Blocks
Using blocks lookup, you can see who you or an authenticated user has blocked. This can be useful for determining how you can interact with a given account.
Introduction
Blocks lookup
The blocks lookup GET endpoint allows you to see which accounts you’ve blocked on behalf of an authorized user. This endpoint has a rate limit of 15 requests per 15 minutes per user.
Since you are making requests for private information with blocks lookup, and on behalf of a user with manage blocks, you must authenticate these endpoints with either OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE, and use the user Access Tokens associated with a user that has authorized your App, which can be generated using the 3-legged OAuth flow (OAuth 1.0a) or the Authorization Code with PKCE grant flow) (OAuth 2.0).
Account setup
To access these endpoints, you will need:
- An approved developer account.
- To authenticate using the keys and tokens from a developer App that is located within a Project.
Learn more about getting access to the X API v2 endpoints in our getting started guide.
Getting started with the blocks lookup endpoint
This quick start guide will help you make your first request to the blocks lookup endpoint using Postman.
If you would like to see sample code in different languages, please visit our X API v2 sample code GitHub repository.
Prerequisites
To complete this guide, you will need to have a set of keys and tokens to authenticate your request. You can generate these keys and tokens by following these steps:
- Sign up for a developer account and receive approval.
- Create a Project and an associated developer App in the developer portal.
- Navigate to your App’s “Keys and tokens” page to generate the required credentials. Make sure to save all credentials in a secure location.
Steps to build a blocks lookup request
Step one: Start with a tool or library
There are several different tools, code examples, and libraries that you can use to make a request to this endpoint, but we will use the Postman tool here to simplify the process.
To load the X API v2 Postman collection into your environment, please click on the following button:
Once you have the X API v2 collection loaded in Postman, navigate to the “Blocks” folder, and select “Blocks Lookup”.
Step two: Authenticate your request
To properly make a request to the X API, you need to verify that you have permission. To do so with this endpoint, you must authenticate your request using either OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE.
In this example, we are going to use OAuth 1.0a User Context.
You must add your keys and tokens – specifically your API Key, API Secret Key, OAuth 1.0a user Access Token, and OAuth 1.0a user Access Token Secret – to Postman. You can do this by selecting the environment named “X API v2” in the top-right corner of Postman and adding your keys and tokens to the “initial value” and “current value” fields (by clicking the eye icon next to the environment dropdown).
These variables will automatically be pulled into the request’s authorization tab if you’ve done this correctly.
Step three: Specify a user
With this endpoint, you must specify your user ID or the user ID of an authenticated user to see who you have blocked.
In Postman, navigate to the “Params” tab and enter this username into the “Value” column of the id path variable (at the bottom of the section), making sure to not include any spaces before or after usernames.
| Key | Value |
id | (your user ID) |
| max_results | 5 |
Step four: Identify and specify which fields you would like to retrieve
If you click the “Send” button after step three, you will receive the default user object fields in your response: id, name, and username.
If you would like to receive additional fields beyond id, name, and username, you will have to specify those fields in your request with the fields and/or expansions parameters.
For this exercise, we will request three additional sets of fields from different objects:
- The additional user.created_at field in the primary user objects.
- The associated pinned Posts’ object’s default fields for the returned users: id and text.
- The additional tweet.created_at field in the associated Post objects.
In Postman, navigate to the “Params” tab and add the following key:value pair to the “Query Params” table:
| Key | Value | Returned fields |
| user.fields | created_at | user.created_at |
| expansions | pinned_tweet_id | tweet.id, tweet.text |
| tweet.fields | created_at | includes.tweets.created_at |
You should now see a similar URL with your own user ID instead of TwitterDev’s URL next to the “Send” button:
Step five: Make your request and review your response
Once you have everything set up, hit the “Send” button and you will receive a similar response to the following example response:
Step six: Paginate through your results
You may notice that there is a meta object located at the bottom of the response. If you received a next_token, this signals that there is another page of results that we can retrieve. To pull the next page of results, you will pull the value of the next_token field and add it to the request as the value to an additional pagination_token parameter.
| Key | Value |
| pagination_token | 1D3PU6DRII9HEZZZ |
If you send the request after adding this additional parameter, the next five results will be delivered with the subsequent payload since we specified max_results as 5 in step three. You can continue to repeat this process until all results have been returned, but you can also use the max_results parameter to request up to 1000 users per request, so you don’t have to paginate through results quite as much.
