AutoTweet Logo
AutoTweet
X DeveloperApril 13, 202616 min readUpdated Apr 2026

Twitter/X API in 2026: Complete Developer Guide

Everything developers need to know about the X API v2 in 2026. Pricing tiers, OAuth 2.0 authentication, key endpoints, rate limits, and how tools like AutoTweet use the API to automate posting safely.

Quick Reference

The X API v2 has 3 pricing tiers: Free (50 tweets/day), Basic ($200/mo, 50K tweets/mo), and Pro ($5,000/mo, enterprise). Authentication uses OAuth 2.0 with PKCE (recommended) or OAuth 1.0a (legacy). The base URL is https://api.x.com/2/.

X API Pricing Tiers (2026)

TierPriceTweet LimitRead LimitBest For
Free$050/day (1,500/mo)10,000 reads/moTesting, personal bots
Basic$200/mo50,000/mo100,000 reads/moSmall SaaS, tools (20+ users)
Pro$5,000/mo300,000/mo1,000,000 reads/moEnterprise, large platforms

The free tier is surprisingly useful. 50 tweets per day covers most individual automation use cases. Tools like AutoTweet start on the free tier and upgrade to Basic when they pass ~20 active users.

Authentication: OAuth 2.0 with PKCE

The recommended authentication method for X API v2 is OAuth 2.0 with PKCE (Proof Key for Code Exchange). Here's how it works:

  1. Generate a code verifier — a random 64-character string
  2. Create a code challenge — SHA-256 hash of the verifier, base64url-encoded
  3. Redirect user to X authorization URL — with client_id, redirect_uri, scope, state, code_challenge
  4. User authorizes your app — X redirects back with an authorization code
  5. Exchange code for tokens — POST to https://api.x.com/2/oauth2/token with the code + code_verifier
  6. Store the access + refresh tokens — access tokens expire in 2 hours, use refresh tokens to get new ones

Scopes to request: tweet.read tweet.write users.read offline.access covers most use cases. offline.access is required for refresh tokens.

Key API v2 Endpoints

Post a Tweet

POST /2/tweets — Creates a new tweet.

{
  "text": "Hello from the X API v2!"
}

Get User Info

GET /2/users/me — Returns the authenticated user's profile. Useful for verifying tokens after OAuth.

Get Tweet Metrics

GET /2/tweets?ids=123,456&tweet.fields=public_metrics — Returns impression count, likes, retweets, replies for specified tweets.

Delete a Tweet

DELETE /2/tweets/:id — Deletes a tweet by ID. Requires the tweet.write scope.

Stop Spending Hours on X. Start Growing on Autopilot.

AutoTweet's AI generates a full week of high-performing X content in one click. From $49/mo with a 14-day money-back guarantee.

See Plans

Rate Limits

X enforces rate limits per endpoint per 15-minute window:

  • POST /2/tweets: Free tier = 50/day. Basic = 50,000/month (not per-window).
  • GET /2/users/me: 75 requests per 15 minutes.
  • GET /2/tweets: 300 requests per 15 minutes (Free), 900 (Basic).

Rate limit headers: Every API response includes x-rate-limit-limit, x-rate-limit-remaining, and x-rate-limit-reset headers. Use these to throttle your requests.

Recommended Libraries

  • Node.js: twitter-api-v2 (the most popular, used by AutoTweet)
  • Python: tweepy (v2 support) or python-twitter-v2
  • Go: go-twitter
  • Rust: egg-mode

API Safety: How to Avoid Bans

  • Always use the official API. Browser automation and unofficial endpoints get accounts banned.
  • Respect rate limits. Monitor the rate limit headers and back off when approaching limits.
  • Use conservative posting patterns. Don't post 50 tweets in 1 minute. Spread them across the day.
  • Store tokens securely. Never expose access tokens in client-side JavaScript or public repos.
  • Implement token refresh. Access tokens expire every 2 hours. Use refresh tokens to get new ones silently.

AutoTweet is built on the official X API v2 with conservative rate limiting and automatic token refresh — keeping your account safe while automating your posting schedule.

FAQ

Is the Twitter/X API free?

Yes, the free tier allows 50 tweets/day and 10,000 reads/month. The Basic tier ($200/mo) gives 50,000 tweets/month. Pro ($5,000/mo) is for enterprise.

What is the difference between API v1.1 and v2?

v2 uses OAuth 2.0 PKCE (more secure), returns modern JSON responses with expansions, and supports newer features like polls and spaces. v1.1 is deprecated but still works for some endpoints.

How do I get a Twitter/X API key?

Sign up at developer.x.com, create a project and app, then generate keys. For OAuth 2.0 PKCE (recommended), you need the Client ID and Client Secret. Free tier access is immediate.

Share this post:
Written by

The AutoTweet Team

We build AI tools for X (Twitter) growth. Our writing comes from real product work, the X API, and real-time X analytics — not generic listicles.

See what we built
Try AutoTweet

Stop Spending Hours on X. Start Growing on Autopilot.

AutoTweet's AI generates a full week of high-performing X content in one click. From $49/mo with a 14-day money-back guarantee.

See Plans