Step one: Sign up for a developer account
Signing up for a developer account is quick and easy! Just click on the button below, answer a few questions, and you can start exploring and building on the X API v2 using Basic access. Next you will create a Project and an associated developer App during the onboarding process, which will provide you a set of credentials that you will use to authenticate all requests to the API. Sign upStep two: Save your App’s key and tokens and keep them secure
Once you have access and have created a Project and App, you will be able to find or generate the following credentials within your developer App:- API Key and Secret: Essentially the username and password for your App. You will use these to authenticate requests that require OAuth 1.0a User Context, or to generate other tokens such as user Access Tokens or App Access Token.
- Access Token and Secret: In general, Access Tokens represent the user that you are making the request on behalf of. The ones that you can generate via the developer portal represent the user that owns the App. You will use these to authenticate requests that require OAuth 1.0a User Context. If you would like to make requests on behalf of another user, you will need to use the 3-legged OAuth flow for them to authorize you.
- Client ID and Client Secret: These credentials are used to obtain a user Access Token with OAuth 2.0 authentication. Similar to OAuth 1.0a, the user Access Tokens are used to authenticate requests that provide private user account information or perform actions on behalf of another account but, with fine-grained scope for greater control over what access the client application has on the user.
- App only Access Token: You will use this token when making requests to endpoints that responds with information publicly available on X.
Please note: Your keys and tokens will only display once in the developer portal, so it is important that you store these credentials in your password management system as soon as you generate them. If you misplace or forget the keys and tokens, you will need to regenerate them, which creates new credentials and invalidates the old ones. This means that you will have to update any integrations that you may have set up with your prior credentials. Learn more about our authentication best practices.