AJeffLindner1)` #### Reviewing the sentiment of a conversation The next rule could be used to better understand the sentiment of the conversation developing around the hashtag, *#nowplaying*, but scoped to just Posts published within North America. Here is what the two different queries, one for positive and one for negative, would look like without the HTTP encoding: `#nowplaying (happy OR exciting OR excited OR favorite OR fav OR amazing OR lovely OR incredible) (place\_country:US OR place\_country:MX OR place_country:CA) -horrible -worst -sucks -bad -disappointing` `#nowplaying (horrible OR worst OR sucks OR bad OR disappointing) (place\_country:US OR place\_country:MX OR place_country:CA) -happy -exciting -excited -favorite -fav -amazing -lovely -incredible` And here is what the query would look like with the HTTP encoding, the query parameter, and the recent search URI: `https://api.x.com/2/tweets/search/recent?query=%23nowplaying%20(happy%20OR%20exciting%20OR%20excited%20OR%20favorite%20OR%20fav%20OR%20amazing%20OR%20lovely%20OR%20incredible)%20(place\_country%3AUS%20OR%20place\_country%3AMX%20OR%20place_country%3ACA)%20-horrible%20-worst%20-sucks%20-bad%20-disappointing` `https://api.x.com/2/tweets/search/recent?query=%23nowplaying%20(horrible%20OR%20worst%20OR%20sucks%20OR%20bad%20OR%20disappointing)%20(place\_country%3AUS%20OR%20place\_country%3AMX%20OR%20place_country%3ACA)%20-happy%20-exciting%20-excited%20-favorite%20-fav%20-amazing%20-lovely%20-incredible` #### Find Posts that relate to a specific Post annotation This rule was built to search for original Posts that included an image of a pet that is not a cat, where the language identified in the Post is Japanese. To do this, we used the `context:` operator to take advantage of the [Post annotation](/x-api/fundamentals/post-annotations) functionality. We first used the [Post lookup](/x-api/posts/lookup/introduction) endpoint and the `tweet.fields=context_annotations` fields parameter to identify which domain.entity IDs we need to use in our query: * Posts that relate to cats return `domain` 66 (Interests and Hobbies category) with entity 852262932607926273 (Cats).  * Posts that relate to pets return `domain` 65 (Interests and Hobbies Vertical) with entity 852262932607926273 (Pets).  Here is what the query would look like without the HTTP encoding: `context:65.852262932607926273 -context:66.852262932607926273 -is:retweet has:images lang:ja` And here is what the query would look like with the HTTP encoding, the query parameter, and the recent search URI: `https://api.x.com/2/tweets/search/recent?query=context%3A65.852262932607926273%20-context%3A66.852262932607926273%20-is%3Aretweet%20has%3Aimages%20lang%3Aja` Try out the [query builder tool](https://developer.x.com/apitools/query?query=) for additional support.  ### Operators #### Operator Guide | **Operator** | **Type** | **Availability** | **Description** | | :---------------------- | :------------------- | :--------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `keyword` | Standalone | Essential | Matches a keyword within the body of a Post. This is a tokenized match, meaning that your keyword string will be matched against the tokenized text of the Post body. Tokenization splits words based on punctuation, symbols, and Unicode basic plane separator characters.

For example, a Post with the text “I like coca-cola” would be split into the following tokens: I, like, coca, cola. These tokens would then be compared to the keyword string used in your query. To match strings containing punctuation (for example coca-cola), symbol, or separator characters, you must wrap your keyword in double-quotes.

Example: `pepsi OR cola OR "coca cola"` | | `emoji` | Standalone | Essential | Matches an emoji within the body of a Post. Similar to a keyword, emojis are a tokenized match, meaning that your emoji will be matched against the tokenized text of the Post body.

Note that if an emoji has a variant, you must wrap it in double quotes to add to a query.

Example: `(😃 OR 😡) 😬` | | `"exact phrase match"` | Standalone | Essential | Matches the exact phrase within the body of a Post.

Example: `("X API" OR #v2) -"recent search"` | | `#` | Standalone | Essential | Matches any Post containing a recognized hashtag, if the hashtag is a recognized entity in a Post.

This operator performs an exact match, NOT a tokenized match, meaning the rule `#thanku` will match posts with the exact hashtag #thanku, but not those with the hashtag #thankunext.

Example: `#thankunext #fanart OR @arianagrande` | | `@` | Standalone | Essential | Matches any Post that mentions the given username, if the username is a recognized entity (including the @ character).

Example: `(@XDevelopers OR @API) -@X` | | `$` | Standalone | Elevated | Matches any Post that contains the specified 'cashtag' (where the leading character of the token is the \$ character).

Note that the cashtag operator relies on X's 'symbols' entity extraction to match cashtags, rather than trying to extract the cashtag from the body itself.

Example: `$twtr OR @XDevelopers -$fb` | | `from:` | Standalone | Essential | Matches any Post from a specific user.
The value can be either the username (excluding the @ character) or the user’s numeric user ID.

You can only pass a single username/ID per `from:` operator.

Example: `from:XDevelopers OR from:API -from:X` | | `to:` | Standalone | Essential | Matches any Post that is in reply to a particular user.
The value can be either the username (excluding the @ character) or the user’s numeric user ID.

You can only pass a single username/ID per `to:` operator.

Example: `to:XDevelopers OR to:API -to:X` | | `url:` | Standalone | Essential | Performs a tokenized match on any validly-formatted URL of a Post.

This operator matches on the contents of both the `url` or `expanded_url` fields. For example, a Post containing "You should check out X Developer Labs: [https://t.co/c0A36SWil4](https://t.co/c0A36SWil4)" (with the short URL redirecting to [https://developer.twitter.com](https://developer.twitter.com)) will match both the following rules:

`from:XDevelopers url:"https://developer.twitter.com"` (because it will match the contents of `entities.urls.expanded_url`)

`from:XDevelopers url:"https://t.co"` (because it will match the contents of `entities.urls.url`)

Tokens and phrases containing punctuation or special characters should be double-quoted (for example, `url:"/developer"`). Similarly, to match on a specific protocol, enclose in double-quotes (for example, `url:"https://developer.twitter.com"`). | | `retweets_of:` | Standalone | Essential | Matches Posts that are Retweets of the specified user. The value can be either the username (excluding the @ character) or the user’s numeric user ID.

You can only pass a single username/ID per `retweets_of:` operator.

Example: `retweets_of:twitterdev OR retweets_of:twitterapi` | | `in_reply_to_tweet_id:` | Standalone | Essential | *Available alias:* `in_reply_to_status_id:`
Matches on replies to the specified Post.

Example: `in_reply_to_tweet_id:1539382664746020864` | | `retweets_of_tweet_id:` | Standalone | Essential | *Available alias:* `retweets_of_status_id:`
Matches on explicit (or native) Retweets of the specified Post. Note that the Post ID used should be the ID of an original Post and not a Retweet.

Example: `retweets_of_tweet_id:1539382664746020864` | | `quotes_of_tweet_id:` | Standalone | Essential | *Available alias:* `quotes_of_status_id:`
Matches on Quote Tweets of the specified Post. Note that the Post ID used should be the ID of an original Post and not a Quote Tweet.

Example: `quotes_of_tweet_id:1539382664746020864` | | `context:` | Standalone | Essential | Matches Posts with a specific domain id/entity id pair. To learn more about this operator, please visit our page on [annotations](/x-api/fundamentals/post-annotations).

You can only pass a single domain/entity per `context:` operator.

`context:domain_id.entity_id`

However, you can combine multiple domain/entities using the OR operator:

`(context:47.1139229372198469633 OR context:11.1088514520308342784)`

Examples:
`context:10.799022225751871488` (`domain_id.entity_id` returns Posts matching that specific domain-entity pair) | | `entity:` | Standalone | Essential | Matches Posts with a specific entity string value. To learn more about this operator, please visit our page on [annotations](/x-api/fundamentals/post-annotations).
**Please note** that this is only available with recent search.

You can only pass a single `entity:` operator.

`entity:"string declaration of entity/place"`

Examples: `entity:"Michael Jordan" OR entity:"Barcelona"` | | `conversation_id:` | Standalone | Essential | Matches Posts that share a common conversation ID. A conversation ID is set to the Post ID of a Post that started a conversation. As Replies to a Post are posted, even Replies to Replies, the `conversation_id` is added to its JSON payload.

You can only pass a single conversation ID per `conversation_id:` operator.

Example: `conversation_id:1334987486343299072 (from:XDevelopers OR from:api)` | | `list:` | Standalone | Elevated | **NEW** Matches Posts posted by users who are members of a specified list.

For example, if @XDevelopers and @api were members of List 123, and you included `list:123` in your query, your response will only contain Posts that have been published by those accounts. You can find List IDs by using the [List lookup](/x-api/lists/list-lookup/introduction) endpoint.

**Please note** that you can only use a single `list:` operator per query, and you can only specify a single List per `list:` operator.

Example: `list:123` | | `place:` | Standalone | Elevated | Matches Posts tagged with the specified location or X place ID. Multi-word place names (“New York City”, “Palo Alto”) should be enclosed in quotes.

You can only pass a single place per `place:` operator.

Note: See the [GET geo/search](https://developer.x.com/content/developer-twitter/en/docs/geo/places-near-location/api-reference/get-geo-search) standard v1.1 endpoint for how to obtain X place IDs.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `place:"new york city" OR place:seattle OR place:fd70c22040963ac7` | | `place_country:` | Standalone | Elevated | Matches Posts where the country code associated with a tagged place/location matches the given ISO alpha-2 character code.

You can find a list of valid ISO codes on [Wikipedia](http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).

You can only pass a single ISO code per `place_country:` operator.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `place_country:US OR place_country:MX OR place_country:CA` | | `point_radius:` | Standalone | Elevated | Matches against the `place.geo.coordinates` object of the Post when present, and in X, against a place geo polygon, where the Place polygon is fully contained within the defined region.

`point_radius:[longitude latitude radius]`

- Units of radius supported are miles (mi) and kilometers (km)
- Radius must be less than 25mi
- Longitude is in the range of ±180
- Latitude is in the range of ±90
- All coordinates are in decimal degrees
- Rule arguments are contained within brackets, space delimited

You can only pass a single geo polygon per `point_radius:` operator.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `point_radius:[2.355128 48.861118 16km] OR point_radius:[-41.287336 174.761070 20mi]` | | `bounding_box:` | Standalone | Elevated | *Available alias:* `geo_bounding_box:`
Matches against the place.geo.coordinates object of the Post when present, and in X, against a place geo polygon, where the place polygon is fully contained within the defined region.

`bounding_box:[west_long south_lat east_long north_lat]`

- `west_long south_lat` represent the southwest corner of the bounding box where `west_long` is the longitude of that point, and `south_lat` is the latitude.
- `east_long north_lat` represent the northeast corner of the bounding box, where `east_long` is the longitude of that point, and `north_lat` is the latitude.
- Width and height of the bounding box must be less than 25mi
- Longitude is in the range of ±180
- Latitude is in the range of ±90
- All coordinates are in decimal degrees.
- Rule arguments are contained within brackets, space delimited.

You can only pass a single geo polygons per `bounding_box:` operator.

Note: This operator will not match on Retweets, since Retweet's places are attached to the original Post. It will also not match on places attached to the original Post of a Quote Tweet.

Example: `bounding_box:[-105.301758 39.964069 -105.178505 40.09455]` | | `is:retweet` | Conjunction required | Essential | Matches on Retweets that match the rest of the specified rule. This operator looks only for true Retweets (for example, those generated using the Retweet button). Quote Tweets will not be matched by this operator.

Example: `data @XDevelopers -is:retweet` | | `is:reply` | Conjunction required | Essential | Deliver only explicit replies that match a rule. Can also be negated to exclude replies that match a query from delivery.

Note: This operator is also available with the filtered stream endpoint. When used with filtered stream, this operator matches on replies to an original Post, replies in quoted Tweets, and replies in Retweets.

Example: `from:XDevelopers is:reply` | | `is:quote` | Conjunction required | Essential | Returns all Quote Tweets, also known as Posts with comments.

Example: `"sentiment analysis" is:quote` | | `is:verified` | Conjunction required | Essential | Deliver only Posts whose authors are verified by X.

Example: `#nowplaying is:verified` | | `-is:nullcast` | Conjunction required | Elevated | Removes Posts created for promotion only on ads.twitter.com that have a `"source":"Twitter for Advertisers (legacy)"` or `"source":"Twitter for Advertisers"`.
This operator must be negated.

For more info on Nullcasted Posts, see our page on [Post availability](https://developer.x.com/content/developer-twitter/en/docs/twitter-api/v1/tweets/post-and-engage/guides/tweet-availability).

Example: `"mobile games" -is:nullcast` | | `has:hashtags` | Conjunction required | Essential | Matches Posts that contain at least one hashtag.

Example: `from:XDevelopers -has:hashtags` | | `has:cashtags` | Conjunction required | Elevated | Matches Posts that contain a cashtag symbol (with a leading ‘$’ character. For example, `$tag`).

Example: `#stonks has:cashtags\` | | `has:links` | Conjunction required | Essential | This operator matches Posts which contain links and media in the Post body.

Example: `from:XDevelopers announcement has:links` | | `has:mentions` | Conjunction required | Essential | Matches Posts that mention another X user.

Example: `#nowplaying has:mentions` | | `has:media` | Conjunction required | Essential | *Available alias:* `has:media_link`
Matches Posts that contain a media object, such as a photo, GIF, or video, as determined by X. This will not match on media created with Periscope, or Posts with links to other media hosting sites.

Example: `(kittens OR puppies) has:media` | | `has:images` | Conjunction required | Essential | Matches Posts that contain a recognized URL to an image.

Example: `#meme has:images` | | `has:video_link` | Conjunction required | Essential | *Available alias:* `has:videos`
Matches Posts that contain native X videos, uploaded directly to X. This will not match on videos created with Periscope, or Posts with links to other video hosting sites.

Example: `#icebucketchallenge has:video_link` | | `has:geo` | Conjunction required | Elevated | Matches Posts that have Post-specific geolocation data provided by the X user. This can be either a location in the form of a X place, with the corresponding display name, geo polygon, and other fields, or in rare cases, a geo lat-long coordinate.

Note: Operators matching on place (Post geo) will only include matches from original Posts. Retweets do not contain any place data.

Example: `recommend #paris has:geo -bakery` | | `lang:` | Conjunction required | Essential | Matches Posts that have been classified by X as being of a particular language (if, and only if, the Post has been classified). It is important to note that each Post is currently only classified as being of one language, so AND'ing together multiple languages will yield no results.

You can only pass a single BCP 47 language identifier per `lang:` operator.

Note: if no language classification can be made the provided result is ‘und’ (for undefined).

Example: `recommend #paris lang:en`

The list below represents the currently supported languages and their corresponding BCP 47 language identifier:

