Skip to main content
Post tweets, delete tweets, and interact with X API v2

Capabilities

Once connected, your agent can post and manage tweets on your behalf.
  • Post tweets on behalf of the connected account
  • Delete tweets by ID
  • Get authenticated user info
  • Up to 280 characters per tweet (25K for Premium)
  • Rate limited: 100 tweets per 15 minutes
  • Secure token storage in Environment
Important: The X API requires an OAuth 2.0 User Access Token (not the App-Only Bearer Token). Follow the OAuth 2.0 setup guide below to generate the correct token.

Setup Guide

Follow these steps to connect X to your instances.

1. Create an X Developer Account

Go to developer.x.com and sign up for a developer account. The free tier includes tweet posting capabilities.

2. Create a Project and App

In the Developer Console, create a new Project and App. Note down your Client ID.

3. Configure OAuth 2.0 Settings

Go to your app settings → User authentication settingsEdit:
  • App permissions: Read and write
  • Type of App: Web App, Automated App or Bot
  • Callback URL: http://localhost:3000/callback
  • Website URL: Your website (e.g., https://yoursite.com)

4. Get your OAuth 2.0 User Access Token

Follow the detailed OAuth 2.0 guide below to generate a User Access Token with the required scopes.

5. Store the token in Environment

Go to Environment and create a new variable:
  • Name: X_ACCESS_TOKEN Value: Your OAuth 2.0 User Access Token from step 4

6. Grant access to instances

Choose how instances should access the token:
  • Option A: Global Access (All instances) — Toggle “Make globally accessible” when creating the secret.
  • Option B: Instance-Specific (Selective access) — In Environment, open the secret and grant the specific instance access.

Getting the OAuth 2.0 User Access Token

The X API requires OAuth 2.0 Authorization Code Flow with PKCE. Follow these steps exactly.

A. Generate Authorization URL

Replace YOUR_CLIENT_ID with your actual Client ID and open this URL in your browser: 
https://x.com/i/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=http://localhost:3000/callback&scope=tweet.read%20tweet.write%20users.read%20offline.access&state=state123&code_challenge=my_secret_verifier_123456789012345678901234&code_challenge_method=plain
Required scopes: tweet.read, tweet.write, users.read, offline.access (for refresh tokens)

B. Authorize the App

Click “Authorize app” when prompted. X will redirect to your callback URL with a code parameter: 
http://localhost:3000/callback?state=state123&code=AUTH_CODE_HERE
Copy the code value from the URL.

C. Exchange Code for Access Token

Run this curl command in your terminal. Replace AUTH_CODE and YOUR_CLIENT_ID: 
curl -X POST 'https://api.x.com/2/oauth2/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'code=AUTH_CODE' \
  -d 'grant_type=authorization_code' \
  -d 'client_id=YOUR_CLIENT_ID' \
  -d 'redirect_uri=http://localhost:3000/callback' \
  -d 'code_verifier=my_secret_verifier_123456789012345678901234'
Important: The code_verifier must match the code_challenge from step A exactly.

D. Copy the Access Token

The response will contain your access token: 
{
  "token_type": "bearer",
  "expires_in": 7200,
  "access_token": "YOUR_ACCESS_TOKEN_HERE",
  "refresh_token": "YOUR_REFRESH_TOKEN_HERE",
  "scope": "tweet.write users.read tweet.read offline.access"
}
Copy the access_token value and store it in Environment as X_ACCESS_TOKEN.

Token Expiration

Access tokens expire after 2 hours. Save your refresh_token to obtain new access tokens without re-authorizing. You can use the refresh token to get a new access token: 
curl -X POST 'https://api.x.com/2/oauth2/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'refresh_token=YOUR_REFRESH_TOKEN' \
  -d 'grant_type=refresh_token' \
  -d 'client_id=YOUR_CLIENT_ID'

Usage Examples

Ask your agent to post tweets using natural language. Post a tweet
“Post a tweet saying: Just deployed my new AI agent! 🚀”
Get account info
“Show me my X account information”
Delete a tweet
“Delete tweet with ID 1234567890123456789”
Tip: X rejects duplicate tweets. If you need to post similar content, add timestamps or unique identifiers.