Integration guide
This page contains information on several tools and key concepts that you should be aware of as you integrate the blocks endpoints into your system. We’ve broken the page into a couple of different sections:
- Helpful tools
- Key Concepts
- Authentication
- Developer portal, Projects, and Apps
- Rate limits
- Fields and expansions
- Pagination
Helpful tools
Before we dive into some key concepts that will help you integrate this endpoint, we recommend that you become familiar with:
Postman
Postman is a great tool that you can use to test out an endpoint. Each Postman request includes every path and body parameter to help you quickly understand what is available to you. To learn more about our Postman collections, please visit our “Using Postman” page.
Code samples
Interested in getting set up with this endpoint with some code in your preferred coding language? We’ve got a handful of different code samples available that you can use as a starting point on our Github page.
Third-party libraries
Take advantage of one of our communities’ third-party libraries to help you get started. You can find a library that works with the v2 endpoints by looking for the proper version tag.
Key concepts
Authentication
All X API v2 endpoints require you to authenticate your requests with a set of credentials, also known as keys and tokens. You can use either OAuth 1.0a User Context or OAuth 2.0 Authorization Code with PKCE to authenticate your requests to these endpoints.
OAuth 1.0a User Context requires you to utilize your API Keys, user Access Tokens, and a handful of other parameters to create an authorization header, which you will then pass with your request. The Access Tokens must be associated with the user that you are making the request on behalf of. If you would like to generate a set of Access Tokens for another user, they must authorize your App using the 3-legged OAuth flow.
Please note that OAuth 1.0a can be difficult to use. If you are not familiar with this authentication method, we recommend that you use a library, use a tool like Postman, or use OAuth 2.0 to authenticate your requests.
OAuth 2.0 Authorization Code with PKCE allows for greater control over an application’s scope, and authorization flows across multiple devices. OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user.
To enable OAuth 2.0 in your App, you must enable it in your’s App’s authentication settings found in the App settings section of the developer portal.
Developer portal, Projects, and developer Apps
To retrieve a set of authentication credentials that will work with the X API v2 endpoints, you must sign up for a developer account, set up a Project within that account, and created a developer App within that Project. You can then find your keys and tokens within your developer App.
Rate limits
Every day, many thousands of developers make requests to the X API. To help manage the sheer volume of these requests, rate limits are placed on each endpoint that limits the number of requests that you can make on behalf of your app or on behalf of an authenticated user.
These endpoints are rate limited at the user level, meaning that the authenticated user that you are making the request on behalf of can only call the endpoint a certain number of times across any developer App. There is a user rate limit of 50 requests per 15 minutes per endpoint with both POST and DELETE methods. However, with the GET method, the rate limit is only 15 requests per 15 minutes.
Fields and expansions
The X API v2 GET endpoints allow users to select exactly which data they want to return from the API using a set of tools called fields and expansions. The expansions parameter allows you to expand objects referenced in the payload. For example, this endpoint allows you to pull the following expansions:
- pinned_tweet_id
The fields parameter allows you to select exactly which fields within the different data objects you would like to receive. These endpoints delivers Post objects primarily. By default, the Post object returns the id and text fields. To receive additional fields such as tweet.created_at or tweet.entities, you will have to specifically request those using a fields parameter. Some important fields that you may want to consider using in your integration are our poll data, metrics, Post annotations, and conversation ID fields.
We’ve added a guide on how to use fields and expansions together to our X API v2 data dictionary.
Pagination
Blocks lookup can return a lot of data. To ensure we don’t return to many results at any given time, we use pagination. Learn more about how to paginate through results.
Other migration resources
Blocks lookup: Standard v1.1 to X API v2
Blocks lookup: Standard v1.1 compared to X API v2
If you have been working with the standard v1.1 GET blocks/ids and GET blocks/list endpoints, the goal of this guide is to help you understand the similarities and differences between the standard v1.1 and X API v2 blocks lookup endpoints.