Amharic: `am` \| German: `de` \| Malayalam: `ml` \| Slovak: `sk`
Arabic: `ar` \| Greek: `el` \| Maldivian: `dv` \| Slovenian: `sl`
Armenian: `hy` \| Gujarati: `gu` \| Marathi: `mr` \| Sorani Kurdish: `ckb`
Basque: `eu` \| Haitian Creole: `ht` \| Nepali: `ne` \| Spanish: `es`
Bengali: `bn` \| Hebrew: `iw` \| Norwegian: `no` \| Swedish: `sv`
Bosnian: `bs` \| Hindi: `hi` \| Oriya: `or` \| Tagalog: `tl`
Bulgarian: `bg` \| Latinized Hindi: `hi-Latn` \| Panjabi: `pa` \| Tamil: `ta`
Burmese: `my` \| Hungarian: `hu` \| Pashto: `ps` \| Telugu: `te`
Croatian: `hr` \| Icelandic: `is` \| Persian: `fa` \| Thai: `th`
Catalan: `ca` \| Indonesian: `in` \| Polish: `pl` \| Tibetan: `bo`
Czech: `cs` \| Italian: `it` \| Portuguese: `pt` \| Traditional Chinese: `zh-TW`
Danish: `da` \| Japanese: `ja` \| Romanian: `ro` \| Turkish: `tr`
Dutch: `nl` \| Kannada: `kn` \| Russian: `ru` \| Ukrainian: `uk`
English: `en` \| Khmer: `km` \| Serbian: `sr` \| Urdu: `ur`
Estonian: `et` \| Korean: `ko` \| Simplified Chinese: `zh-CN` \| Uyghur: `ug`
Finnish: `fi` \| Lao: `lo` \| Sindhi: `sd` \| Vietnamese: `vi`
French: `fr` \| Latvian: `lv` \| Sinhala: `si` \| Welsh: `cy`
Georgian: `ka` \| Lithuanian: `lt` | # Overview Source: https://docs.x.com/x-api/posts/search/integrate/overview ## How to integrate with the Search Posts endpoints This page contains information on several tools and key concepts that you should be aware of as you integrate the recent search or full archive search endpoints into your system. We’ve split the page into the following sections: * [Helpful tools](#helpful-tools) * Key concepts * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#developer-portal) * [Rate limits](#rate-limits) * [Fields and expansions](#fields-expansions) * [Metrics](#metrics) * [Building search queries](#queries) * [Pagination](#pagination) * [Post caps](#tweet-caps)  * [Post edits](#tweet-edits)  ### Helpful tools Before we start to explore some key concepts, we recommend that you use one of the following tools or code samples to start testing the functionality of these endpoints. #### Code samples Interested in getting set up with these endpoints with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our [GitHub page](https://github.com/xdevplatform/Twitter-API-v2-sample-code), including a [Python client](https://github.com/xdevplatform/search-tweets-python) and a [Ruby client](https://github.com/xdevplatform/search-tweets-ruby). #### Libraries Take advantage of one of our many [community third-party libraries](/x-api/tools-and-libraries/overview) to help you get started. You can find a library that works with the v2 endpoints by looking for the appropriate version tag. #### Postman Postman is a great tool that you can use to test out these endpoints. Each Postman request includes all of the given endpoint’s parameters to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) page.   ### Key concepts #### Authentication All X API v2 endpoints require you to authenticate your requests with a set of credentials, also known as keys and tokens. You can use either OAuth 1.0a User Context, OAuth 2.0 App-Only, or OAuth 2.0 Authorization Code with PKCE to authenticate your requests to the recent search endpoint. You must use OAuth 2.0 App-Only when using the full archive search endpoint. [OAuth 2.0 App-Only](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) just requires that you pass an [OAuth 2.0 App Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) with your request. You can either generate an App Access Token from directly within a developer App, or generate one using the [POST oauth2/token](/resources/fundamentals/authentication#post-oauth2-token) endpoint. [OAuth 1.0a User Context](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) requires you to utilize your API Keys, user Access Tokens, and a handful of other parameters to [create an authorization header](https://developer-staging.x.com/resources/fundamentals/authentication/authorizing-a-request), which you will then pass with your request. The Access Tokens must be associated with the user that you are making the request on behalf of. If you would like to generate a set of Access Tokens for another user, they must authorize your App using the [3-legged OAuth flow](https://developer-staging.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens).  Please note that OAuth 1.0a can be difficult to use. If you are not familiar with this authentication method, we recommend that you use a [library](/x-api/tools-and-libraries/overview), use a tool like Postman, or use OAuth 2.0 to authenticate your requests. If you would like to request a Post or private metrics from these endpoints, you will need to use a either OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE, which will ensure that you have the proper permissions from the user that owns that content. [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user.  To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal. **Please note** If you are requesting the following [fields](/x-api/fundamentals/fields), OAuth 1.0a User Context or OAuth 2.0 Authorization Code is required:  * tweet.fields.non\_public\_metrics * tweet.fields.promoted\_metrics * tweet.fields.organic\_metrics * media.fields.non\_public\_metrics * media.fields.promoted\_metrics * media.fields.organic\_metrics #### Developer portal, Projects, and developer Apps To work with any X API v2 endpoints, you must have [signed up for a developer account](https://developer.x.com/en/portal/petition/essential/basic-info), set up a Project within that account, and created a developer App within that Project. Your keys and tokens within that developer App will work for these search endpoints. You can use keys and tokens from a Project with any [access level](/x-api/getting-started/about-x-api) to make requests to the recent search endpoint. However, you will need to use Project with the Pro or Enterprise access level to make requests to the full archive search endpoint. If you have [Enterprise access](/x-api/getting-started/getting-access), you will have access to additional functionality, including the availability of additional operators and longer query lengths.   #### Rate limits Every day, many thousands of developers make requests to the X API. To help manage the volume, [rate limits](/x-api/fundamentals/rate-limits) are placed on each endpoint that limits the number of requests that every developer can make on behalf of an app or on behalf of an authenticated user. There are different rate limits applied for these endpoints depending on which authentication method is being used. The app-level rate limits apply to an App making requests using OAuth 2.0 App-Only, whereas the user-level rate limit applies to requests being made on behalf of the specific authorizing user using OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE. These two rate limits are based on the frequency of requests within a 15-minute window. For example, an app using OAuth 2.0 App-Only auth to make requests to the recent search endpoint can make 450 requests (including pagination requests) within a 15-minute timeframe. That same app, within the same 15-minute timeframe and with two different authenticated users (using OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE) can make up to 180 requests (including pagination requests) to the recent search endpoint for each authenticated user.   #### Fields and expansions The X API v2 allows you to select exactly which data you want returned from the API using [fields](/x-api/fundamentals/fields) and [expansions](/x-api/fundamentals/expansions). The expansion parameter allows you to expand objects referenced in the payload. For example, this endpoint allows you to request poll, place, media, and other objects using the expansions parameter. The fields parameters allows you to select exactly which fields within the different data objects you would like to receive. By default, the primary Post object returned by these endpoints include the id and text fields (in addition to edit\_history\_tweet\_ids for Posts created after that feature was launched). To receive additional fields such as author\_id or public\_metrics, you will have to specifically request those using the fields parameters. Some important fields that you may want to consider using in your integration are our poll data, [metrics](/x-api/fundamentals/metrics), [Post annotations](/x-api/fundamentals/post-annotations), and [conversation ID](/x-api/fundamentals/conversation-id) fields. We’ve added a guide on how to [use fields and expansions together](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) to our [X API v2 data dictionary](/x-api/fundamentals/data-dictionary).   #### Metrics The X API v2 endpoints allow you to request metrics directly from the returned objects, assuming you pass the proper [fields](/x-api/fundamentals/fields) with your request. There are some limitations with Post metrics that you should be aware of, specifically related to user privacy and the following response fields: * tweet.fields.non\_public\_metrics * tweet.fields.promoted\_metrics * tweet.fields.organic\_metrics * media.fields.non\_public\_metrics * media.fields.promoted\_metrics * media.fields.organic\_metrics The noted fields include private metrics data, meaning you must be authorized by the Post's publisher to retrieve this data on their behalf when using the recent search endpoint, meaning you must use [OAuth 1.0a User Context](/resources/fundamentals/authentication). Since you can only use this authentication method using recent search, you will not be able to retrieve these metrics via the full archive search endpoint. For example, in order to receive `non_public_metrics` for user ID 1234's Posts, you will need to include access tokens associated with that user in your request. You can have users authorize your app and receive a set of access tokens associated with them by using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). All `non_public_metrics`, `organic_metrics`, and promoted\_metrics are only available for Posts created in the last 30 days. This means that when you are requesting the noted fields, the results will automatically adjust to only include Posts from the last 30 days. If these noted fields are requested, only Posts that are authored by the authenticated user will be returned, all other Posts will receive an error message.   #### Building search queries The central feature of these endpoints is their use of a single search query to filter the Posts that deliver to you. These queries are made up of operators that match on Post and user attributes, such as message keywords, hashtags, and URLs. Operators can be combined into queries with boolean logic and parentheses to help refine the query's matching behavior. You can use our guide on [how to build a query](/x-api/posts/search/integrate/build-a-query) to learn more. #### Pagination These endpoints utilize pagination so that responses are returned quickly. In cases where there are more results than what can be sent in a single response (up to 100 Posts for recent search and 500 for full-archive search) you will need to paginate. Use the max\_results parameter to identify how many results will return per page, and the pagination\_token parameter to return the next page of results. You can learn more by reviewing our [pagination guide](/x-api/fundamentals/pagination). #### Post caps The Search Posts endpoints are limited in the number of Posts that they can return in a given month, regardless of pagination. Regardless of which search endpoint you use, the Posts returned will count towards the Project-level [Post caps](/x-api/fundamentals/post-cap). Usage is shown in the developer portal, and the 'month' starts on your subscription renewal day shown on the [developer portal dashboard](https://developer.x.com/en/portal/dashboard). **Post edits** Posts that are eligible for edits can be edited up to five times in the 30 minutes after the original Post was published. The search endpoints will always provide the latest version of the Post. If you only request Posts that were published 30 or more minutes ago, you will always receive the final version of the Post. However, if you have a near-real-time use case, and are querying Posts published within the last thirty minutes, those Posts could have been edited after you received them. These Posts can be rehydrated with search, or the Post Lookup endpoint to confirm their final state. To learn more about how Post edits work, see the [Post edits fundamentals](/x-api/fundamentals/edit-posts) page.   **Next steps** [Make your first request to a Search Posts endpoint](/x-api/posts/search/quickstart/recent-search) [See a full list of parameters, fields, and more in our API Reference pages](/x-api/posts/recent-search) [Get support or troubleshoot an error](https://developer.x.com/en/support/x-api) # Pagination Source: https://docs.x.com/x-api/posts/search/integrate/paginate ### Recent search pagination #### Introduction Search queries typically match on more Posts than can be returned in a single API response. When that happens, the data is returned in a series of 'pages'. Pagination refers to methods for requesting all of the pages in order to retrieve the entire data set. Here are fundamental recent search pagination details: * The recent search endpoints will respond to a query with at least one page, and provide a next\_token in its JSON response if additional pages are available. To receive matching Posts, this process can be repeated until no token is included in the response. * The next\_token does not expire. Multiple requests using the same next\_token value will receive the same results, regardless of when the request is made. * Posts are delivered in reverse-chronological order, in the UTC timezone. This is true within individual pages, as well as across multiple pages:  * The first Post in the first response will be the most recent one matching your query. * The last Post in the last response will be the oldest one matching your query. * The max\_results request parameter enables you to configure the number of Posts returned per response. This defaults to 10 Posts and has a maximum of 100.  * Every pagination implementation will involve parsing next\_tokens from the response payload, and including them in the 'next page' search request. See below for more details on how to construct these 'next page' requests.   The recent search endpoint was designed to support two fundamental use patterns: * **Get historical** - Requesting matching Posts from a time period of interest. These are typically one-time requests in support of historical research. Search requests can be based on start\_time and end\_time request parameters. recent search endpoint respond with Posts delivered in reverse-chronological order, starting with the most recent matching Post.  * **Polling** - Requesting matching Posts that have been posted since the last Post received. These use cases often have a near-real-time focus and are characterized by frequent requests, "listening" for new Posts of interest. The recent search endpoint provide the since\_id request parameter in support of the 'polling' pattern. To help with navigating by Post IDs, the until\_id request parameter is also available.   Next, we'll discuss the historical mode. This is the default mode of the recent search endpoint and illustrates the fundamentals of pagination. Then we'll discuss examples of polling use cases. When polling triggers pagination, there is an additional step to manage search requests.   #### Retrieving historical data This section outlines how you can retrieve Posts from a period of interest (currently limited to the last seven days) using the start\_time and end\_time request parameters. Historical requests are typically one-time requests in support of research and analysis.  Making requests for a period of data is the default mode of the recent search endpoint. If a search request does not specify a start\_time, end\_time, or since\_id request parameter, the end\_time will default to "now" (actually 30 seconds before the time of query) and the start\_time will default to seven days ago. The endpoint will respond with the first 'page' of Posts in reverse-chronological order, starting with the most recent Post. The response JSON payload will also include a next\_token if there are additional pages of data. To collect the entire set of matching Posts, regardless of the number of pages, requests are made until no next\_token is provided.  For example, here is an initial request for Posts with the keyword snow from the last week: [https://api.x.com/2/tweets/search/recent?query=snow](https://api.x.com/2/tweets/search/recent?query=snow) The response includes the most recent 10 Posts, along with these "meta" attributes in the JSON response: ``` "meta": {         "newest_id": "1204860593741553664",         "oldest_id": "1204860580630278147",         "next_token": "b26v89c19zqg8o3fobd8v73egzbdt3qao235oql",         "result_count": 10     } ``` To retrieve the next 10 Posts, this next\_token is added to the original request. The request would be: [https://api.x.com/2/tweets/search/recent?query=snow\&next\_token=b26v89c19zqg8o3fobd8v73egzbdt3qao235oql](https://api.x.com/2/tweets/search/recent?query=snow\&next_token=b26v89c19zqg8o3fobd8v73egzbdt3qao235oql) The process of looking for a next\_token and including it in a subsequent request can be repeated until all (or some number of) Posts are collected, or until a specified number of requests have been made. If data fidelity (collecting all matches of your query) is key to your use case, a simple "repeat until request.next\_token is null" design will suffice.    #### Polling and listening use cases This section outlines how you can retrieve recent Posts by polling the recent search endpoint with the since\_id request parameter.  With polling use cases, "any new Posts of interest?" queries are made on an on-going, frequent basis. Unlike historical use cases, that base requests on time, polling use cases typically base requests on Post IDs. Central to the polling use pattern is that every new Post has a [unique ID](/resources/fundamentals/x-ids) that is 'emitted' from the X platform generally in ascending order. If one Post has an ID smaller than another, it means it was posted earlier. The recent search endpoint support navigating the Post archive by Post ID. Responses from the endpoint include oldest\_id and newest\_id Post IDs. In the polling mode, requests are made with the since\_id set to the largest/newest ID received so far.  For example, say a query for new Posts about snow is made every five minutes, and the last Post we received had a Post ID of 10000. When it is time to poll, the request looks like: [https://api.x.com/2/tweets/search/recent?query=snow\&since\_id=10000](https://api.x.com/2/tweets/search/recent?query=snow\&since_id=10000) Next, let's say seven Posts were posted since our last request. Since all of these fit on a single data 'page', there is no next\_token. The response provides the Post ID of the most recent (newest) Post: ``` "meta": {         "newest_id": "12000",         "oldest_id": "10005",         "result_count": 7     } ``` To make the next polling query, this newest\_id value is used to set the next since\_id parameter: `https://api.x.com/2/tweets/search/recent?query=snow&since_id=12000` When there is more data available, and next tokens are provided, only th newest\_id value from the first page of results is needed. Each page of data will include newest\_id and oldest\_id values, but the value provided in the first page is the only one needed for the next, regularly scheduled, polling request. So, If you are implementing a polling design, or searching for Posts by ID range, pagination logic is slightly more complicated.  Now say that there are now 18 more matching Posts. The endpoint would respond with this initial response with a full data page and a next\_token for requesting the next page of data from this five minute period. It would also include the newest Post ID need for the next polling interval in five minutes.   ``` "meta": {         "newest_id": "13800",         "oldest_id": "12500",         "next_token": "fnsih9chihsnkjbvkjbsc",         "result_count": 10     } ``` To collect all the matching data for this five minute period, pass the next\_token in your next request, along with the same since\_id value as the previous request. [https://api.x.com/2/tweets/search/recent?query=snow\&since\\\_id=12000\&next\\\_token=fnsih9chihsnkjbvkjbsc](https://api.x.com/2/tweets/search/recent?query=snow\&since\\_id=12000\&next\\_token=fnsih9chihsnkjbvkjbsc) ``` "meta": {         "newest_id": "12300",         "oldest_id": "12010",         "result_count": 8     } ``` This second response provides the remaining eight Posts, and no next\_token. Note that we do not update our newest\_id value (12300), and instead base our next since\_id request on the first response's newest\_id value: [https://api.x.com/2/tweets/search/recent?query=snow\&since\_id=13800](https://api.x.com/2/tweets/search/recent?query=snow\&since_id=13800) # Introduction Source: https://docs.x.com/x-api/posts/search/introduction export const Button = ({href, children}) => { return ; }; Searching for Posts is an important feature used to surface X conversations about a specific topic or event. While this functionality is present in X, these endpoints provide greater flexibility and power when filtering for and ingesting Posts so you can find relevant data for your research more easily; build out near-real-time ‘listening’ applications; or generally explore, analyze, and/or act upon Posts related to a topic of interest.  We offer two endpoints that allow you to search for Posts: Recent search and full-archive search. Both of these REST endpoints share a common design and features, including their use of a single search query to filter for Posts around a specific topic. These search queries are created with a set of operators that match on Post and user attributes, such as message keywords, hashtags, and URLs. Operators can be combined into queries with boolean logic and parentheses to help refine the queries matching behavior.  Both the recent search and the full-archive search endpoints provide edited Post metadata. All objects for Posts created since September 29, 2022, include Post edit metadata, even if the Post was never edited. Each time a Post is edited, a new Post ID is created. A Post's edit history is documented by an array of Post IDs, starting with the original ID. These endpoints will always return the most recent edit, along with any edit history. Any Post collected after its 30-minute edit window will represent its final version. To learn more about Edit Post metadata, check out the [Edit Posts fundamentals](/x-api/fundamentals/edit-posts) page. Once you’ve set up your query and start receiving Posts, these endpoints support navigating the results both by time and Post ID ranges. This is designed to support two common use cases:  * **Get historical**: Requests are for a period of interest, with no focus on the real-time nature of the data. A single request is made, and all matching data is delivered using pagination as needed. This is the default mode for Search Posts. * **Polling** or **listening**: Requests are made in a "any new Posts since my last request?" mode. Requests are made on a continual basis, and typically there is a use case focused on near real-time 'listening' for Posts of interest. Many operators and query limits are exclusive to [Enterprise access](/x-api/getting-started/about-x-api), meaning that you must use keys and tokens from an App within a [Project](/resources/fundamentals/projects) with Enterprise access to utilize the additional functionality. You can learn more about this in the endpoint sections below. Both the recent search and the full-archive search endpoints returned Posts contribute to the monthly [Post cap](/x-api/fundamentals/post-cap). **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access). ## Recent search The recent search endpoint allows you to programmatically access filtered public Posts posted over the last week, and is available to all developers who have a developer account and are using keys and tokens from an [App](/resources/fundamentals/developer-apps) within a [Project](/resources/fundamentals/projects). You can authenticate your requests with [OAuth 1.0a User Context](/resources/fundamentals/authentication), [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token), or [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2). However, if you would like to receive private metrics, or a breakdown of organic and promoted metrics within your Post results, you will have to use OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE, and pass user Access Tokens that are associated with the user that published the given content.  This endpoint can deliver up to 100 Posts per request in reverse-chronological order, and [pagination](/x-api/posts/search/integrate/paginate) tokens are provided for paging through large sets of matching Posts.  When using a Project with regular access, you can use the basic set of [operators](/x-api/posts/search/integrate/build-a-query) and can make queries up to 512 characters long. When using a Project with Enterprise access, you have access to additional operators. Projects with Enterprise Access can make queries up to 4096 characters long. Learn more about [access levels](/x-api/getting-started/about-x-api). ## Full-archive search The v2 full-archive search endpoint is only available to Projects with [Pro](/x-api/getting-started/about-x-api "Pro") access and [Enterprise](/x-api/getting-started/about-x-api) access. The endpoint allows you to programmatically access public Posts from the complete archive dating back to the first Post in March 2006, based on your search query. You can authenticate your requests to this endpoint using [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token), and the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) must come from an App that is within a Project that has Pro or Enterprise access. Since you cannot make a request on behalf of other users (OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE) with this endpoint, you will not be able to pull private [metrics](/x-api/fundamentals/metrics).  This endpoint can deliver up to 500 Posts per request in reverse-chronological order, and [pagination](/x-api/posts/search/integrate/paginate) tokens are provided for paging through large sets of matching Posts. **Note:** If requesting [annotations](/x-api/fundamentals/post-annotations) through the tweet.fields parameter, the max\_results parameter is currently limited to a max value of 100. This may change in the future, but please be mindful of this limitation. Since this endpoint is only available to those that have been approved for Pro and Enterprise access, you have access to the full set of search [operators](/x-api/posts/search/integrate/build-a-query) and can make queries up to 1024 characters long.






