How to Get a Twitter API Key in 2026 (Step-by-Step Guide)
The X developer portal changed completely in 2026. Here's exactly how to get your X / Twitter API key — the official way and the 30-second alternative.
Getting an X API key (still commonly called a Twitter API key) isn't what it used to be. The developer portal moved from developer.twitter.com to console.x.com, the free tier is gone, and every request now costs money under the new pay-per-use model.
This guide covers two paths:
- The official way — through the X Developer Console
- The fast way — through a third-party API (no approval, no credit card required)
TL;DR: If you just want a working Twitter API key in 30 seconds without reading the full guide, use the Twitter API key landing page — sign up, copy the key, paste it into your code.
What Is an X API Key (and Why You Need One)?
An X API key is a credential string that identifies your application to X's servers. Without one, every request to the X API gets rejected with a 401 Unauthorized response. "Twitter API key" and "X API key" refer to the same credential — X just rebranded the platform; the underlying auth model is unchanged.
In practice, "X API key" is an umbrella term that maps to several distinct credentials, each used in a different scenario:
- Bearer Token — a single-string credential for app-only read access (search, user lookups, public tweet reads). This is what most developers actually mean when they say "API key".
- API Key & Secret — OAuth 1.0a credentials, used by legacy v1.1 endpoints and some write actions on a single account.
- OAuth 2.0 Client ID & Secret — for the modern PKCE flow where end users authorize your app.
- Access Token & Secret — long-lived credentials tied to one specific account, used to act on that account's behalf (post, like, follow).
For most data-collection use cases — scraping, analytics, dashboards, bots that don't act as users — a Bearer Token is enough. The other credentials only matter when you need user-delegated actions or legacy v1.1 access.
Method 1: Official X Developer Portal
Step 1 — Sign in to the Developer Console
Go to console.x.com and sign in with your X (Twitter) account.
If you don't have an X account, you'll need to create one first. The developer console requires a standard X account with a verified email address and phone number.
Step 2 — Accept the Developer Agreement
You'll be asked to review and accept the X Developer Agreement and Policy. Read it carefully — your use case description is binding, and any deviation can result in your access being revoked.
Step 3 — Describe Your Use Case
X requires a description of how you plan to use the API. This needs to be at least 250 characters and should cover:
- What you're building (app, bot, analytics tool, research project)
- How you'll use the data (display tweets, analyze sentiment, automate posting)
- Whether you'll display Twitter content to end users
- Whether your app will tweet, retweet, like, or follow on behalf of users
Be specific and honest. Vague descriptions like "I want to use the API for a project" get flagged.
Step 4 — Create a Project and App
Once approved, create a Project in the console:
- Give it a name and description
- Select your use case category
- Create an App within the project
Step 5 — Generate Your API Keys
The console generates four sets of credentials:
| Credential | What It's For |
|---|---|
| API Key & Secret | Identifies your app (OAuth 1.0a) |
| Bearer Token | App-only authentication (read endpoints) |
| Access Token & Secret | Acts on behalf of your account (write endpoints) |
| Client ID & Secret | OAuth 2.0 PKCE flow for user authentication |
Save these immediately. They're shown only once. If you lose them, you'll need to regenerate.
Which X API Key Should You Actually Use?
| Use case | Credential | Notes |
|---|---|---|
| Read public tweets and profiles | Bearer Token | Simplest path, app-only auth |
| Post / like / retweet from your own account | Access Token & Secret | Tied to one user |
| Multi-user app (users log in with X) | OAuth 2.0 Client ID + PKCE | Required for any user-delegated action |
| Legacy v1.1 endpoints | API Key & Secret (OAuth 1.0a) | Avoid for new projects |
If you're building a scraper, analytics tool, research project, or dashboard — Bearer Token is the only credential you'll touch. Everything else is for user-facing apps that need to act as a logged-in user.
Step 6 — Add a Payment Method
Since the free tier is effectively gone for new signups (as of February 2026), you need to purchase credits before making API calls:
- Go to the Billing section in the Developer Console
- Add a credit card or payment method
- Purchase credits — these are deducted per request
- Optionally set a monthly spending cap to avoid surprise bills
- Enable auto-recharge if you don't want your app to stop when credits run out
Credits never expire, so you only pay for what you use.
Step 7 — Make Your First API Call
Test your setup with a simple user lookup:
curl -X GET "https://api.x.com/2/users/by/username/elonmusk" \
-H "Authorization: Bearer YOUR_BEARER_TOKEN"
If you get a JSON response with user data, you're set. If you get a 401 or 403, double-check your Bearer Token.