- Similarities
- Authentication
- Differences
-
Endpoint URLs
-
Users per request limits
-
App and Project requirements
-
Response data formats
-
Request parameters
-
Similarities
Authentication
Both the standard v1.1 and X API v2 blocks lookup endpoints use OAuth 1.0a User Context. Therefore, if you were previously using one of the standard v1.1 blocks lookup endpoints, you can continue using the same authentication method if you migrate to the X API v2 version.
Differences
Endpoint URLs
- Standard v1.1 endpoints:
- GET https://api.x.com/1.1/blocks/ids.json (list of user IDs who are blocked by the specified user)
- GET https://api.x.com/1.1/blocks/lists.json (list of users who are blocked by the specified user)
- X API v2 endpoint:
- GET https://api.x.com/2/users/:id/blocking (list of users who are blocked by the specified user ID)
Users per request limits
The standard v1.1 endpoints allow you to return up to 5000 users per request. The new v2 endpoints allow you to return up to 1000 users per request. To return a full 1000 users, you will need to pass max_results=1000 as a query parameter; you can then pass the next_token returned in the response payload to the pagination_token query parameter in your next request.
App and Project requirements
The X API v2 endpoints require that you use credentials from a developer App that is associated with a Project when authenticating your requests. All X API v1.1 endpoints can use credentials from standalone Apps or Apps associated with a project.
Response data format
One of the biggest differences between standard v1.1 and X API v2 endpoint versions is how you select which fields return in your payload.
For the standard endpoints, you receive many of the response fields by default, and then have the option to use parameters to identify which fields or sets of fields should return in the payload.
The X API v2 version only delivers the user id , name, and username fields by default. To request any additional fields or objects, you wil need to use the fields and expansions parameters. Any user fields that you request from this endpoint will return in the primary user object. Any expanded Post object and fields will return in an includes object within your response. You can then match any expanded objects back to the user object by matching the IDs located in both the user and the expanded Post object.
We encourage you to read more about these new parameters in their respective guides, or by reading our guide on how to use fields and expansions.
We have also put together a data format migration guide which can help you map standard v1.1 fields to the newer v2 fields. This guide will also provide you the specific expansion and field parameter that you will need to pass with your v2 request to return specific fields.
In addition to the changes in how you request certain fields, X API v2 is also introducing new JSON designs for the objects returned by the APIs, including Post and user objects.
- At the JSON root level, the standard endpoints return Post objects in a statuses array, while X API v2 returns a data array.
- Instead of referring to Retweeted and Quoted “statuses”, X API v2 JSON refers to Retweeted and Quoted Tweets. Many legacy and deprecated fields, such as contributors and user.translator_type are being removed.
- Instead of using both favorites (in Post object) and favourites (in user object), X API v2 uses the term like.
- X is adopting the convention that JSON values with no value (for example, null) are not written to the payload. Post and user attributes are only included if they have a non-null values.
We also introduced a new set of fields to the Post object including the following:
- A conversation_id field
- Two new annotations fields, including context and entities
- Several new metrics fields
- A new reply_setting field, which shows you who can reply to a given Post
Request parameters
The following standard v1.1 request parameters accepted two request query parameters (user_id or screen_name). The X API v2 only accepts the numerical user ID, and it must be passed as part of the endpoint path.
API reference index
For the complete API reference, select an endpoint from the list.
Blocks lookup
| Returns a list of users who are blocked by the specified user ID | [GET /2/users/:id/blocking](/en/docs/twitter-api/users/blocks/api-reference/get-users-blocking) |
GET /2/users/:id/blocking
Returns a list of users who are blocked by the specified user ID.