**Supporting resources** [Learn how to use Postman to make requests](/tutorials/postman-getting-started) [Troubleshoot an error](https://developer.x.com/en/support/x-api) [Visit the API reference page](/x-api/posts/recent-search) # Full-archive Search Source: https://docs.x.com/x-api/posts/search/quickstart/full-archive-search export const Button = ({href, children}) => { return ; }; ## Getting started with the full-archive search endpoint This quick start guide will help you make your first request to the full-archive search endpoint with a set of specified fields using Postman. If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  ### Prerequisites The full-archive search endpoint is currently available as part of the Pro and Enterprise access only. In order to use this endpoint, you must upgrade to Pro access or  [apply for Enterprise access level](https://docs.google.com/forms/d/e/1FAIpQLScO3bczKWO2jFHyVZJUSEGfdyfFaqt2MvmOfl_aJp0KxMqtDA/viewform). In addition to being approved for access, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * Navigate to your [Project](/resources/fundamentals/projects) with Enterprise or Pro access in the developer portal and make sure you have an associated [developer App](/resources/fundamentals/developer-apps) within that Project. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a full-archive search request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the Search Posts > Full-archive search request. **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request with the [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token) authentication methods. You must add your keys and tokens, specifically the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) (also known as the App-only Bearer Token) to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). This variable will automatically be pulled into the request's authorization tab if you've done this correctly.   **Step three: Create a search query** Each full-archive search query requires a single search query. For this example, we are going to use a query that matches on Posts posted by the @XDevelopers account. For this query we use the from operator and set it to XDevelopers (case insensitive): `from:XDevelopers` In Postman, navigate to the "Params" tab and enter this ID, or a string of Post IDs separated by a comma, into the "Value" column of the `ids` parameter.   | Key | Value | Description | | :------ | :----------------- | :--------------------------------------------------------- | | `query` | `from:XDevelopers` | Search query to submit to the full-archive search endpoint | Step four: Identify and specify which fields you would like to retrieve If you click the "Send" button after step three, you will receive the default [Post object](/x-api/fundamentals/data-dictionary#tweet) fields in your response: `id` ,`text`, and `edit_history_tweet_ids`. Note that if you receive Posts from before editing was supported, the `edit_history_tweet_ids` field will not be provided. No history backfill was performed for this field.  If you would like to receive additional fields beyond these default fields, you will have to specify those fields in your request with the [field](/x-api/fundamentals/fields) and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request a four different sets of fields from different objects: 1. The default Post object fields 2. The additional tweet.created\_at field in the primary user objects 3. The associated authors’ [user object’s](/x-api/fundamentals/data-dictionary#user) default fields for the returned Posts 4. The additional user.description field in the associated user objects   In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | Key | Value | Returned fields | | :------------- | :----------- | :-------------------------------------------------------------- | | `tweet.fields` | `created_at` | `tweets.created_at` | | `expansions` | `author_id` | includes.users.id, includes.users.name, includes.users.username | | user.fields | description | includes.users.description | You should now see the following URL next to the "Send" button: `https://api.x.com/2/tweets/search/all?query=from:XDevelopers&tweet.fields=created_at&expansions=author_id&user.fields=created_at` **Please note** By default, only 10 most recent Posts will be returned. If you want more than 10 Posts per request, you can use the max\_results parameter and set it to a maximum of 500 Posts per request. Similarly,  by default Posts from the last 30 days will be returned. If you want to get Posts that are older than 30 days, you can use the start\_time and end\_time parameters in your API call. **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive a response similar to the following: ``` { "data": [ { "author_id": "2244994945", "created_at": "2020-06-11T16:05:06.000Z", "id": "1271111223220809728", "text": "Tune in tonight and watch as @jessicagarson takes us through running your favorite Python package in R. 🍿\n\nLearn how to use two powerful programming languages for data science together, and see a live example that uses the recent search endpoint from Twitter’s Developer Labs. https://t.co/v178oUZNuj" }, { "author_id": "2244994945", "created_at": "2020-06-10T19:25:24.000Z", "id": "1270799243071062016", "text": "As we work towards building the new Twitter API, we’ve extended the deprecation timeline for several Labs v1 endpoints. Learn more 📖 https://t.co/rRWaJYJgKk" }, { "author_id": "2244994945", "created_at": "2020-06-09T18:08:47.000Z", "id": "1270417572001976322", "text": "Annotations help you learn more about a Tweet — they can even help you find topics of interest. 🔬\n\nIn this tutorial, @suhemparack shows us how find Tweets related to COVID-19 using annotations + the filtered stream endpoint.\n\nLearn how you can, too. ⤵️\nhttps://t.co/qwVOgw0zSV" } ], "includes": { "users": [ { "description": "The voice of Twitter's #DevRel team, and your official source for updates, news, & events about Twitter's API. \n\n#BlackLivesMatter", "id": "2244994945", "name": "Twitter Dev", "username": "TwitterDev" } ] }, "meta": { "newest_id": "1271111223220809728", "oldest_id": "1270417572001976322", "result_count": 3 } } ``` In this example, we used a very simple query. If you would like to see more detailed guides, please visit the resources listed below.  **Next steps** [Customize your request using the API Reference](/x-api/posts/full-archive-search) [See a full list of query operators](/x-api/posts/search/integrate/build-a-query "See a full list of query operators") [Use sample code for these endpoints](https://github.com/xdevplatform/Twitter-API-v2-sample-code "Use sample code for these endpoints") # Recent Search Source: https://docs.x.com/x-api/posts/search/quickstart/recent-search export const Button = ({href, children}) => { return ; }; ## Getting started with the recent search endpoint This quick start guide will help you make your first request to the recent search endpoint with a set of specified fields using Postman. If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  ### **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a recent search request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the Search Posts > Recent search request. **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do this with this endpoint, you must authenticate your request with either [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token), [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2), or [OAuth 1.0a User Context](/resources/fundamentals/authentication) authentication methods. For simplicity's sake, we will utilize OAuth 2.0 App-Only with this request, but you will need to use one of the other authentication methods if you'd like to request private [metrics](/x-api/fundamentals/metrics) or Posts.  To utilize OAuth 2.0 App-Only, you must add your keys and tokens, specifically the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) (also known as the App-only Bearer Token) to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). These variables will automatically be pulled into the request's authorization tab if you've done this correctly.   **Step three: Create a search query** Each recent search query requires a single [search query](/x-api/posts/search/integrate/build-a-query). For this example, we are going to use a query that matches on Posts posted by the @XDevelopers account. For this query we use the from operator and set it to XDevelopers (case insensitive): `from:XDevelopers` In Postman, navigate to the "Params" tab and enter this ID, or a string of Post IDs separated by a comma, into the "Value" column of the `ids` parameter. | | | | | :------ | :--------------- | :--------------------------------------------------- | | **Key** | **Value** | **Description** | | `query` | from:XDevelopers | Search query to submit to the recent search endpoint | **Step four: Identify and specify which fields you would like to retrieve** If you click the "Send" button after step three, you will receive the default [Post object](/x-api/fundamentals/data-dictionary#tweet) fields in your response: id , text, and  `edit_history_tweet_ids`. If you would like to receive additional fields beyond id , text, and `edit_history_tweet_ids`, you will have to specify those fields in your request with the [field](/x-api/fundamentals/fields) and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request a four different sets of fields from different objects: 1. The default Post object fields. 2. The additional tweet.created\_at field in the primary user objects. 3. The associated authors’ user object’s default fields for the returned Posts. 4. The additional  user.description field in the associated user objects. In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | | :------------- | :------------ | :-------------------------------------------------------------------- | | **Key** | **Value** | **Returned fields** | | `tweet.fields` | `created_at` | `tweets.created_at` | | `expansions` | `author_id` | `includes.users.id`, `includes.users.name`, `includes.users.username` | | `user.fields` | `description` | `includes.users.description` | You should now see the following URL next to the "Send" button: `https://api.x.com/2/tweets/search/recent?query=from:XDevelopers&tweet.fields=created_at&expansions=author_id&user.fields=created_at` **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive the following response: ``` { "data": [ { "author_id": "2244994945", "created_at": "2020-06-11T16:05:06.000Z", "id": "1271111223220809728", "text": "Tune in tonight and watch as @jessicagarson takes us through running your favorite Python package in R. 🍿\n\nLearn how to use two powerful programming languages for data science together, and see a live example that uses the recent search endpoint from Twitter’s Developer Labs. https://t.co/v178oUZNuj" }, { "author_id": "2244994945", "created_at": "2020-06-10T19:25:24.000Z", "id": "1270799243071062016", "text": "As we work towards building the new Twitter API, we’ve extended the deprecation timeline for several Labs v1 endpoints. Learn more 📖 https://t.co/rRWaJYJgKk" }, { "author_id": "2244994945", "created_at": "2020-06-09T18:08:47.000Z", "id": "1270417572001976322", "text": "Annotations help you learn more about a Tweet — they can even help you find topics of interest. 🔬\n\nIn this tutorial, @suhemparack shows us how find Tweets related to COVID-19 using annotations + the filtered stream endpoint.\n\nLearn how you can, too. ⤵️\nhttps://t.co/qwVOgw0zSV" } ], "includes": { "users": [ { "description": "The voice of Twitter's #DevRel team, and your official source for updates, news, & events about Twitter's API. \n\n#BlackLivesMatter", "id": "2244994945", "name": "X Developers", "username": "XDevelopers" } ] }, "meta": { "newest_id": "1271111223220809728", "oldest_id": "1270417572001976322", "result_count": 3 } } ``` **Next steps** [Customize your request using the API Reference](/x-api/posts/recent-search) [See a full list of query operators](/x-api/posts/search/integrate/build-a-query "See a full list of query operators") [Use sample code for these endpoints](https://github.com/xdevplatform/Twitter-API-v2-sample-code "Use sample code for these endpoints") # Integration guide Source: https://docs.x.com/x-api/posts/timelines/integrate ## How to integrate with the Timelines endpoints This page contains information on several tools and key concepts that you should be aware of as you integrate the timelines endpoints into your system. We’ve split the page into the following sections: * [Helpful tools](#helpful-tools) * Key Concepts * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#portal) * [Rate limits](#rate-limits) * [Fields and expansions](#fields) * [Post metrics](/x-api/posts/timelines#timelines-integration-guide) * [Pagination](#pagination) * [Filtering results](#filtering) * [Post caps and volume of Posts returned](#caps) * [Edit Posts](#edits) * [Edge cases](#edge)[](#edge) ### Helpful tools Before we explore some key concepts, we recommend that you use one of the following tools or code samples to start testing the functionality of these endpoints. **Code samples** Interested in getting set up with these endpoints with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our [GitHub page](https://github.com/xdevplatform/Twitter-API-v2-sample-code). **Libraries** Take advantage of one of our many [community third-party libraries](/x-api/tools-and-libraries/overview) to help you get started. You can find a library that works with the v2 endpoints by looking for the proper version tag. **Postman** Postman is a great tool that you can use to test out these endpoints. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) page. ### Key concepts **Authentication** All X API v2 endpoints require requests to be [authenticated](/resources/fundamentals/authentication) with a set of credentials, also known as keys and tokens. You can use either OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE to authenticate requests to these endpoints. You can use OAuth 2.0 App-Only for user Posts timeline and user mentions timeline. [OAuth 1.0a User Context](/resources/fundamentals/authentication#oauth-1-0a-2) requires you to utilize your API Keys, user Access Tokens, and a handful of other parameters to [create an authorization header](https://developer-staging.x.com/resources/fundamentals/authentication/authorizing-a-request), which you will then pass with your request. The Access Tokens must be associated with the user that you are making the request on behalf of. If you would like to generate a set of Access Tokens for another user, they must authorize your App using the [3-legged OAuth flow](https://developer-staging.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens).  Please note that OAuth 1.0a can be difficult to use. If you are not familiar with this authentication method, we recommend that you use a [library](/x-api/tools-and-libraries/overview), use a tool like Postman, or use OAuth 2.0 to authenticate your requests. If you would like to request a Post or private metrics from these endpoints, you will need to use a either OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE, which will ensure that you have the proper permissions from the user that owns that content. [OAuth 2.0 App-Only](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) just requires that you pass an [OAuth 2.0 App Access Token](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) with your request. You can either generate an App Access Token from directly within a developer App, or generate one using the [POST oauth2/token](/resources/fundamentals/authentication#post-oauth2-token) endpoint. You can use this for user Posts timeline or user mention timeline. [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user.  To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal. **Please note** If you are requesting the following [fields](/x-api/fundamentals/fields), OAuth 1.0a User Context or OAuth 2.0 Authorization Code is required:  * `tweet.fields.non_public_metrics` * `tweet.fields.promoted_metrics` * `tweet.fields.organic_metrics` * `media.fields.non_public_metrics` * `media.fields.promoted_metrics` * `media.fields.organic_metrics` **[](/x-api/fundamentals/pagination)Developer portal, Projects, and developer Apps** To work with any X API v2 endpoints, you must [sign up for a developer account](https://developer.x.com/en/portal/petition/essential/basic-info), set up a [Project](/resources/fundamentals/projects) within that account, and created a [developer App](/resources/fundamentals/developer-apps) within that Project. Your keys and tokens within that developer App will work for these timelines endpoints. **Rate limits** Every day, many thousands of developers make requests to the X API. To help manage the volume, [rate limits](/x-api/fundamentals/rate-limits) are placed on each endpoint that limits the number of requests that every developer can make on behalf of an app or on behalf of an authenticated user.  There are different rate limits applied for these endpoints depending on which authentication method is being used. The app-level rate limits apply to an App making requests using OAuth 2.0 App-Only, whereas the user-level rate limit applies to requests being made on behalf of the specific authorizing user using OAuth 1.0a User Context. These two rate limits are based on the frequency of requests within a 15-minute window. For example, an app using OAuth 2.0 App-Only auth for both of these timelines endpoints, can make 1500 requests (including pagination requests) to the user Post timeline, and 450 requests (including pagination requests) to the user mention timeline within a 15-minute timeframe.  That same app, within the same 15-minute timeframe, with two different authorized users (using OAuth 1.0a User Context) can make 900 requests (including pagination requests) to the user Post timeline, and 180 requests (including pagination requests) to the user mention timeline for each authenticated user.  Reverse chronological home timeline has a per-user rate limit of 180 requests per a 15 min window. With this endpoint you can return every Post created on a timeline over the last 7 days as well as the most recent 800 regardless of creation date. **Fields and expansions** The X API v2 allows you to select exactly which data you want returned from the API using [fields](/x-api/fundamentals/fields) and [expansions](/x-api/fundamentals/expansions). The expansion parameter allows you to expand objects referenced in the payload. For example, this endpoint allows you to request poll, place, media, and other objects using the expansions parameter. The fields parameter allows you to select exactly which fields within the different data objects you would like to receive. By default, the primary Post object returned by these endpoints include the id and text fields. To receive additional fields such as author\_id or public\_metrics, you will have to specifically request those using the fields parameters. Some important fields that you may want to consider using in your integration are our poll data, [metrics](/x-api/fundamentals/metrics), [Post annotations](/x-api/fundamentals/post-annotations), and [conversation ID](/x-api/fundamentals/conversation-id) fields. We’ve added a guide on [how to use fields and expansions](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) together to our [X API v2 data dictionary](/x-api/fundamentals/data-dictionary). **Post metrics** The X API v2 endpoints allow you to request Post metrics directly from the returned Post object, assuming you pass the proper fields with your request. There are some limitations with Post metrics that you should be aware of, specifically related to user privacy and the following response fields: * `tweet.fields.non_public_metrics` * `tweet.fields.promoted_metrics` * `tweet.fields.organic_metrics` * `media.fields.non_public_metrics` * `media.fields.promoted_metrics` * `media.fields.organic_metrics` The noted fields include private metrics data, meaning you must be authorized by the Post's publisher to retrieve this data on their behalf when using the user Post timeline endpoint, meaning you must use [OAuth 1.0a User Context](/resources/fundamentals/authentication) or [OAuth 2.0 Authorization Code Flow with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3). For example, in order to receive `non_public_metrics` for user ID 1234's user Post timeline you will need to include access tokens associated with that user in your request. You can have users authorize your app and receive a set of access tokens associated with them by using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow).  If you are using user mention timeline, the noted fields will not be available unless the mentioning author has authorized your App to access their private metrics data and you are using that user’s access tokens when making the request with OAuth 1.0a User Context. All `non_public_metrics`, organic\_metrics, and promoted\_metrics are only available for Posts created in the last 30 days. This means that when you are requesting the noted fields, the results will automatically adjust to only include Posts from the last 30 days. If these noted fields are requested, only Posts that are authored by the authenticated user will be returned, all other Posts will receive an error message. **Pagination** These endpoints utilize pagination so that responses are returned quickly. In cases where there are more results than what can be sent in a single response (up to 100 Posts for the timelines endpoints) you will need to paginate. Use the max\_results parameter to identify how many results will return per page, and the pagination\_token parameter return the next page of results. You can learn more by reviewing our [pagination guide](/x-api/fundamentals/pagination). **Filtering results** These endpoints include several parameters that you can use to filter results. Using start\_date and end\_date, you can narrow down results to a specific timeframe. If you’d rather use POst IDs to select a specific set of Posts, you can use the since\_id and until\_id. The user Posts timeline also has an exclude parameter that can remove Retweets and Replies from your results.  **Post caps and volume of Posts returned** The user Post timeline and user mention timeline endpoints are limited in the number of Posts that they can return in a given month. The reverse chronological home timeline endpoint is not subject to this limitation. Regardless of which timelines endpoint you use, the Posts returned will count towards the Project-level [Post caps](/x-api/fundamentals/post-cap). Usage is shown in the developer portal, and the 'month' starts on your subscription renewal day shown on the [developer portal dashboard](https://developer.x.com/en/portal/dashboard).  The user Post timeline endpoint will only return the most recent 3200 Posts posted to a user’s timeline. Setting start\_time and end\_time to a time period that includes Posts beyond the 3200 most recent, you will receive a successful response, but no Posts. It is also important to note that, if you pass the excludes=replies with your user Post timeline requests, only the most recent 800 Posts will be returned. The user mention timeline endpoint will only return the most recent 800 Post mentions. The reverse chronological home timeline endpoint returns the last 3200 Posts. **Post edits** Posts that are eligible for edits can be edited up to five times in the 30 minutes after the original Post was published. The search endpoints will always provide the latest version of the Post. If you only request Posts that were published 30 or more minutes ago, you will always receive the final version of the Post. However, if you have a near-real-time use case, and are querying Posts published within the last thirty minutes, those Posts could have been edited after you received them. These Posts can be rehydrated with search, or the Pos Lookup endpoint to confirm their final state. To learn more about how Post edits work, see the [Edit Posts fundamentals](/x-api/fundamentals/edit-posts) page.   **Edge cases** * When requesting non-public metrics on the User Post timeline endpoint for Posts that are older than 30 days, you may see a next\_token in the response with a result count of 0. To avoid encountering this issue, ensure that the timeframe requested with the non\_public\_metrics parameter is within the most recent 30 days. Additionally, the max\_results minimum value should be 10. These may help to avoid this scenario, but this could still occur. * Requesting promoted metrics for Posts that were not promoted returns an empty response, instead of Post data. Our team is currently working on fixing this issue. * For a Retweet that contains Post body text greater than 140 characters in length, the text field will be truncated instead of returning the full Post text. The short term workaround is to expand the referenced Post and retrieve the full text from the expansion. This is a bug that we will fix in the future. **Next steps** \[Make your first request to a Timelines endpoint]/x-api/posts/timelines#getting-started-with-reverse-chronological-home-timeline "Make your first request to a Timelines endpoint") [See a full list of parameters, fields, and more in our API Reference pages](/x-api/posts/timelines#api-reference-index) [Get support or troubleshoot an error](https://developer.x.com/en/support/x-api) # Introduction Source: https://docs.x.com/x-api/posts/timelines/introduction The X API v2 has three timelines endpoints - reverse chronological home timeline, user Post timeline, and user mention timeline. See below for more details. export const Button = ({href, children}) => { return ; }; These three timelines endpoints support edited Posts. These endpoints will always return the most recent edit, along with the edit history. Any Post collected after its 30-minute edit window will represent its final version. Edit metadata includes an array of IDs for all Posts in its history. For Posts with no edit history, this array will hold a single ID. For Posts that have been edited, this array contains multiple IDs, arranged in ascending order reflecting the order of edits, with the most recent version in the last position of the array. To learn more about how Post edits work, see the [Edit Posts fundamentals](/x-api/fundamentals/edit-posts) page. ## Reverse chronological home timeline This endpoint enables you to retrieve the most recent Posts, Retweets, and replies posted by the authenticated user and the accounts they follow.  Since you are making requests on behalf of a user, you must authenticate these endpoints using an [OAuth 2.0 Authorization Code Flow with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3) or [OAuth 1.0a User Context](/resources/fundamentals/authentication). This endpoint has a per-user rate limit of 180 requests per 15-minute window. This endpoint can return every Post created on a timeline over the last 7 days as well as the most recent 800 regardless of creation date. ## User Post timeline The user Post timeline endpoint provides access to Posts published by a specific X account.  Retrieving a user's Posts allows you to build experiences such as showcasing a timeline in a user interface, analyzing a user's Posts to better understand their content, or creating engagement workflows with their Posts programmatically. This endpoint gives you access to a single X account's most recent Posts, Retweets, replies, and Quote Tweets, similar to what may be seen on a user's profile timeline. Here is a user timeline for @XDevelopers: The user Post timeline endpoint is a REST endpoint that receives a single path parameter to indicate the desired user (by user ID). The endpoint can return the 3,200 most recent Posts, Retweets, replies, and Quote Tweets posted by the user. Posts are delivered in reverse-chronological order, starting with the most recent. Results are [paginated](/x-api/fundamentals/pagination) up to 100 Posts per page. Pagination tokens are provided for paging through large sets of Posts. The Post IDs of the newest and the oldest Posts included in the given page are also provided as metadata, which can also be used for polling timelines for recent Posts. The user Post timeline also supports the ability to specify start\_time and end\_time parameters to receive Posts that were created within a certain window of time.  The user Post timeline endpoint supports [fields](/x-api/fundamentals/fields) and [expansions](/x-api/fundamentals/expansions) parameters, and returns the [new JSON data format](/x-api/fundamentals/data-dictionary). To successfully make a request to this endpoint, you will need to authorize your request with the [OAuth 1.0a User Context](/resources/fundamentals/authentication), [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3), or [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token) authentication methods. You must use OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE when requesting nonpublic metrics, promoted metrics or a protected user's timeline.  The user Post timeline endpoint is designed to support two common usage patterns:  * "Get a user’s historical Posts": Requests made to user Post timeline in order to receive Posts authored by the user of interest in chronological order over a specific recent timeframe. The timeframe can be set using the start\_time and end\_time and paginating through the full results.  