Connect X account

Free - does not consume credits

Credentials are encrypted at rest and used only for maintaining the connection. Xquik never stores plaintext passwords.

If this X account uses 2FA, prepare totp_secret before sending the request. If 2FA is already enabled and you did not save the long secret key, turn Authentication App off and on again in X to reveal a new text secret. Copy it, add it to your authenticator app, finish the 6-digit confirmation on X, then send the saved long key as totp_secret.

curl -X POST https://xquik.com/api/v1/x/accounts \
  -H "x-api-key: xq_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "elonmusk",
    "email": "elon@example.com",
    "password": "s3cureP@ss",
    "totp_secret": "JBSWY3DPEHPK3PXP"
  }' | jq

Headers

x-api-key

string

required

Your API key. Session cookie authentication is also supported. Generate a key from the dashboard.

Content-Type

string

required

Must be application/json.

Body

username

string

required

X username to connect. The @ prefix is automatically stripped if included.

string

required

Email address associated with the X account.

password

string

required

Password for the X account. Encrypted at rest immediately upon receipt.

totp_secret

string

TOTP secret key for accounts with 2FA enabled. This is the base32-encoded secret, not the 6-digit code.

proxy_country

string

Preferred proxy region for the connection (e.g. "US", "TR").

2FA secret key setup

Xquik needs the authenticator app secret key, not a live 6-digit code. The key is the long base32 string X shows while you set up Authentication App 2FA, for example JBSWY3DPEHPK3PXP.

Use the secret key

Paste the long base32 key into totp_secret. Xquik uses it to generate fresh 2FA codes during login challenges.

Do not use backup codes

Do not paste the 6-digit authenticator code, the 12-character backup code, a passkey, or a security key prompt.

If you already saved the secret key, send it as totp_secret. If you did not save it, create a fresh authenticator app secret on X:

You saved the key

Paste that saved base32 secret into totp_secret. Do not paste the current 6-digit authenticator code.

2FA is on, key is missing

X shows the text secret only during Authentication App setup. Turn Authentication App off, turn it on again, copy the new key, then finish setup on X.

2FA is not enabled

Start Authentication App setup on X, reveal the text secret, copy it, add it to your authenticator app, confirm the 6-digit code on X, then connect.

Open X Settings and Privacy > Security and Account Access > Security.
Open Two-Step Verification > Authentication App.
Turn Authentication App off.
Turn Authentication App on again.
When the QR code appears, choose Can’t scan the QR code? to reveal the text secret.
Copy the long secret key and store it safely before leaving the setup screen.
Add that key to your authenticator app if you are setting it up fresh.
Finish enabling 2FA on X by entering the current 6-digit code from your authenticator app.
Send the saved long key in totp_secret when you call Xquik.

Do not stop after copying the secret key. Complete the X-side 2FA confirmation before starting the Xquik connection, or the key will not work.

Passkeys and security keys cannot satisfy this flow. Use Authenticator App 2FA.

Response

string

Unique account ID.

xUsername

string

Connected X username.

xUserId

string

X user ID.

status

string

Account connection status (e.g. "active").

health

string

Derived login/cookie health. One of healthy, locked, needsReauth, recovering, suspended, temporaryIssue. See Account health for meanings.

createdAt

string

ISO 8601 timestamp of when the account was connected.

Optional ISO 3166-1 alpha-2 country code (for example "US"). Present only when the login session country differs from the selected proxy_country. Omitted when both countries match.

{
  "id": "3",
  "xUsername": "elonmusk",
  "xUserId": "44196397",
  "status": "active",
  "health": "healthy",
  "createdAt": "2026-02-20T08:15:00.000Z"
}

object

string

Always x_account_connection_challenge.

string

Challenge ID to submit with the email verification code.

status

string

Always requires_email_code.

expiresAt

string

ISO 8601 expiration time for the challenge.

message

string

Human-readable next step.

username

string

X username being connected.

{
  "object": "x_account_connection_challenge",
  "id": "xch_8vGd8Y9JvH6dV0xA",
  "status": "requires_email_code",
  "expiresAt": "2026-05-08T12:10:00Z",
  "message": "Enter the email verification code to continue.",
  "username": "elonmusk"
}

Submit the code to Submit X Account Email Code.

{ "error": "invalid_input", "message": "Invalid input. Check the request body." }

Missing username, email, or password, or invalid field format.

{ "error": "unauthenticated", "message": "Missing or invalid API key" }

Missing or invalid API key.

{ "error": "account_already_connected", "message": "This X account is already connected." }

The specified X account is already connected to your Xquik account.

{ "error": "rate_limit_exceeded", "message": "Too many connection attempts. Try again in 15 minutes.", "retryAfter": 900 }

You have exceeded the connection rate limit (3 per 15 minutes). The response includes a Retry-After: 900 header indicating how many seconds to wait before retrying. See the rate limits guide for details.

{ "error": "login_cooldown", "message": "Login is temporarily paused", "reason": "automated", "retryAfterMs": 3600000 }

A prior login attempt triggered a cooldown (for example, X flagged the session). Wait for retryAfterMs before retrying. The response includes a Retry-After header in seconds.

{ "error": "login_failed", "message": "Login failed. Check credentials and try again." }

X rejected the submitted username, email, password, or TOTP secret. Retry with the current password and the saved Authenticator App secret key, not a 6-digit code.

{
  "error": "passkey_required",
  "message": "Passkey verification is not supported. Use Authenticator app 2FA for this X account, then try again."
}

X asked for passkey verification. Switch the account to Authenticator App 2FA, save the long TOTP secret key, finish setup on X, then connect with totp_secret.

{ "error": "x_user_lookup_failed", "message": "X user not found. Check the username." }

The X username could not be resolved. Verify the handle is correct and that the account exists.

{ "error": "service_unavailable", "message": "Service temporarily unavailable. Try again." }

The X connection service is temporarily unavailable. Retry after a short delay.

Related: List X Accounts to see all connected accounts, or Re-authenticate if a session expires later.

Documentation Index

​Headers

​Body

​2FA secret key setup

Use the secret key

Do not use backup codes

You saved the key

2FA is on, key is missing

2FA is not enabled

​Response

Headers

Body

2FA secret key setup

Response