Endpoint URL
https://api.x.com/2/users/:id/blocking
Authentication and rate limits
| Authentication methods supported by this endpoint | OAuth 1.0a is also available for this endpoint. OAuth 2.0 Authorization Code with PKCE |
| Rate limit | User rate limit (User context): 15 requests per 15-minute window per each authenticated user |
OAuth 2.0 scopes required by this endpoint
tweet.readusers.readblock.read |
| Learn more about OAuth 2.0 Authorization Code with PKCE |
Path parameters
| Name | Type | Description |
|---|---|---|
id Required | string | The user ID whose blocked users you would like to retrieve. The user’s ID must correspond to the user ID of the authenticating user, meaning that you must pass the Access Tokens) associated with the user ID when authenticating your request. |
Query parameters
| Name | Type | Description |
|---|---|---|
expansions Optional | enum (pinned_tweet_id) | Expansions enable you to request additional data objects that relate to the originally returned users. The ID that represents the expanded data object will be included directly in the user data object, but the expanded object metadata will be returned within the includes response object, and will also include the ID so that you can match this data object to the original Tweet object. At this time, the only expansion available to endpoints that primarily return user objects is expansions=pinned_tweet_id. You will find the expanded Tweet data object living in the includes response object. |
max_results Optional | integer | The maximum number of results to be returned per page. This can be a number between 1 and 1000. By default, each page will return 100 results. |
pagination_token Optional | string | Used to request the next page of results if all results weren’t returned with the latest request, or to go back to the previous page of results. |
tweet.fields Optional | enum (attachments, author_id, context_annotations, conversation_id, created_at, edit_controls, entities, geo, id, in_reply_to_user_id, lang, non_public_metrics, public_metrics, organic_metrics, promoted_metrics, possibly_sensitive, referenced_tweets, reply_settings, source, text, withheld) | This fields parameter enables you to select which specific Tweet fields will deliver in each returned pinned Tweet. Specify the desired fields in a comma-separated list without spaces between commas and fields. The Tweet fields will only return if the user has a pinned Tweet and if you’ve also included the expansions=pinned_tweet_id query parameter in your request. While the referenced Tweet ID will be located in the original Tweet object, you will find this ID and all additional Tweet fields in the includes data object. |
user.fields Optional | enum (created_at, description, entities, id, location, most_recent_tweet_id, name, pinned_tweet_id, profile_image_url, protected, public_metrics, url, username, verified, verified_type, withheld) | This fields parameter enables you to select which specific user fields will deliver with each returned users objects. Specify the desired fields in a comma-separated list without spaces between commas and fields. These specified user fields will display directly in the user data objects. |
Example code with offical SDKs
Example responses
Response fields
| Name | Type | Description |
|---|---|---|
id Default | string | Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools that cannot handle large integers. |
name Default | string | The friendly name of this user, as shown on their profile. |
username Default | string | The Twitter handle (screen name) of this user. |
created_at | date (ISO 8601) | Creation time of this account. To return this field, add user.fields=created_at in the request’s query parameter. |
most_recent_tweet_id | string | The ID of the User’s most recent Tweet To return this field, add user.fields=most_recent_tweet_id in the request’s query parameter. |
protected | boolean | Indicates if this user has chosen to protect their Tweets (in other words, if this user’s Tweets are private). To return this field, add user.fields=protected in the request’s query parameter. |
withheld | object | Contains withholding details for withheld content. To return this field, add user.fields=withheld in the request’s query parameter. |
withheld.country_codes | array | Provides a list of countries where this user is not available. To return this field, add user.fields=withheld.country_codes in the request’s query parameter. |
withheld.scope | enum (tweet, user) | Indicates whether the content being withheld is a Tweet or a user (this API will return user). To return this field, add user.fields=withheld.scope in the request’s query parameter. |
location | string | The location specified in the user’s profile, if the user provided one. As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries. To return this field, add user.fields=location in the request’s query parameter. |
url | string | The URL specified in the user’s profile, if present. To return this field, add user.fields=url in the request’s query parameter. |
description | string | The text of this user’s profile description (also known as bio), if the user provided one. To return this field, add user.fields=description in the request’s query parameter. |
verified | boolean | Indicate if this user is a verified Twitter user. To return this field, add user.fields=verified in the request’s query parameter. |
verified_type | enum (blue, business, government, none) | Indicates the type of verification for the Twitter account. To return this field, add user.fields=verified_type in the request’s query parameter. |