In some cases, a user’s entire history of Posts can be retrieved if the user has only authored up to 3,200 Posts in their account. Posts included will depend on the public availability and the authentication that is used for the requests. * "Polling for new Posts": Requests made to user Post timeline on a continual basis, to retrieve new Posts authored by a specific user. The last Post ID received can be set as a parameter for any new requests since the last Post. ## User mention timeline The user mention timeline endpoint allows you to request Posts mentioning a specific X user, for example, if a X account mentioned @XDevelopers within a Post. This will also include replies to Posts by the user requested. Retrieving a user's mentions allows you to build experiences such as quickly discovering who is replying to a users' Posts, mentioning or to create engagement workflows with their Posts programmatically. The endpoint allows you to request to a single user's most recent mentions and replies, similar to what may be seen in a user's [notifications for mentions](https://x.com/notifications/mentions) on X. The user mention timeline is a REST endpoint that receives a single path parameter to indicate the desired user (by user ID). The endpoint can return the 800 most recent mentions for that user. Posts are delivered in reverse-chronological order, starting with the most recent. Results are [paginated](/x-api/fundamentals/pagination) in up to 100 Posts per page. Pagination tokens are provided for paging through large sets of Posts. The Post IDs of the newest and the oldest Posts included in the given page are also provided as metadata, which can also be used for polling timelines for recent Posts, or for navigating through the timeline similar to the v1.1 [mentions\_timeline](https://developer.x.com/en/docs/twitter-api/v1/tweets/timelines/api-reference/get-statuses-mentions_timeline) endpoint. The endpoint also supports the ability to specify start\_time and end\_time parameters to receive Posts that were created within a certain window of time.  To successfully make a request to this endpoint, you will need to authorize your request with the [OAuth 1.0a User Context](/resources/fundamentals/authentication), [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3), or [OAuth 2.0 App-Only](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) authentication methods. You must use OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE when requesting non public metrics, promoted metrics or a protected user's timeline. The user mention timeline endpoint supports [fields](/x-api/fundamentals/fields) and [expansions](/x-api/fundamentals/expansions) parameters, and returns the [new JSON data format](/x-api/fundamentals/data-dictionary). **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).
**Supporting resources** [Learn how to use Postman to make requests](/tutorials/postman-getting-started) [Troubleshoot an error](https://developer.x.com/en/support/x-api) \[Visit the API reference page for this endpoint]\((/x-api/posts/tweets-lookup#curl-requests "Visit the API reference page for this endpoint") # Reverse Chronological Source: https://docs.x.com/x-api/posts/timelines/quickstart/reverse-chron-quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with reverse chronological home timeline This quick start guide will help you make your first request to one of the timelines endpoints with a set of specified fields using [Postman](/tutorials/postman-getting-started). If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. **Steps to build a reverse chronological home timeline request** \_For this example, we will make a request to the user Post timeline by ID endpoint, but you can apply the learnings from this quick start to user mention timelines requests as well. \_ **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the "Timelines" folder and find the "Reverse chronological home timeline" request. **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request with either [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3), or [OAuth 1.0a User Context](/resources/fundamentals/authentication) authentication methods.  You must add your keys and tokens to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). These variables will automatically be pulled into the request's authorization tab if you've done this correctly. **Step three: Identify and specify which user from which you would like to retrieve their home timeline for** You must specify a user you would like to retrieve recent Posts for within the request. In this example, we will be passing a single user ID. User IDs are simply the numerical value that represents an account handle that you can find within an account's profile URL. For example, the following account’s username is `XDevelopers`. `https://x.com/XDevelopers` To convert this username to the user ID, you will have to use the [users lookup endpoint](/x-api/users/lookup/introduction) with the username and find the numerical user ID in the payload. In the case of @XDevelopers, the user ID is 2244994945. In Postman, navigate to the "Params" tab and enter this user ID into the "Value" column of the id parameter. | | | | :------ | :--------- | | **Key** | **Value** | | `id` | 2244994945 | **Step four: Identify and specify which fields you would like to retrieve** If you click the "Send" button after step three, you will receive the default [Post object](/x-api/fundamentals/data-dictionary#tweet) fields in your response: id, text, and edit\_history\_tweet\_ids. If you would like to receive additional fields, you will have to specify those fields in your request with the [field](/x-api/fundamentals/fields) and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request three additional different sets of fields from different objects: 1. The additional tweet.created\_at field in the primary user objects. 2. The associated authors’ user object’s default fields for the returned Posts: id, name, and username 3. The additional user.created\_at field in the associated user objects.   In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | | :------------- | :----------- | :-------------------------------------------------------------------- | | **Key** | **Value** | **Returned fields** | | `tweet.fields` | `created_at` | `tweets.created_at` | | `expansions` | `author_id` | `includes.users.id`, `includes.users.name`, `includes.users.username` | | `user.fields` | `created_at` | `includes.users.created_at` | | max\_results | 5 | | You should now see the following URL next to the "Send" button: `https://api.x.com/2/users/:id/timelines/reverse_chronological?tweet.fields=created_at&expansions=author_id&user.fields=created_at&max_results=5` **Please note:** In Postman, the path parameter :id in the URL field will **not** automatically update to the value that you enter into the `id` params field, which is why the above URL includes `:id` and not 2244994945. **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive the following response: ```{ "data": [ { "created_at": "2022-05-12T17:00:00.000Z", "text": "Today marks the launch of Devs in the Details, a technical video series made for developers by developers building with the Twitter API. 🚀\n\nIn this premiere episode, @jessicagarson walks us through how she built @FactualCat #WelcomeToOurTechTalk\n⬇️\n\nhttps://t.co/nGa8JTQVBJ", "author_id": "2244994945", "id": "1524796546306478083" }, { "created_at": "2022-05-11T19:16:40.000Z", "text": "📢 Join @jessicagarson @alanbenlee and @i_am_daniele tomorrow, May 12 | 5:30 ET / 2:30pm PT as they discuss the future of bots https://t.co/sQ2bIO1fz6", "author_id": "2244994945", "id": "1524468552404668416" }, { "created_at": "2022-05-09T20:12:01.000Z", "text": "Do you make bots with the Twitter API? 🤖\n\nJoin @jessicagarson @alanbenlee and @iamdaniele on Thursday, May 12 | 5:30 ET / 2:30pm PT as they discuss the future of bots and answer any questions you might have. 🎙📆⬇️\n\nhttps://t.co/2uVt7hCcdG", "author_id": "2244994945", "id": "1523757705436958720" }, { "created_at": "2022-05-06T18:19:54.000Z", "text": "If you’d like to apply, or would like to nominate someone else for the program, please feel free to fill out the following form:\n\nhttps://t.co/LUuWj24HLu", "author_id": "2244994945", "id": "1522642324781633536" }, { "created_at": "2022-05-06T18:19:53.000Z", "text": "We’ve gone into more detail on each Insider in our forum post. \n\nJoin us in congratulating the new additions! 🥳\n\nhttps://t.co/0r5maYEjPJ", "author_id": "2244994945", "id": "1522642323535847424" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "name": "Twitter Dev", "username": "TwitterDev", "id": "2244994945" } ] }, "meta": { "result_count": 5, "newest_id": "1524796546306478083", "oldest_id": "1522642323535847424", "next_token": "7140dibdnow9c7btw421dyz6jism75z99gyxd8egarsc4" } } ``` **Step six: Paginate through your results** In the previous response, you will find a meta data object at the bottom that includes the following fields: * oldest\_id * newest\_id * results\_count * next\_token * previous\_token In step four, we passed a max\_results value of 5, meaning that each page will only include up to five results. To access the additional pages of data, we will be taking the value of the next\_token field from our last results and adding that string as the value of the pagination\_token parameter on the Postman params page, keeping everything else constant.  | | | | :----------------- | :---------------------------- | | **Key** | **Value** | | `pagination_token` | t3buvdr5pujq9g7bggsnf3ep2ha28 | Once this is all set up, you can click "Send" again and you should receive the next page of results.  We have put together a guide on [pagination](/x-api/fundamentals/pagination) to further explain this concept.  **Next steps** [Customize your request using the API Reference](/x-api/posts/timelines#api-reference-index) [Reach out to the community for help](https://devcommunity.x.com "Reach out to the community for help") # User Mentions Source: https://docs.x.com/x-api/posts/timelines/quickstart/user-mention-quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the user Post and mention timeline endpoints This quick start guide will help you make your first request to the user Post timeline endpoint with a set of specified fields using [Postman](/tutorials/postman-getting-started). If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. **Steps to build a timelines request** \_For this example, we will make a request to the user Post timeline by ID endpoint, but you can apply the learnings from this quick start to user mention timelines requests as well. \_ **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the timeline folder and find the "User Post timeline by ID" request.   **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request with either [OAuth 2.0 App-Only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token), [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2), or [OAuth 1.0a User Context](/resources/fundamentals/authentication) authentication methods. For simplicity's sake, we will utilize OAuth 2.0 App-Only with this request, but you will need to use one of the other authentication methods if you'd like to request private [metrics](/x-api/fundamentals/metrics) or Posts.  You must add your keys and tokens, specifically the [App Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token) (also known as the App-only Bearer Token) to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). This variable will automatically be pulled into the request's authorization tab if you've done this correctly.   **Step three: Identify and specify which user from which you would like to retrieve Posts** You must specify a user you would like to retrieve recent Posts for within the request. In this example, we will be passing a single user ID. User IDs are simply the numerical value that represents an account handle that you can find within an account's profile URL. For example, the following account’s username is `XDevelopers`. `https://x.com/XDevelopers` To convert this username to the user ID, you will have to use the [users lookup endpoint](/x-api/users/lookup/introduction) with the username and find the numerical user ID in the payload. In the case of @XDevelopers, the user ID is 2244994945. In Postman, navigate to the "Params" tab and enter this user ID into the "Value" column of the id parameter. | | | | :------ | :--------- | | **Key** | **Value** | | `id` | 2244994945 | **Step four: Identify and specify which fields you would like to retrieve** If you click the "Send" button after step three, you will receive the default [Post object](/x-api/fundamentals/data-dictionary#tweet) fields in your response: id and text. If you would like to receive additional fields beyond id and text, you will have to specify those fields in your request with the [field](/x-api/fundamentals/fields) and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request a three additional different sets of fields from different objects: 1. The additional tweet.created\_at field in the primary user objects. 2. The associated authors’ user object’s default fields for the returned Posts: id, name, and username 3. The additional  user.created\_at field in the associated user objects.   In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | | :------------- | :----------- | :-------------------------------------------------------------------- | | **Key** | **Value** | **Returned fields** | | `tweet.fields` | `created_at` | `tweets.created_at` | | `expansions` | `author_id` | `includes.users.id`, `includes.users.name`, `includes.users.username` | | `user.fields` | `created_at` | `includes.users.created_at` | | max\_results | 5 | | You should now see the following URL next to the "Send" button: `https://api.x.com/2/users/:id/tweets?tweet.fields=created_at&expansions=author_id&user.fields=created_at&max_results=5` **Please note:** In Postman, the path parameter :id in the URL field will **not** automatically update to the value that you enter into the `id` params field, which is why the above URL includes `:id` and not 2244994945. **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive the following response: ```{ "data": [ { "author_id": "2244994945", "created_at": "2020-09-03T17:31:39.000Z", "id": "1301573587187331074", "text": "Starting today, you can see your monthly Tweet usage for the v2 API in the developer portal. ✨📊\n\nThis tracks how many Tweets you’ve received from filtered stream and recent search. Learn more here: https://t.co/nfJHkFRQcZ https://t.co/vFXmoj3qaA" }, { "author_id": "2244994945", "created_at": "2020-09-03T15:43:00.000Z", "id": "1301546240887398401", "text": "RT @snowman: So, we built a live golf leaderboard on the X API with Python, Flask, Postgres, and Heroku.\n\nSend a 'leaderboard' Direct…" }, { "author_id": "2244994945", "created_at": "2020-09-01T20:07:50.000Z", "id": "1300888112948752389", "text": "⛳ Why do golfers carry an extra shirt? In case they get a hole in one.\n\nNow that we have your attention, learn how @snowman and @johnd built a real-time golf leaderboard using the #TwitterAPI. 📖\n\nhttps://t.co/rRKeKmaRrN" }, { "author_id": "2244994945", "created_at": "2020-08-28T23:14:22.000Z", "id": "1299485505478963200", "text": "RT @jessicagarson: Posted my first tutorial on @ThePracticalDev on using v2 of the Twitter API! You will learn how to explore a user’s Twee…" }, { "author_id": "2244994945", "created_at": "2020-08-21T19:10:05.000Z", "id": "1296887316556980230", "text": "See how @PennMedCDH are using Twitter data to understand the COVID-19 health crisis 📊\n\nhttps://t.co/1tdA8uDWes" } ], "includes": { "users": [ { "created_at": "2013-12-14T04:35:55.000Z", "id": "2244994945", "name": "Twitter Dev", "username": "TwitterDev" } ] }, "meta": { "newest_id": "1301573587187331074", "next_token": "t3buvdr5pujq9g7bggsnf3ep2ha28", "oldest_id": "1296887316556980230", "previous_token": "t3equkmcd2zffvags2nkj0nhlrn78", "result_count": 5 } } ``` **Step six: Paginate through your results** In the previous response, you will find a meta data object at the bottom that includes the following fields: * oldest\_id * newest\_id * results\_count * next\_token * previous\_token In step four, we passed a max\_results value of 5, meaning that each page will only include up to five results. To access the additional pages of data, we will be taking the value of the next\_token field from our last results and adding that string as the value of the pagination\_token parameter on the Postman params page, keeping everything else constant.  | | | | :----------------- | :---------------------------- | | **Key** | **Value** | | `pagination_token` | t3buvdr5pujq9g7bggsnf3ep2ha28 | Once this is all set up, you can click "Send" again and you should receive the next page of results.  We have put together a guide on [pagination](/x-api/fundamentals/pagination) to further explain this concept.  **Next steps** [Customize your request using the API Reference](/x-api/posts/timelines#api-reference-index) [Reach out to the community for help](https://devcommunity.x.com "Reach out to the community for help") # User home timeline by User ID Source: https://docs.x.com/x-api/posts/user-home-timeline-by-user-id get /2/users/{id}/timelines/reverse_chronological Returns Post objects that appears in the provided User ID's home timeline # User mention timeline by User ID Source: https://docs.x.com/x-api/posts/user-mention-timeline-by-user-id get /2/users/{id}/mentions Returns Post objects that mention username associated to the provided User ID # User Posts timeline by User ID Source: https://docs.x.com/x-api/posts/user-posts-timeline-by-user-id get /2/users/{id}/tweets Returns a list of Posts authored by the provided User ID # Overview Source: https://docs.x.com/x-api/tools-and-libraries/overview ## X-built v2 tools and libraries X maintains a set of official libraries and SDKs, listed here. We also include a list of [community-supported libraries](#community-libraries) lower on this page. [Explore XDev code on GitHub](https://github.com/xdevplatform) [Find X samples on Glitch](https://glitch.com/@twitter) [Find X samples on Replit](https://replit.com/@twitter) *** ## Community tools and libraries for v2 The libraries listed here have been built by members of the developer community. Note that they may be at different stages of API coverage. If you've built your own X API library or useful tool, please [let us know](https://devcommunity.x.com/c/libraries-and-sdks/63), and we'll add it to this list to help others to find it. We also have some [version badges](https://twbadges.glitch.me/) you can borrow, to use in your own README files. Looking for inspiration? You can browse and search in the [X](https://github.com/topics/twitter?o=desc\&s=updated) and [X-api-v2](https://github.com/topics/twitter-api-v2?o=desc\&s=updated) topics on GitHub to find helpful code examples from other developers. **Jump to:** [C# / .NET](#csharp), [Dart / Flutter](#dart), [Go](#go), [Java](#java), [JavaScript (Node.JS) / TypeScript](#nodejs), [Kotlin](#kotlin), [PHP](#php), [PowerShell](#powershell), [Python](#python), [R](#r), [Ruby](#ruby), [Rust](#rust), [Swift](#swift) ### C# / .NET * [**CoreTweet**](https://github.com/CoreTweet/CoreTweet) Yet Another .NET X Library * [**LinqToTwitter**](https://github.com/JoeMayo/LinqToTwitter) LINQ Provider for the X API * [**SocialOpinion**](https://github.com/jamiemaguiredotnet/SocialOpinion-Public) APIs written in C# that connect to the X API * [**Tweetinvi**](https://github.com/linvi/tweetinvi) an intuitive X C# library * [**TwitterSharp**](https://github.com/Xwilarg/TwitterSharp) C# wrapper around X API V2 ### Go * [**ctw**](https://github.com/0dayfall/ctw) a library for the X API * [**go-twitter**](https://github.com/g8rswimmer/go-twitter) a Go library for X v2 API integration. * [**gotwi**](https://github.com/michimani/gotwi) a library for the X API v2 in Go * [**gotwtr**](https://github.com/sivchari/gotwtr) a library for the X API * [**twitter-stream**](https://github.com/Fallenstedt/twitter-stream) a Go wrapper for X's V2 Filtered Stream API * [**twitter**](https://github.com/creachadair/twitter) a Go client for the X API ### java * [**twittered**](https://github.com/redouane59/twittered) X API client for Java developers * [**twitter4j-v2**](https://github.com/takke/twitter4j-v2) a simple wrapper for X API v2 that is designed to be used with Twitter4J * [**twitter-compliance**](https://github.com/UCL/twitter-compliance) multi-module Jakarta EE application for syncing compliance events from X * [**JTW**](https://github.com/uakihir0/jtw) X V2 API client library for Java ### JavaScript (Node.JS) / TypeScript * [**node-twitter-api-v2**](https://github.com/PLhery/node-twitter-api-v2) strongly typed, full-featured, light, versatile yet powerful X API client for Node.js * [**twitter.js**](https://github.com/twitterjs/twitter.js) an object-oriented Node.js and TypeScript library for interacting with X API v2 * [**twitter-types**](https://github.com/twitterjs/twitter-types) type definitions for the X API * [**twitter-v2**](https://github.com/HunterLarco/twitter-v2) An asynchronous client library for the X APIs * [**tweet-json-to-html**](https://github.com/wdl/tweet-json-to-html) converts X API v2 Post JSON objects into HTML format ### Kotlin * [**KTweet**](https://github.com/ChromasIV/KTweet) a Kotlin library that allows you to consume the X API v2. * [**Tweedle**](https://github.com/tyczj/Tweedle) a Kotlin-based Android library around the X v2 API * [**TwitterApiKit**](https://github.com/kojofosu/TwitterApiKit) saves you time creating data objects to access X's API v2. This library is supported on Java, Kotlin, and Android ### PHP * [**bird-elephant**](https://github.com/danieldevine/bird-elephant) PHP client library for the X API v2 endpoints * [**twifer**](https://github.com/ferrysyahrinal/twifer) Simple PHP Library for X API Standard v1.1 & X API v2 * [**twitter-api-v2-php**](https://github.com/noweh/twitter-api-v2-php) PHP package providing easy and fast access to X API V2 * [**twitteroauth**](https://github.com/abraham/twitteroauth) PHP library for use with the X API * [**twitter-ultimate-php**](https://github.com/utxo-one/twitter-ultimate-php) PHP Wrapper for the X v2 API * [**Twitter Stream API**](https://github.com/redwebcreation/twitter-stream-api) consume the X Stream API v2 in real-time ### PowerShell * [**BluebirdPS**](https://github.com/thedavecarroll/BluebirdPS) a X Automation Client for PowerShell 7. Post, Retweet, send Direct Messages, manage lists, and more ### Python * [**tweepy**](https://github.com/tweepy/tweepy) X for Python * [**twarc**](https://twarc-project.readthedocs.io/en/latest/twarc2_en_us/) a command line tool and Python library for collecting JSON data via the X API, with a command (twarc2) for working with the v2 API * [**python-twitter**](https://github.com/sns-sdks/python-twitter) a simple Python wrapper for X API v2 * [**TwitterAPI**](https://github.com/geduldig/TwitterAPI) minimal Python wrapper for X's APIs * [**twitterati**](https://github.com/JeannieDaniel/twitterati) Wrapper for X Developer API V2 * [**twitter-stream.py**](https://github.com/twitivity/twitter-stream.py) a Python API client for X API v2 * [**twitivity**](https://github.com/twitivity/twitivity) Account Activity API client library for Python * [**PyTweet**](https://github.com/TheFarGG/PyTweet) a synchronous Python wrapper for the X API * [**tweetkit**](https://github.com/ysenarath/tweetkit) a Python Client for the X API for Academic Research * [**tweetple**](https://github.com/dapivei/tweetple) a wrapper to stream information from the Full-Archive Search Endpoint, for Academic Research * [**2wttr**](https://github.com/simonlindgren/2wttr) get Posts from the v2 X API, for Academic Research ### R * [**academictwitteR**](https://github.com/cjbarrie/academictwitteR) R package to query the X Academic Research Product Track v2 API endpoint * [**RTwitterV2**](https://github.com/MaelKubli/RTwitterV2) R functions for X's v2 API ### Ruby * [**omniauth-twitter2**](https://github.com/unasuke/omniauth-twitter2) OmniAuth strategy for authenticating with X OAuth2 * [**tweetkit**](https://github.com/julianfssen/tweetkit) X v2 API client for Ruby * [**twitter\_oauth2**](https://github.com/nov/twitter_oauth2) X OAuth 2.0 Client Library in Ruby ### Rust * [**twitter-v2**](https://github.com/jpopesculian/twitter-v2-rs) Rust bindings for X API v2 ### Swift * [**Twift**](https://github.com/daneden/Twift/) An async Swift library for the X v2 API * [**TwitterAPIKit**](https://github.com/mironal/TwitterAPIKit) Swift library for the X API v1 and v2 *** ## Official v1.1 tools and libraries The X teams maintain a set of official libraries and SDKs, listed here.\ We also include a list of [community-supported libraries](#community-libraries) lower on this page. | Language | Clients | SDKs / Libraries | Tools | | :------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------- | :---------------------------------------------------------------------------------------------------------------------- | | JavaScript / Node.js | -- | -- | [Autohook](https://www.npmjs.com/package/twitter-autohook) - Get started with the **Premium v1.1** Account Activity API | | Python | [search-tweets-python](https://github.com/xdevplatform/search-tweets-python) - A client supporting **v2**, **Premium v1.1**, and **Enterprise** search | -- | -- | | Ruby | [search-tweets-ruby](https://github.com/sferik/twitter) - A client supporting **v2**, **Premium v1.1**, and **Enterprise** search | -- | -- | \-- ## Additional official resources The tools below can also be useful when working with the X API.\ Looking for even more code? You can find examples on our [GitHub](https://github.com/xdevplatform) and on [Glitch](https://glitch.com/@twitter). | Tool / Library | Description | | :-------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | twemoji | Twitter’s free, open source emoji character set, including a JavaScript library for cross-platform support. | | twitter-text | A collection of libraries to standardize parsing and tokenization of Tweet text. Available for Java, JavaScript, Objective-C & Ruby. [Learn more about counting characters in Tweets.](#) | | OpenAPI specification | Use this specification to exercise the **v2** API with tools like [Postman](#) or [Insomnia](#). | | twurl | A command-line tool (CLI) for interacting with the Twitter API, including OAuth authentication. Requires a Ruby runtime. | | Postman collection | Explore the Postman collection to work with X API endpoints for testing and development. | *** ## Community tools and libraries These are some of the many community-supported libraries that cover the X API across several programming languages and platforms. Note that these resources may not all have been tested by the Twitter team. The libraries listed here should implement most features of the Standard API **v1.1**, unless otherwise noted—check with the authors for details and additional support.\ If you have built a library that supports X API **v2**, please let us know about it via our [community forums](https://devcommunity.x.com/c/libraries-and-sdks/63) for possible addition to this page. You can also use the forums to report any changes to these listings. If you're missing a library or tool for your favorite programming language, let us know via the [feedback platform](https://twitterdevfeedback.uservoice.com/), where you can also vote for ideas or get inspired to build and submit something new. # SDKs Source: https://docs.x.com/x-api/tools-and-libraries/sdks ## Introduction A software development kit (SDK) is a set of software tools and programs tailored for a specific platform or API. The purpose of an SDK is to build or extend functionality of applications by providing libraries or codebases that developers can use within their applications, efficiently and with minimal coding. This significantly speeds up the development process, saving time, money, and effort. > The X Developer Platform now offers 2 official SDKs for those who develop in TypeScript/Javascript and Java. These will allow developers to build more effectively by eliminating the need to manually program the complexities around the X API v2, utilizing the pre-built functions for all available v2 endpoints as well as simplifying the authentication process. As these are built and maintained by the Developer Platform team, they will always be up to date with future releases to the X API v2 Since these SDKs wrap the X API, you must have a [developer account](https://developer.x.com/en/portal/dashboard) to authenticate requests using the credentials from a [developer App](/resources/fundamentals/developer-apps), located within a [Project](/resources/fundamentals/projects). #### Installing There are a few ways to install the Java package (requires Java 1.8+) * Maven users - add this dependency to your project's POM file: ```xml com.twitter twitter-api-java-sdk 1.1.4 ``` * Grade users - add this dependency to your project's build file: `implementation "com.twitter:twitter-api-java-sdk:1.1.4"` * Others - first generate the JAR by running the following command `mvn clean package` Then manually install the following JARs: `target/twitter-api-java-sdk-1.1.4.jar` `target/lib/*.jar` This package supports Node.js 14+, to install, run the following command in the directory of the Node project: `npm install twitter-api-sdk` #### Client basics Import the classes (Java) and package (TypeScript) at the top of a working file to gain access to the authentication and library clients. In order to use the methods from the library client, authentication credentials must be passed, this could either be Bearer Token (App-only) or client id/client secret if authenticating with OAuth 2.0 user context. Here are examples of how this would look: ```java // Import classes: import com.twitter.clientlib.ApiClient; import com.twitter.clientlib.ApiException; import com.twitter.clientlib.Configuration; import com.twitter.clientlib.auth.*; import com.twitter.clientlib.model.