Common X API Key Errors and What They Mean
When you start integrating, these are the errors you'll actually hit. Knowing what each one means saves hours of guessing:
| Error | What it usually means | How to fix |
|---|---|---|
401 Unauthorized |
Bearer Token wrong, missing, or revoked | Re-copy from the console, ensure the header is exactly Authorization: Bearer ... |
403 Forbidden |
App lacks permission for that endpoint or scope | Check app permissions in the console; some endpoints (DMs, Full-Archive Search) need elevated access |
429 Too Many Requests |
Rate limit hit on this endpoint window — see Twitter API rate limits | Wait until the x-rate-limit-reset timestamp, add exponential backoff in your client |
400 Bad Request |
Missing or malformed parameters | Check the required expansions and *.fields for v2 endpoints |
503 Service Unavailable |
X infrastructure issue (not your fault) | Retry with backoff; persistent 503s usually clear within minutes |
Test Your X API Key in Three Languages
Before integrating into a real app, run a smoke test from your terminal. The same call in three runtimes:
curl:
curl -X GET "https://api.x.com/2/users/by/username/elonmusk" \
-H "Authorization: Bearer YOUR_BEARER_TOKEN"
Python (requests):
import requests
r = requests.get(
"https://api.x.com/2/users/by/username/elonmusk",
headers={"Authorization": "Bearer YOUR_BEARER_TOKEN"},
)
print(r.status_code, r.json())
Node.js (fetch):
const r = await fetch(
"https://api.x.com/2/users/by/username/elonmusk",
{ headers: { Authorization: "Bearer YOUR_BEARER_TOKEN" } }
);
console.log(r.status, await r.json());
A successful response returns {"data": {"id": "...", "name": "...", "username": "..."}}. If you get 401, the token is wrong. If you get 403, the app doesn't have permissions for that endpoint.
Start building with GetXAPI
$0.05 per 1,000 tweets. $0.10 free credits. No credit card required.
What Does the Official API Cost?
Every API call deducts credits at these rates:
| Operation | Cost Per Request |
|---|---|
| Post read (fetch a tweet) | $0.005 |
| User profile lookup | $0.010 |
| Post create (write a tweet) | $0.010 |
| DM event read | $0.010 |
| DM send | $0.015 |
| Follow / like / retweet | $0.015 |
There's a 24-hour deduplication window — fetching the same resource twice in one UTC day counts as one charge.
The pay-per-use model caps at 2 million post reads/month. Beyond that, you need Enterprise pricing ($42,000+/month).
For a detailed cost breakdown with real monthly estimates, see our Twitter API Cost in 2026 guide.
Common Reasons Applications Get Rejected
X rejects developer applications for these use cases:
- Surveillance — tracking users, monitoring protests, investigating groups
- Scraping for AI training — fine-tuning models on X content (except Grok)
- Competitive analysis — benchmarking X's performance or user metrics
- Spam automation — bulk following, identical cross-account posting
- Sensitive data inference — deriving health, financial, political, or demographic information about users
- Off-platform matching — linking X identities to external databases without consent
There's currently no appeal process for rejected applications. If your use case falls into any of these categories, you won't get access through the official portal.
The cheapest Twitter API. Try it free.
$0.05 per 1,000 tweets. $0.10 free credits. No credit card required.
Method 2: Get an API Key in 30 Seconds (GetXAPI)
If you don't want to deal with developer account approval, credit purchases, or use case restrictions, third-party APIs like GetXAPI offer the same Twitter data through a simpler process.
How It Works
- Sign up at getxapi.com/signup — email and password, no developer application
- Get your API key — shown immediately on your dashboard
- Start making requests — no credit card required, you get $0.10 in free credits to test
That's it. No approval wait, no use case description, no payment method required upfront.
Make Your First Request
const response = await fetch(
"https://api.getxapi.com/twitter/user/details?userName=elonmusk",
{
headers: {
"Authorization": "Bearer get-x-api-your-api-key-here",
},
}
);
const data = await response.json();
console.log(data);
import requests
response = requests.get(
"https://api.getxapi.com/twitter/user/details",
params={"userName": "elonmusk"},
headers={"Authorization": "Bearer get-x-api-your-api-key-here"}
)
print(response.json())
Pricing Comparison
| Official X API | GetXAPI | |
|---|---|---|
| Signup time | 5-10 minutes + approval | 30 seconds |
| Free credits | None (free tier removed) | $0.10 at signup |
| Post read | $0.005 | $0.001 |
| User lookup | $0.010 | $0.001 |
| Tweet create | $0.010 | $0.002 |
| DM send | $0.015 | $0.002 |
| Monthly cap | 2M post reads | None |
| Credit card required | Yes | No (to start) |
Which Should You Choose?