entities | object | This object and its children fields contain details about text that has a special meaning in the user’s description. To return this field, add user.fields=entities in the request’s query parameter. |
entities.url | array | Contains details about the user’s profile website. |
entities.url.urls | array | Contains details about the user’s profile website. |
entities.url.urls.start | integer | The start position (zero-based) of the recognized user’s profile website. All start indices are inclusive. |
entities.url.urls.end | integer | The end position (zero-based) of the recognized user’s profile website. This end index is exclusive. |
entities.url.urls.url | string | The URL in the format entered by the user. |
entities.url.urls.expanded_url | string | The fully resolved URL. |
entities.url.urls.display_url | string | The URL as displayed in the user’s profile. |
entities.description | array | Contains details about URLs, Hashtags, Cashtags, or mentions located within a user’s description. |
entities.description.urls | array | Contains details about any URLs included in the user’s description. |
entities.description.urls.start | integer | The start position (zero-based) of the recognized URL in the user’s description. All start indices are inclusive. |
entities.description.urls.end | integer | The end position (zero-based) of the recognized URL in the user’s description. This end index is exclusive. |
entities.description.urls.url | string | The URL in the format entered by the user. |
entities.description.urls.expanded_url | string | The fully resolved URL. |
entities.description.urls.display_url | string | The URL as displayed in the user’s description. |
entities.description.hashtags | array | Contains details about text recognized as a Hashtag. |
entities.description.hashtags.start | integer | The start position (zero-based) of the recognized Hashtag within the Tweet. All start indices are inclusive. |
entities.description.hashtags.end | integer | The end position (zero-based) of the recognized Hashtag within the Tweet. This end index is exclusive. |
entities.description.hashtags.hashtag | string | The text of the Hashtag. |
entities.description.mentions | array | Contains details about text recognized as a user mention. |
entities.description.mentions.start | integer | The start position (zero-based) of the recognized user mention within the Tweet. All start indices are inclusive. |
entities.description.mentions.end | integer | The end position (zero-based) of the recognized user mention within the Tweet. This end index is exclusive. |
entities.description.mentions.username | string | The part of text recognized as a user mention. |
entities.description.cashtags | array | Contains details about text recognized as a Cashtag. |
entities.description.cashtags.start | integer | The start position (zero-based) of the recognized Cashtag within the Tweet. All start indices are inclusive. |
entities.description.cashtags.end | integer | The end position (zero-based) of the recognized Cashtag within the Tweet. This end index is exclusive. |
entities.description.cashtags.cashtag | string | The text of the Cashtag. |
profile_image_url | string | The URL to the profile image for this user, as shown on the user’s profile. |
public_metrics | object | Contains details about activity for this user. |
public_metrics.followers_count | integer | Number of users who follow this user. |
public_metrics.following_count | integer | Number of users this user is following. |
public_metrics.tweet_count | integer | Number of Tweets (including Retweets) posted by this user. |
public_metrics.listed_count | integer | Number of lists that include this user. |
pinned_tweet_id | string | Unique identifier of this user’s pinned Tweet. You can obtain the expanded object in includes.tweets by adding expansions=pinned_tweet_id in the request’s query parameter. |
includes.tweets | array | When including the expansions=pinned_tweet_id parameter, this includes the pinned Tweets attached to the returned users’ profiles in the form of Tweet objects with their default fields and any additional fields requested using the tweet.fields parameter, assuming there is a referenced Tweet present in the returned Tweet(s). |
errors | object | Contains details about errors that affected any of the requested users. See Status codes and error messages for more details. |
meta Default | object | This object contains information about the number of users returned in the current request, and pagination details. |
meta.result_count Default | integer | The number of users returned in this request. Note that this number may be lower than what was specified in the max_results query parameter. |
meta.previous_token | string | Pagination token for the previous page of results. This value is returned when there are multiple pages of results, as the current request may only return a subset of results. To go back to the previous page, passing the value from this field in the pagination_token query parameter. When this field is not returned in the response, it means you are on the first page of results. |
meta.next_token | string | Pagination token for the next page of results. This value is returned when there are multiple pages of results, as the current request may only return a subset of results. To retrieve the full list, keep passing the value from this field in the pagination_token query parameter. When this field is not returned in the response, it means you’ve reached the last page of results, and that there are no further pages. |