*; import com.twitter.clientlib.TwitterCredentialsBearer; import com.twitter.clientlib.api.TwitterApi; // Instantiate library client TwitterApi apiInstance = new TwitterApi(); // Instantiate auth credentials (App-only example) TwitterCredentialsBearer credentials = new TwitterCredentialsBearer(System.getenv("APP-ONLY-ACCESS-TOKEN")); // Pass credentials to library client apiInstance.setTwitterCredentials(credentials); ``` ```typescript //Import package import { Client, auth } from "twitter-api-sdk"; // Initialize auth client first const authClient = new auth.OAuth2User({ client_id: process.env.CLIENT_ID as string, client_secret: process.env.CLIENT_SECRET as string, callback: "YOUR-CALLBACK", scopes: ["tweet.read", "users.read", "offline.access"], }); // Pass auth credentials to the library client const twitterClient = new Client(authClient); ``` #### Authentication Flow If you are using the application only option to authenticate the SDKs, you will only need to provide the token and the library client will be ready to use the endpoint methods right away. Keep in mind, application only tokens cannot be used on endpoints that require user context authentication. OAuth 2.0 user context authentication requires a few extra steps after creating the auth client. * Generate authorization URL * Authorize the application from the authorization URL * Redirects to callback (this should be matching the callback URL set in the auth settings page in the Developer Portal). * Parse code verifier to exchange for access token The SDKs provide methods on the auth client that simplifies these steps. For a full example of how to make a request authenticating with OAuth 2.0 user context, check out the GitHub repositories. * [TypeScript](https://github.com/xdevplatform/twitter-api-typescript-sdk/blob/main/examples/oauth2-callback_pkce_s256.ts) * [Java](https://github.com/xdevplatform/twitter-api-java-sdk/blob/main/examples/src/main/java/com/twitter/clientlib/auth/OAuth20GetAccessToken.java) #### Endpoint methods The methods provided within the library client are clearly named to correspond with every endpoint and all parameters are passed in as arguments. Here is an example of Post lookup by ID: ```js String id = "1511757922354663425"; // String | A single Tweet ID. Set expansions = new HashSet<>(Arrays.asList("author_id")); // Set | A comma separated list of fields to expand. Set tweetFields = new HashSet<>(Arrays.asList("created_at", "lang", "context_annotations")); // Set | A comma separated list of Tweet fields to display. Set userFields = new HashSet<>(Arrays.asList("created_at", "description", "name")); // Set | A comma separated list of User fields to display. try { SingleTweetLookupResponse result = apiInstance.tweets().findTweetById(id, expansions, tweetFields, userFields, null, null, null); System.out.println(result); } catch (ApiException e) { System.err.println("Exception when calling TweetsApi#findTweetById"); System.err.println("Status code: " + e.getCode()); System.err.println("Reason: " + e.getResponseBody()); System.err.println("Response headers: " + e.getResponseHeaders()); e.printStackTrace(); } ``` ```typescript const lookupTweetById = await client.tweets.findTweetById( // Tweet ID "1511757922354663425", { // Optional parameters expansions: ["author_id"], "user.fields": ["created_at", "description", "name"], } ); ``` # What to build Source: https://docs.x.com/x-api/what-to-build ## Introduction Our developer community has unique skills, experiences, and perspectives that can fill gaps, solve problems, and seed new innovation on X well beyond what we at X can do on our own. We encourage you to build tools and products that make X better, healthier, and extend the public conversation. In particular, we want to see innovation in the following categories: * [Moderate conversations for health and safety](#moderate) * [Enable creation and personal expression](#enable) * [Measure and analyze what's happening](#measure) * [Improve community experiences](#improve) * [Curate and recommend content](#curate) * [Impact the greater good](#impact) ### Moderate conversations for health and safety We want everyone to feel comfortable, safe, and excited to participate in the conversation on X. We've worked hard to offer tools that give people more control over their experience, like Post reply settings, blocks, and mutes. However, there will always be more work to do, and we want to encourage you to build complementary or additive solutions that help improve the health and safety of the platform. Check out some of our resources below to help you get started: Relevant endpoints: * [Follows](/x-api/users/follows/introduction) * [Blocks](/x-api/users/blocks/introduction) * [Mutes](/x-api/users/mutes/introduction) * [Hide replies](/x-api/posts/hide-replies/introduction) * [Manage Posts](/x-api/posts/manage-tweets/introduction) (Post reply settings) ### Enable creation and personal expression X is where people come to share their perspective, ideas, and passions. It's the convergence of individuals and brands, founders and athletes, celebrities and CEOs. Developers have an opportunity to build creative solutions that allow people on X to expand their reach, express themselves in new ways, and connect with like minded communities. As creators and innovators themselves, developers can also build things that broaden how people experience X like helpful bots, gamification, or cross-posted content. Below are a few ideas to seed your innovation: Relevant endpoints: * [Manage Posts](/x-api/posts/manage-tweets/introduction) * [Spaces](/x-api/spaces/introduction) * [Retweets](/x-api/posts/retweets/introduction) ### Measure and analyze "what's happening" Many people come to X because of the opportunity it presents to reach new or existing audiences, amplify their voice, or have an impact. Developers can help these creators, artists, businesses, and local advocates measure, analyze, or understand the impact of their content. Additionally, developers can build new solutions that help people derive insights from the public conversation about trends, their audience, and so much more. We've put together a few resources below to help you get started: Relevant endpoints/functionality: * [Object model](/x-api/fundamentals/data-dictionary) (Posts, Users, Spaces, etc) * [Advanced metrics](/x-api/fundamentals/metrics) * [Post annotations](/x-api/fundamentals/post-annotations) * [Search Posts](/x-api/posts/search/introduction) * [Posts counts](/x-api/posts/counts/introduction) * [Filtered stream](/x-api/posts/filtered-stream/introduction) * [Sampled stream](/x-api/posts/volume-streams/introduction) ### Improve community experiences As new communities grow and convene on X, we want developers to use their expertise to help serve the unique needs of these communities. X is home of the global conversation, and we want everyone to be able to participate regardless of their language, timezone, cultural differences, or other localized needs. Additionally, we want growing communities around topics like finance or gaming to have tools built for their unique experiences and needs. ### Curate and recommend content Developers have always come up with creative ways to connect people on X to content they're interested in. Whether it's apps, bots, or other tools that help people have more curated or customized experiences, this is an opportunity for developers to connect people to the content they care most about. Get started: Relevant endpoints: * [Spaces](/x-api/spaces/introduction) * [Manage Posts](/x-api/posts/manage-tweets/introduction) * [Lists](/x-api/lists/manage-lists/introduction) ### Impact the greater good We've seen so many ways that developers have used X to help make the world a better place. From groundbreaking research, to helpful bots, to other non-commercial innovation, developers never cease to amaze us. Below are just a few of the resources to help you get started: Relevant endpoints: * [Manage Posts](/x-api/posts/manage-tweets/introduction) * [Conversation ID](/x-api/fundamentals/conversation-id) * [Post annotations](/x-api/fundamentals/post-annotations) * [Search Posts](/x-api/posts/search/introduction) * [Post counts](/x-api/posts/counts/introduction) * [Filtered stream](/x-api/posts/filtered-stream/introduction) * [Sampled stream](/x-api/posts/volume-streams/introduction) Explore [different access levels](/x-api/getting-started/about-x-api) # Add Post to Bookmarks Source: https://docs.x.com/x-api/bookmarks/add-post-to-bookmarks post /2/users/{id}/bookmarks Adds a Post (ID in the body) to the requesting User's (in the path) bookmarks # Bookmarks by User Source: https://docs.x.com/x-api/bookmarks/bookmarks-by-user get /2/users/{id}/bookmarks Returns Post objects that have been bookmarked by the requesting User # Remove a bookmarked Post Source: https://docs.x.com/x-api/bookmarks/remove-a-bookmarked-post delete /2/users/{id}/bookmarks/{tweet_id} Removes a Post from the requesting User's bookmarked Posts. # Introduction Source: https://docs.x.com/x-api/direct-messages/blocks/introduction The manage DM blocks endpoints enable you to block or unblock a specified account on behalf of an authenticated user. For these endpoints, there are two POST methods available: * **/2/users/:id/dm/block**: Allows you to block an account * **/2/users/:id/dm/unblock**: Allows you to unblock an account ### Getting started ### Authentication Since you are making requests on behalf of a user, you must authenticate these endpoints with either [OAuth 1.0a User Context](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) or [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2), and utilize the user Access Tokens associated with the user you are making the request on behalf of. You can generate this user Access Token using the [3-legged OAuth flow](https://developer.x.com/resources/fundamentals/authentication/obtaining-user-access-tokens) (OAuth 1.0a) or using the [Authorization Code with PKCE grant flow](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) (OAuth 2.0). ### Making a request Block Once a user has authenticated with your app, you can call the Block endpoint on behalf of user as shown below: ``` curl --request POST 'https://api.x.com/2/users/:id/dm/block' --header 'Authorization: ••••••' ``` If the request is successful, you should see the JSON response as shown below: ``` { "data": { "blocked": true } } ``` **Unblock** Once a user has authenticated with your app, you can call the Unblock endpoint on behalf of user as shown below: ``` curl --request POST 'https://api.x.com/2/users/:id/dm/unblock' --header 'Authorization: ••••••' ``` If the request is successful, you should see the JSON response as shown below: ``` { "data": { "blocked": false } } ``` # Create a new DM Conversation Source: https://docs.x.com/x-api/direct-messages/create-a-new-dm-conversation post /2/dm_conversations Creates a new DM Conversation. # Delete Dm Source: https://docs.x.com/x-api/direct-messages/delete-dm delete /2/dm_events/{event_id} Delete a Dm Event that you own. # Get DM Events by id Source: https://docs.x.com/x-api/direct-messages/get-dm-events-by-id get /2/dm_events/{event_id} Returns DM Events by event id. # Get DM Events for a DM Conversation Source: https://docs.x.com/x-api/direct-messages/get-dm-events-for-a-dm-conversation get /2/dm_conversations/with/{participant_id}/dm_events Returns DM Events for a DM Conversation # Get DM Events for a DM Conversation Source: https://docs.x.com/x-api/direct-messages/get-dm-events-for-a-dm-conversation-1 get /2/dm_conversations/{id}/dm_events Returns DM Events for a DM Conversation # Get recent DM Events Source: https://docs.x.com/x-api/direct-messages/get-recent-dm-events get /2/dm_events Returns recent DM Events across DM conversations # Integration guide Source: https://docs.x.com/x-api/direct-messages/lookup/integrate export const Button = ({href, children}) => { return ; }; The Direct Messages endpoints v2 introduce conversations and conversation events as core X API objects, and make a distinction between 1-1 and group conversations. 1-1 conversations always have two, and only two, participants, while group conversations can have two or more and memberships that can change.    This page contains information on several tools and key concepts that you should be aware of as you integrate the Direct Messages lookup endpoints into your system. We’ve broken the page into two sections: * Key Concepts * [Direct Message conversations](#direct-message-conversations) * [Shared conversation and event IDs across v1.1 and v2](#shared-conversation-and-event-ids) * [Direct Message event fields and expansions](#direct-message-event-fields-and-expansions) * [Conversation event types](#conversation-event-types) * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#developer-portal-projects-and-apps) * [Rate limits](#rate-limits) * [Pagination](#pagination) * [Helpful tools](#helpful-tools) ### Key Concepts ### Direct Message conversations All Direct Messages are part of a Direct Message conversation. These conversations can be one-to-one conversations or group conversations. This launch provides the foundational endpoints needed to create Direct Messages and retrieve events associated with Direct Message conversations. All conversations have a unique dm\_conversation\_id, and the events that make up that conversation all have a unique dm\_event\_id.   The Direct Message lookup endpoints provide methods for retrieving events associated with conversations. These GET endpoints are used to retrieve the messages that make up a conversation, and for group conversations, can be used to understand who has joined and left group conversations. This initial release of Direct Messages lookup includes three GET methods: * **GET /2/dm\_conversations/with/:participant\_id/dm\_events** - Retrieves Direct Message events associated with a one-to-one conversation. The :participant\_id path parameter is the numeric User ID of the account having the conversation with the authenticated user making this request.   * **GET /2/dm\_conversations/:dm\_conversation\_id/dm\_events** - Retrieves Direct Message events associated with a specific conversation ID, as indicated by the :dm\_conversation\_id path parameter. Both one-to-one and group conversations IDs are supported.   * **GET /2/dm\_events** - Retrieves Direct Message events associated with the authenticating user, including both one-to-one and group conversations. Events from up to 30 days ago are available.   These GET endpoints all support retrieving dm\_events by event type with an event\_types request query parameters. Currently, there are three conversation event types supported: * **MessageCreate** - Created when a new Direct Message is created. This event object can include the time and text of the message, along with the account ID of who sent the message, and the conversation and event IDs.  * **ParticipantsJoin** - Created when a new participant joins a group conversation. This dm\_event object includes the ID of the participant joining, along with the created\_at time and the sender\_id of the 'invite' event.  * **ParticipantsLeave** - Created when a participant leaves a conversation.This event object includes the ID of the participant leaving, along with the time of the event.  For more information see the [Direct Messages lookup API References](/x-api/direct-messages/get-dm-events-for-a-dm-conversation). ### Shared conversation and event IDs across v1.1 and v2 An important concept is that conversation and event IDs are shared across v1.1 and v2 versions of the X Platform. This means both versions can be used together. For example, the Direct Messages v1.1 endpoints provide methods for returning a single event and for deleting events, methods not yet available with v2. Since IDs are common across v1.1 and v2, you can make v1.1 requests based on IDs provided by v2, or by referencing conversation IDs displayed in conversation URLs on the X application.   ### Direct Message event fields and expansions The X API v2 allows users to select exactly which data they want to return from the API using a set of tools called fields and expansions. For example, Direct Message lookup endpoints support the following dm\_events fields:  * id, event\_type, and text are the defaults for MessageCreate events.  * id, event\_type, and participant\_ids are the defaults for ParticipantsJoin and ParticipantsLeave events. * dm\_conversation\_id and created\_at are available for all events. * attachments and referenced\_tweets are available for MessageCreate events.  * sender\_id is available for MessageCreate and ParticipantsJoin events.  * participant\_ids is available for ParticipantsJoin and ParticipantsLeave events.  In addition, the Direct Message lookup endpoints support the following [expansions](/x-api/fundamentals/expansions): * sender\_id - Expands the User object associated with who sent the message or who invited someone to the conversation.  * referenced\_tweets.id - Expands the Post object if the Direct Message text includes a link to a Post.  * attachments.media\_keys - Expands the Media object if the Direct Message includes a media attachment.  * participant\_ids - Expands the User object associated with who joined or left a group conversation. Since expansion include Posts, Users, and Media objects, you can also use the tweet.fields, user.fields, and media.fields request query parameters. See our guide on how to [use fields and expansions](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) for more information. ### Conversation event types Below are example JSON objects for Direct Message the MessageCreate, ParticipantsJoin, and ParticipantsLeave event types.  Available dm\_event object fields: id, text, event\_type, dm\_conversation\_id, created\_at, sender\_id, attachments, referenced\_tweets, participant\_ids. See the the Fields and Expansion section for more details on selecting these fields in your requests.  Example MessageCreate event:  With all the dm\_event fields specified, here is the response for a simple text Direct Message:  `{ "text": "Hi everyone.", "sender_id": "944480690", "dm_conversation_id": "1578398451921985538", "id": "1582838499983564806", "event_type": "MessageCreate", "created_at": "2022-10-19T20:58:00.000Z" }` Example ParticipantsJoin event: With all the dm\_event fields specified, here is the response for a participant joining a conversation: `{ "participant_ids": [ "944480690" ], "sender_id": "17200003", "dm_conversation_id": "1578398451921985538", "id": "1582835469712138240", "event_type": "ParticipantsJoin", "created_at": "2022-10-19T20:45:58.000Z" }` Example ParticipantsLeave event: With all the dm\_event fields specified, here is the response for a participant leaving a conversation: `{ "participant_ids": [ "944480690" ], "dm_conversation_id": "1578398451921985538", "id": "1582838535115067392", "event_type": "ParticipantsLeave", "created_at": "2022-10-19T20:58:09.000Z" }` ### Authentication All X API v2 endpoints require for you to authenticate your requests with a set of credentials, also known as keys and tokens. All Direct Messages are private and require user authorization to access them.  These Direct Message endpoints require the use of [OAuth 2.0 Authorization Flow with PKCE](/x-api/posts/manage-tweets) or [1.0a User Context](/resources/fundamentals/authentication), which means that you must use a set of API keys and user Access Tokens to make a successful request. The Access Tokens must be associated with the user that you are requesting on behalf of. If you want to generate a set of Access Tokens for another user, they must authorize or authenticate your App using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). Please note that OAuth user-context can be tricky to use. If you are not familiar with this authentication method, we recommend using a [library](/x-api/tools-and-libraries/overview) or a tool like Postman to properly authenticate your requests.  [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user. The Direct Messages lookup endpoints require these scopes:  dm.read, post.read, user.read To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal. ### Developer portal, Projects, and developer Apps To retrieve a set of authentication credentials that will work with the X API v2 endpoints, you must have an approved developer account, set up a Project within that account, and create a developer App within that Project. You can then find your keys and tokens within your developer App.  ### Rate limits Everyday many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, rate limits are placed on each endpoint that limits the number of requests that you can make on behalf of your app or on behalf of an authenticated user.  The Direct Message lookup endpoints are rate limited at the user-level, meaning that the authenticated user that you are making the request on behalf of can only make a certain number of requests with your X App. There is a user rate limit of 300 requests per 15 minutes for the GET methods. These rate limits are shared across the GET endpoints.  ### Pagination These endpoints utilize pagination so that responses are returned quickly. In cases where there are more results than what can be sent in a single response (up to 100 events) you will need to paginate. Use the max\_results parameter to identify how many results will return per page, and the pagination\_token parameter to return the next page of results. You can learn more by reviewing our [pagination guide](/x-api/fundamentals/pagination). **Helpful tools** Here are some helpful tools we encourage you to explore as you work with the Direct Messages lookup endpoints:  ****Postman**** Postman is a great tool that you can use to test out an endpoint. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) page.  ****Code samples**** Python sample code for the v2 Direct Messages endpoints is available in our [X API v2 sample code GitHub](https://github.com/xdevplatform/Twitter-API-v2-sample-code) repository. The "Manage-Direct-Messages" folder contains examples for the POST methods, and the "Direct-Messages-lookup" folder contains examples for the GET methods. ****XDev Software Development Kits (SDKs)**** These [libraries](/x-api/tools-and-libraries/overview) are being updated for the v2 Direct Messages endpoints and should be ready soon: * [X API Java SDK](https://github.com/xdevplatform/twitter-api-java-sdk) - Official Java SDK for the X API v2 * [X API TypeScript/JavaScript SDK](https://github.com/xdevplatform/twitter-api-typescript-sdk) - Official TS/JS SDK for the X API v2 **Third-party libraries** There is a growing number of [third-party libraries](/x-api/tools-and-libraries/overview#community-tools-and-libraries-for-v2) developed by our community. These libraries are designed to help you get started, and several are expected to support v2 Direct Messages endpoints soon. You can find a library that works with the v2 endpoints by looking for the proper version tag. # Introduction Source: https://docs.x.com/x-api/direct-messages/lookup/introduction export const Button = ({href, children}) => { return ; }; This initial release of Direct Messages lookup includes three GET methods: * **GET /2/dm\_conversations/with/:participant\_id/dm\_events** - Retrieves Direct Message events associated with a one-to-one conversation. The :participant\_id path parameter is the User ID of the account having the conversation with the authenticated user making this request.  * **GET /2/dm\_conversations/:dm\_conversation\_id/dm\_events** - Retrieves Direct Message events associated with a specific conversation ID, as indicated by the :dm\_conversation\_id path parameter.  * **GET /2/dm\_events** - Retrieves Direct Message events associated with a user, including both one-to-one and group conversations. Events from up to 30 days ago are available.   Note that Direct Message event IDs are common across the v1.1 and v2 (as well as the X App), so the v1.1 method to list a single event can be used along with these new v2 endpoints. Also note that the Enterprise and Premium Account Activity APIs support v2 one-to-one messages, but do not yet support group conversations.    With this release, three event types are supported, and these endpoints support query parameters to filter on them: * **MessageCreate** - A message has been created.  * **ParticipantsJoin** - A new participant has joined a conversation.  * **ParticipantsLeave** - A participant has left a conversation.  There is a user rate limit of 300 requests per 15 minutes for the GET methods. This rate limit is shared across these GET endpoints. Since you are making requests on behalf of a user with Direct Message v2 endpoints, you must authenticate with either [OAuth 1.0a User Context](/resources/fundamentals/authentication) or [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3), using Access Tokens associated with users that have authorized your X App. To generate these Access Tokens with OAuth 1.0a, you can use the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). To generate user Access Tokens with OAuth 2.0, you can use the [Authorization Code with PKCE grant flow](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2). **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).
# Quickstart Source: https://docs.x.com/x-api/direct-messages/lookup/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the manage Direct Message endpoints This quick start guide will help you make your first request to the Direct Message endpoints using Postman, a tool for managing and making HTTP requests. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) guide. Please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository if you want to review Python-based examples. In addition, the official [X Developer Platform software development kits (SDKs)](/x-api/tools-and-libraries/sdks) will be updated to support these Direct Message endpoints.   **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to building Direct Message lookup requests In this example, in one request, we'll create a new group conversation and add our first message to it. We'll then add a second message to the created conversation. #### Step one: Start with a tool or library To begin working with the manage Direct Message endpoints we are going to use the Postman tool to simplify the process. A XDevelopers-authored collection of example X API v2 requests will be used to explore six endpoints used to create new Direct Messages and to list Direct Message conversation events. While most of the collection is pre-filled, there are a few details that you'll need to provide that are based on the X App created to host these API requests. First, let's get the collection loaded/updated. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the “Manage Direct Messages” folder. This folder's Authorization tab has been pre-filled where possible. You will need to update a few settings to share your X App's authentication details. This folder also contains three endpoints for creating new Direct Messages. Note that there is also a "Direct Message lookup" folder with three available endpoints for retrieving Direct Message conversation events, including sending and receiving messages, and when conversation participants join and leave. Since creating group conversations is a new feature of the X API v2, this example will focus on that. We will be working with the "New group DM and conversation" example. We will use this request to create a Direct Message group conversation. The next step is to authenticate with the endpoint. #### Step two: Authenticate your request To properly make a request to the X API, you need to verify that you have permission to do so. To make a successful request to this endpoint, we will be using [OAuth 2.0 Authorization Code Flow with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2). You can generate an access token within Postman.  With Postman you can set the authentication method at the folder level or at the request level. Here we will be configuring the authentication details at the folder level. Navigate to the "Mange Direct Messages" folder, select the "Authorization" tab and confirm that the Type to set to “OAuth 2.0”, and "Add auth data to" is set to "Request Headers." In the "Current Token" section, make sure the "header Prefix" is set to Bearer.   To configure and generate a new token: 1. Create a Token Name, such as "DM lookup." 2. Confirm that **Grant Type** is set to Authorization Code (with PKCE). 3. Set your **Callback URL**. You will want to update your Callback URL to exactly match the Callback URL associated with your application in the [v2 Dev Portal](https://developer.x.com/en/portal/dashboard). With the X App used with this example, the Callback URL is set to - [https://www.example.com.](https://www.example.com/) (Note that since this must match exactly, [https://example.com](https://example.com) would not work.)  4. Confirm that **Auth URL** is set to [https://x.com/i/oauth2/authorize](https://x.com/i/oauth2/authorize) 5. Confirm that **Access Token URL** is set to [https://api.x.com/2/oauth2/token.](https://api.x.com/2/oauth2/token)**Client ID** - Copy and paste OAuth 2.0 client ID from the Developer Portal **Client Secret** - You will need this only if you are using an App type that is a confidential client. If so, copy and paste the OAuth 2.0 Client Secret from the Developer Portal.  6. Confirm that **Scope** is set to dm.read dm.write tweet.read users.read. 7. Confirm that **State** is set to “state.” 8. Confirm that **Client Authentication** is set to Send as Basic Auth header. 9. Click where it says “Get New Access Token”, click "Authorize app" as part of the "Sign-in with X" process. 10. Click the "Proceed" button and then the "Use Token" to generate a token.  11. Click on the "Save" button to save these configuration details. You may get a message that you are not logged into X. If you get this error, you will need to log in to the X account that you are trying to post on behalf of inside of Postman. Now that these OAuth 2.0 details have been set at the folder level, navigate to each of the examples and their "Authorization" tab and confirm that they have their Type set to "Inherit auth from parent."  