Use the official X API if:
- You need OAuth user authentication flows (login with Twitter)
- You're building a Twitter-integrated platform app
- You need Enterprise-level streaming (filtered stream, firehose)
- Compliance or legal requirements demand direct platform access
Use GetXAPI if:
- You want to start making requests immediately
- You're building a bot, scraper, analytics tool, or research project
- You want lower per-request costs
- You don't want to deal with developer account applications
- You need DM, search, or user data endpoints without the overhead
Quick Reference
| Task | Official API | GetXAPI |
|---|---|---|
| Get API key | console.x.com | getxapi.com/signup |
| View pricing | X API pricing | GetXAPI pricing |
| API docs | docs.x.com | docs.getxapi.com |
| Cost calculator | — | Cost Calculator |
Frequently Asked Questions
No. X removed free API access in February 2023. New developers signing up at `console.x.com` are defaulted to the pay-per-use model, which requires purchasing credits before making requests. GetXAPI gives $0.10 in free credits at signup with no credit card required.
The **API Key & Secret** identifies your app under OAuth 1.0a — used for legacy v1.1 endpoints and account-level write actions. The **Bearer Token** is a single-string credential used for app-only access on v2 read endpoints. Most modern integrations use only the Bearer Token.
There's no formal appeal process as of 2026. You can re-apply with a clearer use case description that avoids the categories X explicitly rejects (surveillance, AI training, sensitive data inference, off-platform matching). If your use case is data collection or analytics, a third-party API like GetXAPI is the faster path — no application required.
Not through the official portal — every official key is tied to a developer account at `console.x.com`. Third-party APIs like GetXAPI provide X / Twitter API access without a developer account: sign up with email, get a key in 30 seconds, no application or credit card required.
Most applications are processed within minutes if your use case description is clear and within X's policies. Vague descriptions or sensitive use cases (surveillance, AI training, off-platform identity matching) get flagged and may take days — or be rejected outright with no formal appeal process.
You can technically reuse the same key across projects, but it's a bad idea — usage from all projects gets billed to one account, rate limits are shared, and revoking the key kills all projects at once. Create one app per project in the developer console.
In the developer console, open your app → Keys & Tokens → click "Regenerate" on the credential you want to rotate. The old credential is invalidated immediately. Update your application's environment variables to use the new value before the rotation, since active requests with the old token will start returning `401`.
Check out similar blogs
More guides on the Twitter/X API, scraping, and pricing.
Twitter DM API — Bots, Rate Limits & Errors (2026)
Send Twitter DMs via API in 2026 without OAuth pain. Build DM bots, handle daily rate limits, fix sending failures — with full code examples.
Twitter API v2 vs GetXAPI — Feature-by-Feature Comparison
Side-by-side comparison of the Twitter API v2 and GetXAPI. Endpoints, pricing, rate limits, auth, and response format — honest breakdown of where each wins.
Twitter Search API & Advanced Operators (2026 Guide)
Twitter Search API guide for 2026 — every advanced search operator (from:, to:, min_faves:, since:, until:) with working code in curl, Python, JavaScript.
twitterapi.io Alternative — Migrate to GetXAPI 3x Cheaper
twitterapi.io alternative migration guide — cut your Twitter API bill 3x without rewriting. Step-by-step base URL, auth header, and response-shape mapping.
Twitter Scraping — Best Practices for Production in 2026
Production-grade Twitter scraping patterns — retry logic, pagination, proxy strategy, rate-limit handling, and cost optimization for any third-party API.
Best Twitter Scraper 2026: API, Browser & Python Compared
Compare the best Twitter scrapers in 2026 — official API, third-party APIs, browser scrapers, and Python libraries. What works, what gets you sued, what each costs.
How to Use the Twitter API with Python — 2026 Tutorial
Step-by-step Python tutorial for the Twitter API in 2026. Working code for search, users, DMs, pagination, retries — plus a tweepy migration guide.
Twitter API Cost 2026: Complete Pricing Guide [$0–$42K]
X moved to pay-per-use in February 2026. Compare official pricing, third-party APIs, and real monthly bills at every volume — with ROI scenarios.