Note that this token will expire soon, and you'll need to regenerate it by clicking on the "Get New Access Token" button. Clicking that will trigger the "Sign-in with X" process and generate a fresh token to make requests with. #### Step three: Retrieve Direct Messages conversation events When retrieving Direct Message conversation events with this endpoint, you need to specify a conversation ID. The conversation ID is part of the endpoint path: [https://api.x.com/2/dm\\\_conversations/:dm\\\_conversation\\\_id/dm\\\_events](https://api.x.com/2/dm\\_conversations/:dm\\_conversation\\_id/dm\\_events) In Postman, navigate to the “Params” tab and enter the ID of the conversation you want to retrieve events for in the "Path Variables" section. The setting would be: | | | | :------------------- | :-------------------- | | **Key** | **Value** | | `dm_conversation_id` | `1228393702244134912` | With this conversation specified, the resulting path becomes [https://api.x.com/2/dm\\\_conversations/1582103724607971328/dm\\\_events](https://api.x.com/2/dm\\_conversations/1582103724607971328/dm\\_events) If you click the "Send" button you will receive the default Direct Message object fields in your response: id,  text, and event\_type. There will also be a "meta" object with the number of results, along with pagination tokens used for retrieving more events if available. ``` { "data": [ { "event_type": "MessageCreate", "id": "1580705921830768647", "text": "hello to you two, this is a new group conversation." } ], "meta": { "result_count": 1, "next_token": "18LAA5FFPEKJA52G0G00ZZZZ", "previous_token": "1BLC45FFPEKJA52G0S00ZZZZ" } } ``` If you would like to receive additional fields, you will have to specify those fields in your request with the [field](/x-api/fundamentals/fields) and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request additional sets of fields of the dm\_event object: 1. The default Direct Message object fields, id, text, and event\_type. 2. Additional Direct Message object fields: dm\_conversation\_id, created\_at, sender\_id, attachments, participant\_ids, referenced\_tweets In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | :--------------- | :------------------------------------------------------------------------------------------ | | Key | Value | | dm\_event.fields | dm\_conversation\_id,created\_at,sender\_id,attachments,participant\_ids,referenced\_tweets | You should now see the following URL next to the "Send" button: [https://api.x.com/2/dm\\\_conversations/:dm\\\_conversation\\\_id/dm\\\_events?dm\\\_event.fields=id,text,event\\\_type,dm\\\_conversation\\\_id,created\\\_at,sender\\\_id,attachments,participant\\\_ids,referenced\\\_tweets](https://api.x.com/2/dm\\_conversations/:dm\\_conversation\\_id/dm\\_events?dm\\_event.fields=id,text,event\\_type,dm\\_conversation\\_id,created\\_at,sender\\_id,attachments,participant\\_ids,referenced\\_tweets) #### Step four: Make your request and review your response Once you have everything set up, hit the "Send" button again, and you will receive a response similar to the below response. Note that this response includes all the available dm\_event fields. ``` { "data": [ { "text": "hello to you two, this is a new group conversation.", "id": "1580705921830768647", "dm_conversation_id": "1580705921830768643", "event_type": "MessageCreate", "sender_id": "17200003", "created_at": "2022-10-13T23:43:54.000Z" } ], "meta": { "result_count": 1, "next_token": "18LAA5FFPEKJA52G0G00ZZZZ", "previous_token": "1BLC45FFPEKJA52G0S00ZZZZ" } } ``` # Integration guide Source: https://docs.x.com/x-api/direct-messages/manage/integrate export const Button = ({href, children}) => { return ; }; The Direct Messages endpoints v2 introduce conversations and conversation events as core X API objects, and makes a distinction between one-to-one and group conversations. One-to-one conversations always have two, and only two, participants, while group conversations can have two or more and memberships that can change.    This page contains information on several tools and key concepts that you should be aware of as you integrate the Manage Direct Messages endpoints into your system. We’ve broken the page into two sections: * Key Concepts * [Direct Message conversations](#direct-message-conversations) * [Shared conversation and event IDs across v1.1 and v2](#shared-conversation-and-event-ids) * [Including media attachments and referencing Posts](#including-media-attachments-and-referencing-tweets) * [Authentication](#authentication) * [Developer portal, Projects, and developer Apps](#developer-portal-projects-and-developer-apps) * [Rate limits](#rate-limits) * [Helpful tools](#helpful-tools) **Key Concepts** ### Direct Message conversations All Direct Messages are part of a Direct Message conversation. These conversations can be one-to-one conversations or group conversations. This launch provides the foundational endpoints needed to create Direct Messages and retrieve events associated with Direct Message conversations. All conversations have a unique dm\_conversation\_id, and the events that make up that conversation all have a unique dm\_event\_id.   The Manage Direct Message endpoints provide three POST methods for creating new messages and adding them to conversations: * **POST /2/dm\_conversations/with/:participant\_id/messages** - Creates a one-to-one Direct Message. This method either adds the message to an existing one-to-one conversation or creates a new one. The :participant\_id path parameter is the User ID of the account receiving the message.  Here is an example JSON request body for sending a one-to-one Direct Message: ``` { "text": "Hello just you. This will appear as a new conversation if we have never messaged, or will be added to our existing thread. " } ``` * **POST /2/dm\_conversations** - Creates a new group conversation and adds a Direct Message to it. These requests require a list of conversation participants. Note that you can create multiple conversations with the same participant list. These requests will always return a new conversation ID.Below is an example JSON request body for creating a new group conversation and adding a Direct Message. Note that this requires a "conversation\_type" field and that must be set to "Group" (case sensitive). ``` { "message": {"text": "Hello to just you two, this is a new group conversation."}, "participant_ids": ["944480690","906948460078698496"], "conversation_type": "Group" } ``` * **POST /2/dm\_conversations/:dm\_conversation\_id/messages** - Creates a Direct Message and adds it to an existing conversation. The :dm\_conversation\_id path parameter is the ID of the conversation that the message will be added to. This method can be used to add a message to both one-to-one and group conversations. Here is an example JSON request body for sending Direct Message to both one-to-one and group conversations: ``` { "text": "Here is a new message." } ``` These POST methods support attaching a single piece of media. POST request bodies must include either or both the "text" and "attachments" fields. The "text" attribute is required if the "attachments" field is not included, and the "attachments" field is required if the "text" field is not included. See the next section for more information. For more information see the [Manage Direct Messages API References](/x-api/direct-messages/create-a-new-dm-conversation).  ### Shared conversation and event IDs across v1.1 and v2 An important concept is that conversation and event IDs are shared across v1.1 and v2 versions of the X Platform. This means both versions can be used together. For example, the Direct Messages v1.1 endpoints provide methods for returning a single event and for deleting events. These methods are not yet available with v2. Since IDs are common across v1.1 and v2, you can make v1.1 requests based on IDs provided by v2, or by referencing conversation IDs displayed in conversation URLs on the X application.   ### Including media attachments and referencing Posts The Manage Direct Message endpoints all support attaching one piece of media (photo, video, or GIF). Attaching media requires a media ID generated by the v1.1 [Upload media](https://developer.x.com/en/docs/x-api/v1/media/upload-media/overview) endpoint. The authenticated user posting the Direct Message must have also uploaded the media. Once uploaded, media is available for 24 hours for including with the message. To illustrate how to include media, the following is an example JSON request body: ``` { "text": "Here's a photo...", "attachments": [{"media_id": "1583157113245011970}] } ``` The resulting MessageCreate event will include the following metadata: ``` { "attachments": { "media_keys": [ "5_1583157113245011970" ] } } ``` Posts can also be included by including the Post URL in the message text. To illustrate how to include Posts in messages, the following is an example JSON request body: ``` { "text": "Here's the Tweet I has talking about: https://x.com/SnowBotDev/status/1580559079470145536" } ``` The resulting MessageCreate event will include the following metadata: ``` { "referenced_tweets": [ { "id": "1580559079470145536" } ] } ``` ### Authentication All X API v2 endpoints require for you to authenticate your requests with a set of credentials, also known as keys and tokens. All Direct Messages are private and require user authorization to access them.  These Direct Message endpoints require the use of [OAuth 2.0 Authorization Flow with PKCE](/x-api/posts/manage-tweets) or [1.0a User Context](/resources/fundamentals/authentication), which means that you must use a set of API keys and user Access Tokens to make a successful request. The Access Tokens must be associated with the user that you are requesting on behalf of. If you want to generate a set of Access Tokens for another user, they must authorize or authenticate your App using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). Please note that OAuth user-context can be tricky to use. If you are not familiar with this authentication method, we recommend using a [library](/x-api/tools-and-libraries/overview) or a tool like Postman to properly authenticate your requests.  [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) allows for greater control over an application’s scope and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes, which give you specific permissions on behalf of a user. The Direct Messages lookup endpoints require these scopes:  dm.write, dm.read, tweet.read, user.read. To enable OAuth 2.0 in your App, you must enable it in your App’s authentication settings found in the App settings section of the developer portal. ### Developer portal, Projects, and developer Apps To retrieve a set of authentication credentials that will work with the X API v2 endpoints, you must have an approved developer account, set up a Project within that account, and create a developer App within that Project. You can then find your keys and tokens within your developer App.  ### Rate limits Everyday many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, rate limits are placed on each endpoint that limits the number of requests that you can make on behalf of your app or on behalf of an authenticated user.  The Manage Direct Message endpoints are rate limited at both the per-user and X App levels. This means that the authenticated user that you are making the request on behalf of can only send a certain number of messages with your X App. In addition, there is a daily limit on how many Direct Messages can be sent by your X App.  There is a user rate limit of 200 requests/messages per 15 minutes for the POST methods. Users are also limited to 1000 Direct Messages per 24 hours. In addition, X Apps have a limit of 15000 messages per 24 hours. These rate limits are shared across the POST endpoints.  **Helpful tools** Here are some helpful tools we encourage you to explore as you work with the Direct Messages lookup endpoints:  ****Postman**** Postman is a great tool that you can use to test out an endpoint. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) page.  ****Code samples**** Python sample code for the v2 Direct Messages endpoints is available in our [X API v2 sample code GitHub](https://github.com/xdevplatform/Twitter-API-v2-sample-code)[](https://github.com/xdevplatform/Twitter-API-v2-sample-code) repository. The "Manage-Direct-Messages" folder contains examples for the POST methods, and the "Direct-Messages-lookup" folder contains examples for the GET methods. **XDev Software Development Kits (SDKs)** These [libraries](/x-api/tools-and-libraries/overview) are being updated for the v2 Direct Messages endpoints and should be ready soon: * [X API Java SDK](https://github.com/xdevplatform/twitter-api-java-sdk) - Official Java SDK for the X API v2 * [X API TypeScript/JavaScript SDK](https://github.com/xdevplatform/twitter-api-typescript-sdk) - Official TS/JS SDK for the X API v2 **Third-party libraries** There is a growing number of [third-party libraries](/x-api/tools-and-libraries/overview#community-tools-and-libraries-for-v2) developed by our community. These libraries are designed to help you get started, and several are expected to support v2 Direct Messages endpoints soon. You can find a library that works with the v2 endpoints by looking for the proper version tag. # Introduction Source: https://docs.x.com/x-api/direct-messages/manage/introduction export const Button = ({href, children}) => { return ; }; Only available to those with [Pro and Enterprise access](/x-api/getting-started/about-x-api) Direct Messages enable private conversations on X. Direct Messages are one of the most popular features of X, with a wide variety of use cases. These use cases range from group chats among friends, to powering customer support for brands around the world. New v2 versions of Direct Messages endpoints will be introduced in stages, and this first stage includes fundamental endpoints for creating Direct Messages and listing Direct Message conversation events. For the first time, the X API v2 supports *group* conversations. This initial release of Manage Direct Messages includes three POST methods for creating Direct Messages: * **POST /2/dm\_conversations/with/:participant\_id/messages** - Creates a one-to-one Direct Message. This method either creates a new 1-1 conversation or retrieves the current conversation and adds the Direct Message to it. The :participant\_idpath parameter is the User ID of the account receiving the message.  * **POST /2/dm\_conversations** - Creates a new group conversation and adds a Direct Message to it. These requests require a list of conversation participants. Note that you can create multiple conversations with the same participant list. These requests will always return a new conversation ID.  * **POST /2/dm\_conversations/:dm\_conversation\_id/messages** - Creates a Direct Message and adds it to an existing conversation. The :dm\_conversation\_id path parameter is the ID of the conversation that the message will be added to.  Note that Direct Message event IDs are common across the v1.1 and v2 (as well as the X App), so the v1.1 methods to hide/delete Direct Messages can be used along with this new v2 endpoint. Also note that the Enterprise and Premium Account Activity APIs support v2 one-to-one messages, but do not yet support group conversations.    There is a user rate limit of 200 requests per 15 minutes for the POST method. There is also a rate limit of 1000 requests per 24 hours per user. Additionally, there is a rate limit of 15000 requests per 24 hours. Note that these rate limits are shared across these POST endpoints. Since you are making requests on behalf of a user with the manage Posts endpoints, you must authenticate with either [OAuth 1.0a User Context](https://developer-staging.x.com/resources/fundamentals/authentication)or [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2), and use a user Access Tokens associated with a user that has authorized your App. To generate this user Access Token with OAuth 1.0a, you can use the [3-legged OAuth flow](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token). To generate a user Access Token with OAuth 2.0, you can use the [Authorization Code with PKCE grant flow](/resources/fundamentals/authentication#how-to-connect-to-endpoints-using-oauth-2-0-authorization-code-flow-with-pkce)). **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).
# Quickstart Source: https://docs.x.com/x-api/direct-messages/manage/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the manage Direct Message endpoints This quick start guide will help you make your first request to the Direct Message endpoints using Postman, a tool for managing and making HTTP requests. To learn more about our Postman collections, please visit our [Using Postman](/tutorials/postman-getting-started) guide, Please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository if you want to review Python-based examples. In addition, the official [X Developer Platform software development kits (SDKs)](/x-api/tools-and-libraries/sdks) will be updated to support these Direct Message endpoints.   **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to building manage Direct Message requests In this example, in one request, we'll create a new group conversation and add our first message to it. We'll then add a second message to the created conversation. #### Step one: Start with a tool or library To begin working with the manage Direct Message endpoints, we are going to use the Postman tool to simplify the process. A XDev-authored collection of example X API v2 requests will be used to explore six endpoints used to create new Direct Messages and to list Direct Message conversation events. While most of the collection is pre-filled, there are a few details that you'll need to provide that are based on the X App created to host these API requests. First, let's get the collection loaded/updated. To load the X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the “Manage Direct Messages” folder. This folder's Authorization tab has been pre-filled where possible, and you can update a few settings to share your X App's authentication details. This folder also contains three endpoints for creating new Direct Messages. Note that there is also a "Direct Message lookup" folder with three available endpoints for retrieving Direct Message conversation events, including sending and receiving messages, and when conversation participants join and leave..  Since creating group conversations is an exciting new feature of the X API v2, this example will focus on that. We will be working with the "New group DM and conversation" example. We will use this request to create a Direct Message group conversation. The next step is to authenticate with the endpoint. **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission to do so. To make a successful request to this endpoint, we will be using [OAuth 2.0 Authorization Code Flow with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2). You can generate an access token within Postman.  With Postman you can set the authentication method at the folder level or at the request level. Here we will be configuring the authentication details at the folder level. Navigate to the "Manage Direct Messages" folder, select the "Authorization" tab and confirm that the Type to set to “OAuth 2.0,” and "Add auth data to" is set to "Request Headers." In the "Current Token" section, make sure the "header Prefix" is set to Bearer.   To configure and generate a new token: 1. Create a Token Name, such as "Manage DMs." 2. Confirm that **Grant Type** is set to Authorization Code (with PKCE). 3. Set your **Callback URL**. You will want to update your Callback URL to exactly match the Callback URL associated with your application in the [v2 Dev Portal](https://developer.x.com/en/portal/dashboard). With the X App used with this example, the Callback URL is set to - [*https://www.example.com*.](https://www.example.com/) (Note that since this must match exactly, [*https://example.com*](https://example.com) would not work.)  4. Confirm that **Auth URL** is set to [https://x.com/i/oauth2/authorize](https://x.com/i/oauth2/authorize). 5. Confirm that **Access Token URL** is set to [https://api.x.com/2/oauth2/token.](https://api.x.com/2/oauth2/token)**Client ID** - Copy and paste OAuth 2.0 client ID from the Developer Portal **Client Secret** - You will need this only if you are using an App type that is a confidential client. If so, copy and paste the OAuth 2.0 Client Secret from the Developer Portal.  6. Confirm that **Scope** is set to dm.read, dm.write, tweet.read, and users.read. 7. Confirm that **State** is set to “state.” 8. Confirm that **Client Authentication** is set to Send as Basic Auth header. 9. Click where it says **Get New Access Token**, click "Authorize app" as part of the "Sign-in with X" process. 10. Click the "Proceed" button and then the "Use Token" to generate a token.  11. Click on the "Save" button to save these configuration details. You may get a message that you are not logged into X. If you get this error, you will need to log in to the X account you are trying to post on behalf of inside of Postman. Now that these OAuth 2.0 details have been set at the folder level, navigate to each of the examples and their "Authorization" tab and confirm that they have their Type set to "Inherit auth from parent."  Note that this token will expire soon, and you'll need to regenerate it by clicking on the "Get New Access Token" button. Clicking that will trigger the "Sign-in with X" process and generate a fresh token to make requests with. #### Step three: Specify the Direct Message conversation participants and message contents Navigate to the “Body” tab and make updates to the example JSON object. Set the participant\_ids attribute to the accounts you want to send the Direct Message to. `{ "message": {"text": "Hello to just you two, this is a new group conversation."}, "participant_ids": ["944480690","906948460078698496"], "conversation_type": "Group" }` #### Step four: Make your request and review the response Once you have everything set up, hit the "Send" button, and you will receive a similar response to the example response below. A reminder that if your token has expired since you created it above, you can return to the folder's Authorization tab and click on the "Get New Access Token" to create a fresh token. ``` { "data": { "dm_conversation_id": "1582103724607971328", "dm_event_id": "1582103724607971332" } } ``` If the returned response "data" object contains a dm\_conversation\_id and an dm\_event\_id, you have successfully created a new Direct Message conversation. To start looking up events associated with this conversation, head over to the Direct Message lookup Quick start guide. #### Step five: Add another message to that group conversation Now select the "Add DM to conversation" example, and select the "Params" tab. Under "Path Variables" , update the dm\_conversation\_id to the ID of the conversation you created above. | | | | :------------------- | :------------------ | | **Key** | **Value** | | dm\_conversation\_id | 1582103724607971328 | Using this conversation ID, the request path will resolve to: [https://api.x.com/2/dm\_conversations/1582103724607971328/messages](https://api.x.com/2/dm_conversations/1582103724607971328/messages) Also, update the "Body" tab with request JSON containing the message text you want to send:  ``` { "text": "Adding a new message to our group conversation..." } ``` Once you have everything set up, hit the "Send" button, and you will receive a similar response to the following example response: ``` { "data": { "dm_conversation_id": "1582103724607971328", "dm_event_id": "1582106224379559940" } } ``` # Send a new message to a DM Conversation Source: https://docs.x.com/x-api/direct-messages/send-a-new-message-to-a-dm-conversation post /2/dm_conversations/{dm_conversation_id}/messages Creates a new message for a DM Conversation specified by DM Conversation ID # Send a new message to a user Source: https://docs.x.com/x-api/direct-messages/send-a-new-message-to-a-user post /2/dm_conversations/with/{participant_id}/messages Creates a new message for a DM Conversation with a participant user by ID # Likes Firehose stream Source: https://docs.x.com/x-api/likes/likes-firehose-stream get /2/likes/firehose/stream Streams 100% of public Likes. # Likes Sample 10 stream Source: https://docs.x.com/x-api/likes/likes-sample-10-stream get /2/likes/sample10/stream Streams 10% of public Likes. # Get a User's Owned Lists. Source: https://docs.x.com/x-api/lists/get-a-users-owned-lists get /2/users/{id}/owned_lists Get a User's Owned Lists. # Get User's Followed Lists Source: https://docs.x.com/x-api/lists/get-users-followed-lists get /2/users/{id}/followed_lists Returns a User's followed Lists. # List lookup by List ID. Source: https://docs.x.com/x-api/lists/list-lookup-by-list-id get /2/lists/{id} Returns a List. # Integration guide Source: https://docs.x.com/x-api/lists/list-lookup/integrate export const Button = ({href, children}) => { return ; }; This page contains information on several tools and critical concepts that you should know as you integrate the List lookup endpoints into your system. We’ve broken the page into a couple of different sections: * [Helpful tools](#helpful) * Key Concepts * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#portal) * [Rate limits](#limits) * [Fields and expansions](#fields) * [Pagination](#pagination) ### Helpful tools Before we dive into some key concepts that will help you integrate this endpoint, we recommend that you become familiar with: #### Postman Postman is a great tool that you can use to test out an endpoint. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our ["Using Postman"](/tutorials/postman-getting-started) page.  #### Code samples Are you interested in getting set up with this endpoint with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our [Github page](https://github.com/xdevplatform/Twitter-API-v2-sample-code). #### Third-party libraries Take advantage of one of our communities’ [third-party libraries](/x-api/tools-and-libraries/overview) to help you get started. You can find a library that works with the v2 endpoints by looking for the proper version tag. ### Key concepts #### Authentication All X API v2 endpoints require you to authenticate your requests with a set of credentials, also known as keys and tokens. You can use either OAuth 1.0a User Context, App only or OAuth 2.0 Authorization Code with PKCE to authenticate your requests to these endpoints. .  [OAuth 1.0a User Context](/resources/fundamentals/authentication#oauth-1-0a-user-context), which means that you must use a set of API Keys and user Access Tokens to make a successful request. The access tokens must be associated with the user that you are making the request on behalf of. If you would like to generate a set of Access Tokens for another user, they must authorize your App using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). Please note that OAuth 1.0a can be difficult to use. If you are not familiar with this authentication method, we recommend that you use a [library](/x-api/tools-and-libraries/overview), use a tool like Postman, or use OAuth 2.0 to authenticate your requests. [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user.  To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal. [App only](/resources/fundamentals/authentication#bearer-token-also-known-as-app-only) just requires that you pass a [App only Access Token](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token) with your request. You can either generate an App only token from directly within a developer App, or generate one using the [POST oauth2/token](/resources/fundamentals/authentication#post-oauth2-token) endpoint. #### Developer portal, Projects, and developer Apps To retrieve a set of authentication credentials that will work with the X API v2 endpoints, you must [sign up for a developer account](https://developer.x.com/en/portal/petition/essential/basic-info), set up a [Project](/resources/fundamentals/projects) within that account, and created a [developer App](/resources/fundamentals/developer-apps) within that Project. You can then find your keys and tokens within your developer App.   #### Rate limits Every day, many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, [rate limits](/x-api/fundamentals/rate-limits) are placed on each endpoint that limits the number of requests you can make on behalf of your app or on behalf of an authenticated user.  These endpoints are rate limited at both the App-level and the user-level. The app rate limit means that you, the developer, can only make a certain number of requests to this endpoint over a given period of time from any given App (assumed by using either the API Key and API Secret Key, or the App only Access Token). The user rate limit means that the authenticated user that you are making the request on behalf of can only perform a List lookup a certain number of times across any developer App. The chart below shows the rate limits for each endpoint. | | | | | :------------------------ | :-------------- | :------------------------- | | **Endpoint** | **HTTP method** | **Rate limit** | | /2/lists/:id | GET | 75 requests per 15 minutes | | /2/users/:id/owned\_lists | GET | 15 requests per 15 minutes | Fields and expansions The X API v2 GET endpoint allows users to select exactly which data they want to return from the API using a set of tools called `fields` and `expansions`. The `expansions` parameter allows you to expand objects referenced in the payload. For example, looking up a List by ID allows you to pull the following [expansions](/x-api/fundamentals/expansions): * `owner_id` The `fields` parameter allows you to select exactly which [fields](/x-api/fundamentals/fields) within the different data objects you would like to receive. These endpoints deliver List objects primarily. By default, the List object returns the `id`, and `name` fields. To receive additional fields such as `list.created_at` or `list.follower_count`, you will have to specifically request those using a list.fields parameter.  We’ve added a guide on using [fields and expansions](/x-api/fundamentals/data-dictionary#how-to-use-fields-and-expansions) together to our [X API v2 data dictionary](/x-api/fundamentals/data-dictionary).  The chart below shows the field and expansions available for this endpoint group: | | | | | :------------------------ | :------------------------------------- | :------------- | | **Endpoint** | **Fields** | **Expansions** | | /2/lists/:id | `list.fields`

`user.fields` | `owner_id` | | /2/users/:id/owned\_lists | list.fields

user.fields | owner\_id | #### Pagination Looking up user owned Lists can return a lot of data. To ensure we are returning consistent, high-performing results at any given time, we use pagination. Pagination is a feature in X API v2 endpoints that return more results than can be returned in a single response. When that happens, the data is returned in a series of 'pages'. Learn more about how to [paginate through results.](/x-api/fundamentals/pagination) # Introduction Source: https://docs.x.com/x-api/lists/list-lookup/introduction export const Button = ({href, children}) => { return ; }; There is a rate limit of 75 requests per 15 minutes when looking up a specified List by ID and a limit of 15 requests per 15 minutes when looking up user-owned Lists. You can use [OAuth 1.0a User Context](/resources/fundamentals/authentication), \[App only]\([https://developer.x.com(/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token)](https://developer.x.com\(/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token\)), or [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) to authenticate your requests to these endpoints.  **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).
# Quickstart Source: https://docs.x.com/x-api/lists/list-lookup/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the List lookup endpoint This quick start guide will help you make your first request to the List lookup endpoint using Postman. Please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository if you want to see sample code in different languages. \*\*Note: \*\*For this example, we will make a request to the \_List lookup by ID \_endpoint, but you can apply the learnings from this quick start to other lookup requests as well. ### Prerequisites To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a List lookup request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we will use the Postman tool here to simplify the process. To load the X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the “List” folder, select another folder “List lookup”, and then choose "List by ID".   **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission. To do this with this endpoint, you must authenticate your request with either [App only](/resources/fundamentals/authentication#app-only-authentication-and-oauth-2-0-bearer-token), [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2), or [OAuth 1.0a User Context](/resources/fundamentals/authentication) authentication methods. For simplicity's sake, we are going to utilize App only with this request, but if you'd like to request private [metrics](/x-api/fundamentals/metrics) or Lists, you will need to use one of the other authentication methods.  To utilize App only, you must add your keys and tokens (specifically the[App only Access Token](/resources/fundamentals/authentication#using-and-generating-an-app-only-bearer-token)) to Postman by selecting the environment named “X API v2” (in the top-right corner of Postman), and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). If you've done this correctly, these variables will automatically be pulled into the request's authorization tab.   **Step three: Identify and specify which List you would like to retrieve** You must specify a List that you would like to receive within the request. You can find the List ID by navigating to x.com and clicking on a List and then looking in the URL. For example, the following URL's List ID is 84839422. [https://x.com/i/lists/84839422](https://x.com/i/lists/84839422) The target ID can be any valid List ID. In Postman, navigate to the "Params" tab, and enter your ID into the "Value" column of the id path variable. Be sure not to include any spaces before or after any ID. | | | | :------ | :--------------------- | | **Key** | **Value** | | id | 84839422 (The List ID) | **Step four: Identify and specify which fields you would like to retrieve** If you click the "Send" button after step three, you will receive the default [List object](/x-api/fundamentals/data-dictionary#list) fields in your response: id, name. If you would like to receive additional fields, you will have to specify those fields in your request with list.fields and/or [expansion](/x-api/fundamentals/expansions) parameters. For this exercise, we will request three additional sets of fields from different objects: * The additional created\_at field in the primary Lists object. * The full [user object](/x-api/fundamentals/data-dictionary#user) using the expansion parameter * The additional user.created\_at field in the associated user object. In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | | :---------- | :---------- | :---------------------------------------------------------------------------- | | **Key** | **Value** | **Returned fields** | | list.fields | created\_at | created\_at | | expansions | owner\_id | includes.users.id,
includes.users.name,
includes.users.username | | user.fields | created\_at | includes.users.created\_at | You should now see a similar URL next to the “Send” button: `https://api.x.com/2/lists/84839422?list.fields=owner_id&expansions=owner_id&user.fields=created_at` **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button, and you will receive a similar response to the following example response: ``` { "data": { "id": "84839422", "name": "Official Twitter Accounts", "owner_id": "783214" }, "includes": { "users": [ { "name": "Twitter", "created_at": "2007-02-20T14:35:54.000Z", "username": "Twitter", "id": "783214" } ] } } ``` # Integration guide Source: https://docs.x.com/x-api/posts/bookmarks/integrate export const Button = ({href, children}) => { return ; }; This page contains information on several tools and critical concepts that you should know as you integrate the manage Bookmarks endpoints into your system. We’ve broken the page into a couple of different sections: * [Helpful tools](/x-api/users/blocks/integrate#helpful-tools) * Key Concepts * [Authentication](/x-api/users/blocks/integrate#authentication) * [Developer portal, Projects, and Apps](/x-api/users/blocks/integrate#developer-portal-projects-and-developer-apps) * [Rate limits](/x-api/users/blocks/integrate#rate-limits) ### Helpful tools Before we dive into some key concepts that will help you integrate this endpoint, we recommend that you become familiar with: #### Postman Postman is a great tool that you can use to test out an endpoint. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our ["Using Postman"](/tutorials/postman-getting-started) page.  #### Code samples Are you interested in getting set up with this endpoint with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our [Github page](https://github.com/xdevplatform/Twitter-API-v2-sample-code). #### Third-party libraries Take advantage of one of our communities’ [third-party libraries](/x-api/tools-and-libraries/overview) to help you get started. You can find a library that works with the v2 endpoints by looking for the proper version tag. ### Key concepts #### Authentication All X API v2 endpoints require you to authenticate your requests with a set of credentials, also known as keys and tokens.  These specific endpoints require the use of [OAuth 2.0 Authorization Code Flow with PKCE](/resources/fundamentals/authentication/oauth-2-0/authorization-code), which means that you must use a set of keys and user Access Tokens to make a successful request. The Access Tokens must be associated with the user that you are requesting on behalf of. If you want to generate a set of Access Tokens for another user, they must authorize or authenticate your App using an [Authorize URL](/resources/fundamentals/authentication#authorize-url). Please note that OAuth 2.0 can be tricky to use. If you are not familiar with this authentication method, we recommend using a [library](/x-api/tools-and-libraries/overview) or a tool like Postman to properly authenticate your requests. #### Developer portal, Projects, and developer Apps To retrieve a set of authentication credentials that will work with the X API v2 endpoints, you must have a [developer account](/resources/fundamentals/developer-portal), set up a [Project](/resources/fundamentals/projects) within that account, and created a [developer App](/resources/fundamentals/developer-apps) within that Project. You can then find your keys and tokens within your developer App.  #### Rate limits Every day, many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, [rate limits](/resources/fundamentals/rate-limits) are placed on each endpoint that limits the number of requests that you can make on behalf of your app or on behalf of an authenticated user.  These endpoints are rate limited at the user level, meaning that the authenticated user that you are making the request on behalf of can only call the endpoint a certain number of times across any developer App. There is a user rate limit of 180 requests per 15 min window for the GET method. With the GET method of the Bookmarks lookup endpoint you will get back 800 of your most recent Bookmarked Posts. Additionally, there is a user rate limit of 50 requests per 15 minutes for the POST and DELETE methods.  # Bookmarks lookup Source: https://docs.x.com/x-api/posts/bookmarks/quickstart/bookmarks-lookup export const Button = ({href, children}) => { return ; }; ### Getting started with the Bookmarks lookup endpoint This quick start guide will help you make your first request to the Bookmarks lookup endpoint using [Postman](/tutorials/postman-getting-started). Please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository if you want to see sample code in different languages. #### Prerequisites To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. #### Steps to build a Bookmarks lookup request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we will use the Postman tool here to simplify the process. To load the X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the “Bookmarks” folder, and select “ Bookmarks lookup”. **Step two: Authenticate your request** To make a successful request to this endpoint, you will need to use [OAuth 2.0 Authorization Code Flow with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3). You can generate an access token within Postman.  If you go to the tab entitled “Authorization” and select “OAuth 2.0”. In this tab, be sure to follow these steps: 1. Name your token 2. Select the Grant Type as Authorization Code (with PKCE) 3. Update the parameters: **Callback URL** - [https://www.example.com](https://www.example.com/) This should be matching the callback URL you set in your auth settings page in the Developer Portal. **Auth URL** - [https://x.com/i/oauth2/authorize](https://x.com/i/oauth2/authorize) **Access Token URL** - [https://api.x.com/2/oauth2/token](https://api.x.com/2/oauth2/token) **Client ID** - Cut and paste OAuth 2.0 client ID from the Developer Portal **Client Secret** - Cut and paste OAuth 2.0 client ID from the Developer Portal. You will need this only if you are using an App type that is a confidential client. 4. Update the scopes with the following values: post.read users.read bookmark.read 5. Populate the field state with “State” 6. Click where it says “Generate Token” 7. Press the save icon to save the folder changes. You may get a message that you are not logged into X. If you get this error, you will need to log in to the X account inside of Postman you are trying to post on behalf of. **Step three: Specify a user** With this endpoint, you must specify the user ID whose followers you would like to receive in the response. For example, the user ID for @XDevelopers is2244994945. In Postman, navigate to the “Params” tab and enter the ID of yourself or an authenticated user as the value for the id parameter. | | | | :------ | :--------- | | **Key** | **Value** | | `id` | 2244994945 | **Step four: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive a similar response to the following example response: ``` { "data": [ { "id": "1501258597237342208", "text": "🗣 Have you built a project using the X API you’d like to share with the community? We’d love to hear from you. Share your project with us!" }, { "id": "1501258542258348032", "text": "🧰🛠 This is just one way developer innovation helps make Twitter a better place. You can find other ready-to-use tools built by our developer community in our Twitter Toolbox here ⬇️ https://t.co/rK0X30JSYU" }, { "id": "1501257716941000709", "text": "📣Today’s an important day! \nWe’ve partnered with @Jigsaw on the launch of this new tool. This collaboration allows NGOs and nonprofits to build tools that help people stay safe on Twitter by addressing the needs and preferences of the communities they serve. Learn More ⬇️ https://t.co/MmznmgxoWT" }, { "id": "1501686770810900485", "text": "Join us tomorrow for a continued conversation on customizing timelines and how this might work for developers. And stay tuned for more Spaces coming up next week. 👀 https://t.co/P4JTc14mdC" }, { "id": "1501596763194593285", "text": "Developer innovation is always important, including in times of crisis. If you're building tools to help connect people, keep them safe, or share information with the world, we're here to support—reply to this Tweet to tell us more about your app." } ] } ``` # Manage bookmarks Source: https://docs.x.com/x-api/posts/bookmarks/quickstart/manage-bookmarks export const Button = ({href, children}) => { return ; }; ## Getting started with the manage Bookmarks endpoints This quick start guide will help you make your first request to the manage Bookmarks endpoints using [Postman](/tutorials/postman-getting-started). If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a manage Bookmarks request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load the X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the “Bookmarks” folder, and select “Create a Bookmark”. **Step two: Authenticate your request** To make a successful request to this endpoint, you will need to use [OAuth 2.0 Authorization Code Flow with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-3). You can generate an access token within Postman.  If you go to the tab entitled “Authorization” and select “OAuth 2.0”. In this tab, be sure to follow these steps: 1. Name your token 2. Select the Grant Type as Authorization Code (with PKCE) 3. Update the parameters: **Callback URL** - [https://www.example.com](https://www.example.com/) This should be matching the callback URL you set in your auth settings page in the Developer Portal. **Auth URL** - [https://x.com/i/oauth2/authorize](https://x.com/i/oauth2/authorize) **Access Token URL** - [https://api.x.com/2/oauth2/token](https://api.x.com/2/oauth2/token) **Client ID** - Cut and paste OAuth 2.0 client ID from the Developer Portal \*\*Client Secret \*\*- Cut and paste OAuth 2.0 client ID from the Developer Portal. You will need this only if you are using an App type that is a confidential client. 4. Update the scopes with the following values: post.read users.read bookmark.write 5. Populate the field state with “State” 6. Click where it says “Generate Token” 7. Press the save icon to save the folder changes. You may get a message that you are not logged into X. If you get this error, you will need to log in to the X account inside of Postman you are trying to post on behalf of. **Step three: Specify a user** With this endpoint, you must specify the user ID whose followers you would like to receive in the response. For example, the user ID for @XDevelopers is `2244994945`. In Postman, navigate to the “Params” tab and enter the ID of yourself or an authenticated user as the value for the id parameter. | | | | | :- | :-- | :----------- | | | Key | Value | | | id | `2244994945` | **Step four: Specify Specify a Post you want to Bookmark** You will want to navigate to the “Body” tab and make sure the Post ID is set to the one you are looking to save to your Bookmarks. The JSON payload should look similar to the one below. ``` {"tweet_id": "1460323737035677698"} ``` **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button, and you will receive a similar response to the following example response: ``` { "data": { "bookmarked": true } } ``` To delete a Post, select the “Remove a Bookmark” request also found in the “Bookmarks” folder of the X API v2 collection loaded in Postman. You will first want to specify the user ID of the user you are making a request on behalf of as the value for the “`id`” column. This endpoint also requires the ID of the Post you wish to delete. Then, in the “Params” tab, enter the ID of the Post you wish to delete as the value for the “`tweet_id`” column.  When you have a successful delete request, you will receive a response similar to the following example:  ``` { "data": { "bookmarked": false } } ``` # Causes the User (in the path) to like the specified Post Source: https://docs.x.com/x-api/posts/causes-the-user-in-the-path-to-like-the-specified-post post /2/users/{id}/likes Causes the User (in the path) to like the specified Post. The User in the path must match the User context authorizing the request. # Causes the User (in the path) to repost the specified Post. Source: https://docs.x.com/x-api/posts/causes-the-user-in-the-path-to-repost-the-specified-post post /2/users/{id}/retweets Causes the User (in the path) to repost the specified Post. The User in the path must match the User context authorizing the request. # Causes the User (in the path) to unlike the specified Post Source: https://docs.x.com/x-api/posts/causes-the-user-in-the-path-to-unlike-the-specified-post delete /2/users/{id}/likes/{tweet_id} Causes the User (in the path) to unlike the specified Post. The User must match the User context authorizing the request # Causes the User (in the path) to unretweet the specified Post Source: https://docs.x.com/x-api/posts/causes-the-user-in-the-path-to-unretweet-the-specified-post delete /2/users/{id}/retweets/{source_tweet_id} Causes the User (in the path) to unretweet the specified Post. The User must match the User context authorizing the request # Creation of a Post Source: https://docs.x.com/x-api/posts/creation-of-a-post post /2/tweets Causes the User to create a Post under the authorized account. # English Language Firehose stream Source: https://docs.x.com/x-api/posts/english-language-firehose-stream get /2/tweets/firehose/stream/lang/en Streams 100% of English Language public Posts. # Firehose stream Source: https://docs.x.com/x-api/posts/firehose-stream get /2/tweets/firehose/stream Streams 100% of public Posts. # Get Historical Metrics for Posts Source: https://docs.x.com/x-api/posts/get-historical-metrics-for-posts get /2/insights/historical Get Historical Metrics for Posts. # Get Last 28hr Metrics for Posts Source: https://docs.x.com/x-api/posts/get-last-28hr-metrics-for-posts get /2/insights/28hr Get 28hr Metrics for Posts. # Hide replies Source: https://docs.x.com/x-api/posts/hide-replies put /2/tweets/{tweet_id}/hidden Hides or unhides a reply to an owned conversation. # Apps Source: https://docs.x.com/x-api/posts/hide-replies/apps export const Button = ({href, children}) => { return ; }; ## Apps using the hide replies endpoint Here's a collection of noteworthy apps built by developers who integrated the hide replies endpoint. By matching their technology with the X API, they created useful experiences to help all users enhance the public conversation. ![Clarabridge](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/hide-replies/clarabridge.jpg.twimg.1920.jpg) **Clarabridge** Clarabridge integrates hide replies so that companies can keep their X feed clean and interesting to read. Replies can be hidden manually, and agents can also use Clarabridge’s text analytics to automatically detect profanity and other language that is not in line with brand policy. [Go to website ▸](https://www.clarabridge.com/ "Go to website ▸") [Clarabridge on X](https://x.com/Clarabridge "Clarabridge on X") ![Perspective API template app](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/hide-replies/perspective-logo.png.twimg.1920.png) **Perspective API template app** Perspective is an artificial intelligence trained by Jigsaw (a unit within Alphabet) to detect toxic comments. This app detects a person's incoming replies, and automatically hides a reply based on the “score” that indicates how confident Perspective is that a comment is similar to toxic comments it’s seen in the past. This is an open source template app developed by X. We encourage you to personalize it to build tools for your users. [Use app ▸](https://quintessential-yoke.glitch.me "Use app ▸") [Jigsaw on X](https://x.com/jigsaw "Jigsaw on X") !\[Reshuffle]\(data:image/svg+xml,%3Csvg xmlns=%22[http://www.w3.org/2000/svg%22](http://www.w3.org/2000/svg%22) viewBox=%220 0 150 150%22%3E%3C/svg%3E) **Reshuffle** Reshuffle is a platform to connect business applications with flexible scripts. They built an integration script to detect and hide replies that include keywords you define. To try it out, make sure you have a valid app enabled for Hide replies, then follow the instructions in the repo. [Go to app ▸](https://github.com/reshufflehq/reshuffle "Go to app ▸") [Reshuffle on X](https://x.com/reshufflehq "Reshuffle on X") !\[Hide unwanted replies]\(data:image/svg+xml,%3Csvg xmlns=%22[http://www.w3.org/2000/svg%22](http://www.w3.org/2000/svg%22) viewBox=%220 0 396 397%22%3E%3C/svg%3E) **Hide unwanted replies** Dara Oladosu, the developer behind the popular app QuotedReplies, built an app that automatically hides replies that meet some of the criteria that he’s determined are more likely to exhibit abusive behavior, including replies that contain certain keywords he’s muted in the past. [Go to app ▸](https://hideunwantedreplies.com/ "Go to app ▸") [Dara Oladosu on X](https://x.com/dara_tobi "Dara Oladosu on X") !\[Pandaflow]\(data:image/svg+xml,%3Csvg xmlns=%22[http://www.w3.org/2000/svg%22](http://www.w3.org/2000/svg%22) viewBox=%220 0 94 94%22%3E%3C/svg%3E) **Pandaflow** Pandaflow is a no code platform to automate workflows. They integrate the endpoint so users can programmatically hide replies based on a custom flow they define. [Go to app ▸](https://pandaflow.io/ "Go to app ▸") [Pandaflow on X](https://x.com/pandaflowio "Pandaflow on X") # Manage replies by topic Source: https://docs.x.com/x-api/posts/hide-replies/integrate/manage-replies-by-topic export const Button = ({href, children}) => { return ; }; ### Manage replies by topic Through the hide replies endpoint, you can build integrations to help people and brands keep their conversation on topic. This page shows how to manage a conversation using the hide replies and [recent search](/x-api/posts/recent-search) endpoints. Recent search has functionality to a conversation and its replies, and the Post payload returns [Post annotations](/x-api/fundamentals/post-annotations) to help you understand the context and topic of each Post, regardless of language. The app's flow will have controls to display and manage a conversation: 1. It asks the user’s permission to read their Posts and manage their replies. 2. It pulls a recent conversation from a Post URL, and checks that the conversation is from the authenticating user. 3. It will call the recent search endpoint to display each Post in the conversation. The request will include a conversation ID search query and the annotation expansion to determine if the Post is sports-related or not, according to X's interpretation of the Post. 4. It calls Hide replies to hide a reply when the user chooses to do so. It will also provide a way to undo this action in case, so that the user is always in control.  5. For longer conversations, it will provide controls to [paginate through search results](/x-api/posts/search/integrate/paginate).   #### Optimize for the user (and for usage) You can design a flow in a way that puts the user in control of any action they intend to make. Keeping this principle in mind also helps you build an integration that can optimize for Post consumption. 1. Because the authenticated user can only manage conversations they started, your flow should terminate early when that's not the case. * Make an initial Post lookup request. Terminate the flow early if the Post URL is not valid or the conversation was not started by the authenticating user. * This way, your app doesn't have to make a recent search request if the conversation cannot be moderated by the authenticated user. 2. Request [user and Post fields](/x-api/fundamentals/fields) in the same request to avoid making separate requests. This approach can also improve your app's performance. 3. Avoid making requests when needed. This app caches a reply's hidden status in the user's browser. This is useful for larger conversations, where the user may want to pick up their moderation efforts at a later stage, and it helps your app optimize requests to hide or unhide replies. # Manage replies by topic Source: https://docs.x.com/x-api/posts/hide-replies/integrate/manage-replies-in-realtime export const Button = ({href, children}) => { return ; }; ### Manage replies in realtime With the hide replies endpoint, you can build a workflow to helps your users hide replies that have a very high-probability of being irrelevant. Useful apps often combine technologies so that they can be valuable to their users. This page shows how to hide replies by using the [Perspective API](https://www.perspectiveapi.com/). This API is an artificial intelligence trained by [Jigsaw](https://jigsaw.google.com/), a unit within Google, to detect toxic comments. The application logic will work in the following way: 1. It asks the user’s permission to read their Posts and hide or unhide their replies. 2. It uses the [Account Activity API](https://developer.x.com/en/docs/x-api/v1/accounts-and-users/subscribe-account-activity/overview) to detect incoming replies. 3. It asks the Perspective API to give a “score” (a number between 0 and 1) that indicates how confident their algorithm is that a comment is similar to toxic comments it’s seen in the past. (Perspective does not store the text sent to the service). 4. It calls hide replies if the algorithm’s score is very high. #### Strive for transparency Because Perspective is not trained on actual Posts, certain language nuances may cause this app to hide a reply that a user wants to remain unhidden. Regardless of the technology or the approach you use when designing your app, always make the best possible effort to ensure that your users understand what your app has hidden and can make changes. * The best option is to always trust the user and to give them full control over their decisions. This means your user experience should include controls to undo any action taken by your app on behalf of the user. * When using an artificial intelligence, your app should use a very high confidence threshold to detect and hide Posts. * Not everybody uses the same words, and your app should be designed to avoid any bias. Be mindful of reclaimed words and slang that may lead to false positives. * If you are training an artificial intelligence, consider adopting a model that closely reflects language often used on X. # Introduction Source: https://docs.x.com/x-api/posts/hide-replies/introduction export const Button = ({href, children}) => { return ; }; This endpoint gives you the ability to programmatically hide or unhide replies using criteria you define. Just like the functionality in the main X experience, replies will be hidden from the main conversation but still visible on a separate page. You can use the endpoint to create apps to help people hide replies they don’t find valuable. The hide replies endpoint uses either [OAuth 1.0a User Context](/resources/fundamentals/authentication#oauth-1-0a-2) or [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) authentication. If successful, the endpoint hides a single Reply that was published in a Post conversation that was initiated by an authenticated user. Each conversation supports hiding up to 725 Posts. **Account setup** To access these endpoints, you will need: * An approved [developer account](https://developer.x.com/en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).
# Quickstart Source: https://docs.x.com/x-api/posts/hide-replies/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the hide replies endpoint This quick start guide will help you make your first request to the hide replies endpoint using [Postman](/tutorials/postman-getting-started). If you would like to see some code snippets in different languages, please visit the [hide replies API Reference page](/x-api/posts/hide-replies#put-2-tweets-id-hidden).  ### Prerequisites To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to build a PUT /tweets/:id/hidden request #### Step one: Start with a tool or library There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the hide replies endpoint. #### Step two: Authenticate your request To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request using either [OAuth 1.0a User Context](/resources/fundamentals/authentication) or [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2). In this example, we are going to use OAuth 1.0a User Context. You must add your keys and tokens – specifically your API Key, API Secret Key, OAuth 1.0a user Access Token, and OAuth 1.0a user Access Token Secret – to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). These variables will automatically be pulled into the request's authorization tab if you've done this correctly.   #### Step three: Find a Post ID to hide The hide replies endpoint can hide or unhide replies on behalf of an authorized user. Because we are using the Access Tokens related to your user profile in this example, you will be able to hide replies from users who participate in a conversation started by you. Similarly, if you were using Access Tokens that belong to another user that authorized your app, you would be able to moderate replies to any conversations started by that account. Ask a friend to reply to a Post (let them know you're testing hide replies) or reply to any of your Posts from a test account. Click on that reply, then copy the numeric part of its URL. That will be the Post ID we will hide. In this case, we will be looking at the following Post, which has the ID `1232720193182412800`: `https://x.com/TwitterDev/status/1232720193182412800` #### Step four: Hide the Post In Postman, open the Hide replies folder and select Hide a reply. In the Params tab, paste the Post ID next to the id field (you won't need to replace :id in the URL). Click "Send" and you will see a successful response. `{"hidden":true}` #### Step five: Unhide the Post Hidden Posts are moved to a separate tab in the X app. To unhide a Post in Postman, open the Hide replies folder and select Unhide a reply. In the Params tab, paste the same Post ID used in the previous step next into the id field. Click "Send" and you will see a successful response. `{"hidden":false}` The hidden field represents the hidden status of the Post. A hidden status of true means the Post is hidden. Similarly, false means the Post is not hidden. # Japanese Language Firehose stream Source: https://docs.x.com/x-api/posts/japanese-language-firehose-stream get /2/tweets/firehose/stream/lang/ja Streams 100% of Japanese Language public Posts. # Korean Language Firehose stream Source: https://docs.x.com/x-api/posts/korean-language-firehose-stream get /2/tweets/firehose/stream/lang/ko Streams 100% of Korean Language public Posts. # Introduction Source: https://docs.x.com/x-api/posts/likes/introduction export const Button = ({href, children}) => { return ; }; ### Likes lookup With endpoints in the Likes lookup group, you can retrieve a list of accounts that have liked a Post, or a list of Posts that an account has liked. These endpoints include: * Posts liked by a user - GET /2/users/:id/liked\_tweets * Users who have liked a Post - GET /2/tweets/:id/liking\_users You can authenticate these endpoints with either [OAuth 1.0a User Context](/resources/fundamentals/authentication) or [OAuth 2.0 Bearer Token](/resources/fundamentals/authentication#oauth-2-0). For the liked Posts endpoints, pagination tokens will be provided for paging through large sets of results. The liking users endpoint limits you to a total of 100 liking accounts per post for all time.  Additionally, the liked Posts endpoint is also subject to the monthly [Post cap](/x-api/fundamentals/post-cap) applied at the Project level.   ### Manage Likes The manage Likes endpoints enable you to like or unlike a specified Post on behalf of an authenticated account. For this endpoint group, there are two methods available POST and DELETE. The POST method allows you to like a Post, and the DELETE method will enable you to unlike a Post. Since you are making requests on behalf of a user, you must authenticate these endpoints with [OAuth 1.0a User Context](/resources/fundamentals/authentication) and use the Access Tokens associated with the user, which can be generated using the [3-legged OAuth flow](/resources/fundamentals/authentication#oauth-1-0a-2)/obtaining-user-access-tokens). You can like a Post from your account or an account of an authenticated user. With both endpoints, there is a user rate limit of 50 requests per 15 minutes per endpoint.    To access these endpoint, you must have an approved [developer account](/resources/fundamentals/developer-portal). When authenticating, you must use keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects).  Learn more about getting access to the X API v2 endpoints in our [getting started](/x-api/getting-started/about-x-api) page.
# Likes lookup Source: https://docs.x.com/x-api/posts/likes/quickstart/likes-lookup export const Button = ({href, children}) => { return ; }; ### Getting started with the Likes lookup endpoint This quick start guide will help you make your first request to the Likes lookup endpoint using [Postman](/tutorials/postman-getting-started). If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.   #### Prerequisites For you to be able to complete this guide, you will have need to have a set of [keys and tokens](/resources/fundamentals/authentication), which you can generate by following these steps: 1. [Apply for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. 2. Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. 3. Navigate to your app's “Keys and tokens” page, and save your API Keys, Access Tokens, and Bearer Token to your password manager. #### Steps to build a Likes lookup request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we will use the Postman tool here to simplify the process. To load the X API v2 Postman collection into your environment, please click on the following button: [![](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/m1_vnext/carat.svg)
Add X API v2 to Postman](https://www.postman.com/xapidevelopers/twitter-s-public-workspace/collection/r90eid4/twitter-api-v2?ctx=documentation) Once you have the X API v2 collection loaded in Postman, navigate to the "Likes" folder and select "Liking users.”    **Step two: Authenticate your request** To make a successful request to this endpoint, you will need to use either [OAuth 1.0a User Context](/resources/fundamentals/authentication) or [OAuth 2.0 Bearer Token](/resources/fundamentals/authentication#oauth-2-0) authentication. To do this, you must add the following keys and tokens to Postman by selecting the environment named "X API v2", and adding the following variables to the Initial value and Current value fields: * consumer\_key with your API Key * consumer\_secret with your API Key Secret * access\_token with your Access Token * token\_secret with your Access Token Secret   **Step three: Specify a Tweet** With this endpoint, you must specify the Tweet ID that you want to get liking users for. You can find the ID of a Tweet by navigating to that Tweet on Twitter and pulling the numerical code at the end of the URL. For example, the following URL's Tweet ID is 1354143047324299264. [https://x.com/TwitterDev/status/1354143047324299264](https://x.com/TwitterDev/status/1354143047324299264) In Postman, navigate to the "Params" tab and enter this username into the "Value" column of the tweet\_id path variable (at the bottom of the section), making sure to not include any spaces before or after usernames.  | | | | :------ | :----------------------------------------------- | | **Key** | **Value** | | `id` | The Tweet ID you want to get the liking users of | **Step four: Identify and specify which fields you would like to retrieve** If you click the "Send" button after step three, you will receive the default [user object](/x-api/fundamentals/data-dictionary#user) fields in your response: id, name, and username. If you would like to receive additional fields beyond id, name, and username, you will have to specify those fields in your request with the [fields](/x-api/fundamentals/fields) and/or [expansions](/x-api/fundamentals/expansions) parameters. For this exercise, we will request three additional sets of fields from different objects: 1. The additional user.created\_at field in the primary user objects. 2. The associated pinned Tweets’ object’s default fields for the returned users: id and text. 3. The additional  tweet.created\_at field in the associated Tweet objects. In Postman, navigate to the "Params" tab and add the following key:value pair to the "Query Params" table: | | | | | :----------- | :---------------- | :------------------- | | **Key** | **Value** | **Returned fields** | | user.fields | created\_at | user.created\_at | | expansions | pinned\_tweet\_id | tweet.id, tweet.text | | tweet.fields | created\_at | tweet.created\_at | You should now see the following URL next to the "Send" button: `https://api.x.com/2/tweets/1354143047324299264/liking_users?user.fields=created_at&expansions=pinned_tweet_id&tweet.fields=created_at` **Step five: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive a similar response to the following example response: ``` { "data": [ { "created_at": "2008-12-04T18:51:57.000Z", "id": "17874544", "username": "TwitterSupport", "name": "Twitter Support" }, { "created_at": "2007-02-20T14:35:54.000Z", "id": "783214", "username": "Twitter", "name": "Twitter" }, { "pinned_tweet_id": "1389270063807598594", "created_at": "2018-11-21T14:24:58.000Z", "id": "1065249714214457345", "username": "TwitterSpaces", "name": "Spaces" }, { "pinned_tweet_id": "1293595870563381249", "created_at": "2007-05-23T06:01:13.000Z", "id": "6253282", "username": "XAPI", "name": "X API" } ], "includes": { "tweets": [ { "created_at": "2021-05-03T17:26:09.000Z", "id": "1389270063807598594", "text": "now, everyone with 600 or more followers can host a Space.\n\nbased on what we've learned, these accounts are likely to have a good experience hosting because of their existing audience. before bringing the ability to create a Space to everyone, we’re focused on a few things. 🧵" }, { "created_at": "2020-08-12T17:11:04.000Z", "id": "1293595870563381249", "text": "X API v2: Early Access released\n\nToday we announced Early Access to the first endpoints of the new Twitter API!\n\n#TwitterAPI #EarlyAccess #VersionBump https://t.co/g7v3aeIbtQ" } ] } } ``` **Step six: Get a user’s liked Tweets** You might also want to make a request to get a user’s liked Tweets as well. With the Likes lookup endpoint, you can get information about a user’s liked Tweets. To do this navigate to the "Likes" folder and select "Liked Tweets”.  With this endpoint, you must specify the User ID that you want to get liking users for. You can use the [user lookup](/x-api/users/lookup/introduction) endpoint to get this information. In Postman, navigate to the "Params" tab and enter this username into the "Value" column of the id path variable (at the bottom of the section), making sure to not include any spaces before or after usernames.  | | | | :----------- | :---------------------------------------------- | | **Key** | **Value** | | id | The user ID you want to get the liked Tweets of | | max\_results | 5 | You can now see a similar URL with your ID instead of TwitterDev’s next to the "Send" button:   `https://api.x.com/2/users/2244994945/liked_tweets?max_results=5` Once you have everything set up, hit the "Send" button and you will receive a similar response to the following example response: ``` { "data": [ { "id": "1362449997430542337", "text": "Honored to be the first developer to be featured in @TwitterDev's love fest 🥰♥️😍 https://t.co/g8TsPoZsij" }, { "id": "1365416026435854338", "text": "We're so happy for our Official Partner @Brandwatch and their big news. https://t.co/3DwWBNSq0o https://t.co/bDUGbgPkKO" }, { "id": "1296487407475462144", "text": "Check out this feature on @TwitterDev to learn more about how we're mining social media data to make sense of this evolving #publichealth crisis https://t.co/sIFLXRSvEX." }, { "id": "1294346980072624128", "text": "I awake from five years of slumber https://t.co/OEPVyAFcfB" }, { "id": "1283153843367206912", "text": "@wongmjane Wish we could tell you more, but I’m only a teapot 👀" } ], "meta": { "next_token": "7140dibdnow9c7btw4539n0vybdnx19ylpayqf16fjt4l", "result_count": 5 } } ``` # Manage Likes Source: https://docs.x.com/x-api/posts/likes/quickstart/manage-likes export const Button = ({href, children}) => { return ; }; ### Getting started with the manage Likes endpoints This quick start guide will help you make your first request to the manage Likes endpoints using [Postman](/tutorials/postman-getting-started). If you would like to see sample code in different languages, please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository.  #### Prerequisites For you to be able to complete this guide, you will have need to have a set of [keys and tokens](/resources/fundamentals/authentication), which you can generate by following these steps: 1. [Apply for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. 2. Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. 3. Navigate to your app's “Keys and tokens” page, and save your API Keys, Access Tokens, and Bearer Token to your password manager. #### Steps to build a manage Likes request **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load the X API v2 Postman collection into your environment, please click on the following button: [![](https://cdn.cms-twdigitalassets.com/content/dam/developer-twitter/m1_vnext/carat.svg)
Add X API v2 to Postman](https://www.postman.com/xapidevelopers/twitter-s-public-workspace/collection/r90eid4/twitter-api-v2?ctx=documentation) Once you have the X API v2 collection loaded in Postman, navigate to the “Likes” folder, and select “Like a Post”. **Step two: Authenticate your request** To make a successful request to this endpoint, you will need to use [OAuth 1.0a User Context](/resources/fundamentals/authentication). To do this, you must add the following keys and tokens to Postman by selecting the environment named “X API v2”, and adding the following variables to the initial value and current value fields: * consumer\_key with your API Key * consumer\_secret with your API Key Secret * access\_token with your Access Token * token\_secret with your Access Token Secret   **Step three: Specify which Post you are going to like** Manage Likes endpoints require two IDs: one for the user (the user who wishes to like a Post), and the other representing the  Post ID that the user is trying to like or unlike.  The user’s ID must correspond to the authenticating user’s ID, meaning that you must pass the [Access Tokens](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow) associated with the user ID when authenticating your request.  In this case, you can specify the ID belonging to your own user. You can find your ID in two ways: 1. Using the [user lookup by username](/x-api/users/user-lookup-by-id) endpoint, you can pass a username and receive the id field.  2. Looking at your Access Token, you will find that the numeric part is your user ID.   You also must specify a Post that you want to like. You can find the Post ID by navigating to x.com and clicking on a Post and then looking in the URL. For example, the following URL's Post ID is 1228393702244134912. [https://x.com/TwitterDev/status/1228393702244134912](https://x.com/TwitterDev/status/1228393702244134912) In Postman, navigate to the "Params" tab, and enter your ID into the "Value" column of the id path variable. Navigate to the “Body” tab and ID of the Post you wish to like as the value for the tweet\_id parameter. Be sure not to include any spaces before or after any ID. | | | | :-------- | :------------------------------------ | | **Key** | **Value** | | `id` | (your user ID) | | tweet\_id | (the ID of the Post you want to like) | If you click the "Send" button, you will receive a response object containing the status of the relationship: * If you receive a "liked": true, then the id is successfully liking the tweet\_id.   **Step four: Make your request and review your response** Once you have everything set up, hit the "Send" button and you will receive the following response: ``` { "data": { "liked": true } } ``` If you wish to unlike the same Post you can use the request entitled “Unlike a Post”, which is also found in the “Likes” folder of the X API v2 collection in Postman. The id and tweet\_id should be used in the same way as the previous example.  To unlike a Post, you will not have to add this as a JSON body so you will want to make sure that you add in the requisite query params for id and tweet\_id. # Integration guide Source: https://docs.x.com/x-api/posts/manage-tweets/integrate export const Button = ({href, children}) => { return ; }; This page contains information on several tools and key concepts that you should be aware of as you integrate the manag Posts endpoints into your system. We’ve broken the page into a couple of different sections: * [Helpful tools](#helpful) * Key Concepts * [Authentication](#authentication) * [Developer portal, Projects, and Apps](#portal) * [Rate limits](#limits) * [Source labels](#source)[](#source)[](#source) * [Profile settings](#settings) * [Adding media to a Post](#media) ## Helpful tools Before we dive into some key concepts that will help you integrate this endpoint, we recommend that you become familiar with: ### Postman Postman is a great tool that you can use to test out an endpoint. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our ["Using Postman"](/tutorials/postman-getting-started) page.    ### Code samples Interested in getting set up with this endpoint with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our [Github page](https://github.com/xdevplatform/Twitter-API-v2-sample-code).   ### Third-party libraries Take advantage of one of our communities’ [third-party libraries](/x-api/tools-and-libraries/overview) to help you get started. You can find a library that works with the v2 endpoints by looking for the proper version tag.   ## Key concepts ### Authentication All X API v2 endpoints require you to authenticate your requests with a set of credentials, also known as keys and tokens.  These specific endpoints requires the use of [OAuth 1.0a User Context](/resources/fundamentals/authentication), which means that you must use a set of API keys and user Access Tokens to make a successful request. The Access Tokens must be associated with the user that you are making the request on behalf of. If you would like to generate a set of Access Tokens for another user, they must authorize or authenticate your App using the [3-legged OAuth flow](/resources/fundamentals/authentication#obtaining-access-tokens-using-3-legged-oauth-flow). Please note that OAuth 1.0a can be difficult to use. If you are not familiar with this authentication method, we recommend that you use a [library](/x-api/tools-and-libraries/overview), use a tool like Postman, or use OAuth 2.0 to authenticate your requests. [OAuth 2.0 Authorization Code with PKCE](/resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2) allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user.  To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal. ### Developer portal, Projects, and developer Apps To retrieve a set of authentication credentials that will work with the X API v2 endpoints, you must have a \[developer account]/resources/fundamentals/developer-portal), set up a [Project](/resources/fundamentals/projects) within that account, and created a [developer App](/resources/fundamentals/developer-apps) within that Project. You can then find your keys and tokens within your developer App.    ### Rate limits Every day, many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, [rate limits](https://developer.x.com/x-api/fundamentals/rate-limits) are placed on each endpoint that limits the number of requests that you can make on behalf of your app or on behalf of an authenticated user. These endpoints are rate limited at the user level, meaning that the authenticated user that you are making the request on behalf of can only call the endpoint a certain number of times across any developer App. There is a user rate limit of 200 requests per 15 minutes for the POST method. The DELETE method has a rate limit of 50 requests for 15 minutes. Additionally, there is a limit of [300 requests per 3 hours](https://blog.x.com/developer/en_us/topics/tools/2018/new-developer-requirements-to-protect-our-platform), including Posts created with either manage Posts or manage Retweets.   ### Source labels Your App name and website URL will be shown as the [source label](https://help.x.com/en/using-twitter/how-to-tweet#source-labels) within metadata for any Posts created programmatically by your application. If you change the use case of a X App, be sure to update the use case in these settings in order to ensure you are in compliance with the [Developer Terms](https://developer.x.com/content/developer-twitter/en/developer-terms/agreement-and-policy).   ### Profile settings You can only add a location to Posts if you have geo enabled in your profile settings. If you don’t have geo enabled, you can still add a location parameter in your request body, but it won’t get attached to your Post. The same is also true for tagging users in images. If the user you’re tagging doesn’t have photo-tagging enabled, their names won’t show up in the list of tagged users even though the Post is successfully created.    ### Adding media to a Post Currently, isn’t a way to fully upload media using v2 of the X API currently. However, you attach previously uploaded media to a Post. You can use media IDs that have been already [uploaded using the v1 media endpoint](https://developer.x.com/en/docs/twitter-api/v1/media/upload-media/api-reference/post-media-upload) or [X Media Studio](https://media.x.com/en/articles/products/2018/media-studio). These media ids must be your own or that of an authenticated user. **Next steps** [API reference](/x-api/posts/manage-tweets#manage-tweets-api-reference-index) # Introduction Source: https://docs.x.com/x-api/posts/manage-tweets/introduction export const Button = ({href, children}) => { return ; }; Creating and deleting Posts using the X API is essential for engaging with the public conversation. The new manage Posts endpoints allow you to do just that and much more. We have two available methods for managing Posts, POST and DELETE. The POST method lets you post polls, quote Tweets, post with reply settings, post with geo, post with media and tag users, and post to Super Followers, in addition to other features. Likewise, the DELETE method allows you to delete a specific Post. For the POST method, you can pass in [the parameters](/x-api/posts/creation-of-a-post) you are looking for to enable you to further customize your request. The 'delete Post' method has been updated to support edited Posts. When any Post in a chain of Post edits is deleted, all Posts in that edit chain are also deleted. To learn more about Edit Post metadata, check out the [Edit Posts fundamentals](/x-api/fundamentals/edit-posts) page. There is a user rate limit of 200 requests per 15 minutes for the POST method. The DELETE method has a rate limit of 50 requests per 15 minutes. Additionally, there is a limit of 300 requests per 3 hours, including Posts created with either manage Posts or manage Retweets. Since you are making requests on behalf of a user with the manage Posts endpoints, you must authenticate with either [OAuth 1.0a User Context](https://en.docs/authentication/oauth-1-0a) or [OAuth 2.0 Authorization Code with PKCE](https://en.docs/authentication/oauth-2-0/authorization-code), and use user Access Tokens associated with a user that has authorized your App. To generate this user Access Token with OAuth 1.0a, you can use the [3-legged OAuth flow](https://en.docs/authentication/oauth-2-0/bearer-tokens). To generate a user Access Token with OAuth 2.0, you can use the [Authorization Code with PKCE grant flow](https://en.docs/authentication/oauth-2-0/user-access-token). **Account setup** To access these endpoints, you will need: * An approved [developer account](https://en/portal/petition/essential/basic-info). * To authenticate using the keys and tokens from a [developer App](/resources/fundamentals/developer-apps) that is located within a [Project](/resources/fundamentals/projects). Learn more about getting access to the X API v2 endpoints in our [getting started guide](/x-api/getting-started/getting-access).


## Supporting resources * [Learn how to use Postman](/tutorials/postman-getting-started) * [Troubleshoot an error](https://en/support/twitter-api) * [API Reference](/x-api/posts/manage-tweets/introduction) # Quickstart Source: https://docs.x.com/x-api/posts/manage-tweets/quickstart export const Button = ({href, children}) => { return ; }; ## Getting started with the manage Posts endpoints\*\* This quick start guide will help you make your first request to the manage Posts endpoints using [Postman](/tutorials/postman-getting-started). Please visit our [X API v2 sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code) GitHub repository if you want to see sample code in different languages. **Prerequisites** To complete this guide, you will need to have a set of [keys and tokens](/resources/fundamentals/authentication) to authenticate your request. You can generate these keys and tokens by following these steps: * [Sign up for a developer account](https://developer.x.com/en/apply-for-access) and receive approval. * Create a [Project](/resources/fundamentals/projects) and an associated [developer App](/resources/fundamentals/developer-apps) in the developer portal. * Navigate to your App's “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location. ### Steps to building manage Posts requests **Step one: Start with a tool or library** There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we are going to use the Postman tool here to simplify the process. To load X API v2 Postman collection into your environment, please click on the following button: Once you have the X API v2 collection loaded in Postman, navigate to the “Manage Posts” folder, and select “Create a Post”.   **Step two: Authenticate your request** To properly make a request to the X API, you need to verify that you have permission to do so. To do this with the manage Posts endpoints, you must authenticate your request using either [OAuth 1.0a User Context](/resources/fundamentals/authentication) or [OAuth 2.0 Authorization Code with PKCE](resources/fundamentals/authentication#oauth-2-0-authorization-code-flow-with-pkce-2). In this example, we are going to use OAuth 1.0a User Context. You must add your keys and tokens (and specifically your API Key, API Secret Key, OAuth 1.0a user Access Token, and OAuth 1.0a user Access Token Secret) to Postman. You can do this by selecting the environment named “X API v2” (in the top-right corner of Postman), and adding your keys and tokens to the "initial value" and "current value" fields (by clicking the eye icon next to the environment dropdown). If you've done this correctly, these variables will automatically be pulled into the request's authorization tab. **Step three: Specify the text of the Post** When creating a new Post with this endpoint, text or media for the Post are the required body parameters. In Postman, navigate to the “Body” tab and enter the text of the Post as the value for the `text` parameter. Additionally, if you wish to add parameters for items such as polls, replying to a Post ID, or adding reply settings you can also do so here. You can learn more about what’s available in our [API reference guide](/x-api/posts/manage-tweets/introduction). | | | | | :------ | :----------- | :----------------- | | **Key** | **Value** | **Parameter type** | | `text` | Hello world! | body | **Step four: Identify and specify which fields you would like to retrieve** Once you have everything set up, hit the "Send" button, and you will receive a similar response to the following example response: ``` { "data": { "id": "1445880548472328192", "text": "Hello world!" } } ``` If the returned response object contains an `id` and the `text` of your Post, you have successfully created a Post.   **Step five: Delete your Post** To delete a Post, select the “Delete a Post” request also found in the “Manage Posts” folder of the X API v2 collection loaded in Postman. This endpoint requires the ID of the Post you wish to delete. Then, in the “Params” tab, enter the ID of the Post you wish to delete as the value for the `id` column.  On successful delete request, you will receive a response similar to the following example: ``` { "data": { "deleted" : true } } ``` **Next steps** [API Reference](/x-api/posts/manage-tweets#manage-tweets-api-reference-index) [Get support](https://developer.x.com/en/support/x-api) [Sample code](https://github.com/xdevplatform/Twitter-API-v2-sample-code "Sample code") # Portuguese Language Firehose stream Source: https://docs.x.com/x-api/posts/portuguese-language-firehose-stream get /2/tweets/firehose/stream/lang/pt Streams 100% of Portuguese Language public Posts. # Post delete by Post ID Source: https://docs.x.com/x-api/posts/post-delete-by-post-id delete /2/tweets/{id} Delete specified Post (in the path) by ID. # Introduction Source: https://docs.x.com/x-api/posts/quote-tweets/introduction export const Button = ({href, children}) => { return ; }; ### Quote Tweets lookup Here is a Quote Tweet for a Post from @API: