Re-authenticate X account

Free - does not consume credits

Use this when an account session expires or X requires re-verification.

If this account uses Authenticator App 2FA, send the saved long key in totp_secret. If you never saved it or X rejects it, turn Authentication App off and on again in X to reveal a new text secret. Copy it, add it to your authenticator app, finish the 6-digit confirmation on X, then re-authenticate with that saved key.

curl -X POST https://xquik.com/api/v1/x/accounts/3/reauth \
  -H "x-api-key: xq_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "s3cureP@ss",
    "totp_secret": "JBSWY3DPEHPK3PXP"
  }' | jq

Path parameters

string

required

The unique account ID.

Headers

x-api-key

string

required

Your API key. Session cookie authentication is also supported. Generate a key from the dashboard.

Content-Type

string

required

Must be application/json.

Body

password

string

required

Current password for the X account.

totp_secret

string

TOTP secret key if the account has 2FA enabled. This is the base32-encoded secret, not the 6-digit code.

string

Email for the X account. Updates the stored email during re-authentication.

proxy_country

string

Two-letter country code (ISO 3166-1 alpha-2) for the login proxy region. Example: US, GB.

2FA re-authentication

Use the long authenticator app secret key in totp_secret. Do not send the 6-digit authenticator code, a 12-character backup code, a passkey, or a security key prompt. If you never saved the secret key, or X rejects the current one, reset the authenticator app setup before re-authenticating:

Saved key still works

Send the saved base32 secret in totp_secret with the current password. Do not send the live 6-digit authenticator code.

Key is missing

X shows the text secret only during Authentication App setup. Turn Authentication App off, turn it on again, copy the new key, then finish setup on X.

Key was rejected

Treat the old TOTP secret as stale. Reset Authentication App setup on X, save the new long key, finish 2FA confirmation, then re-authenticate.

Open X Settings and Privacy > Security and Account Access > Security.
Open Two-Step Verification > Authentication App.
Turn Authentication App off, then turn it on again.
When the QR code appears, choose Can’t scan the QR code? to reveal the text secret.
Copy the long secret key and store it safely before leaving the setup screen.
Add that key to your authenticator app if you are setting it up fresh.
Finish enabling 2FA on X by entering the current 6-digit code from your authenticator app.
Send the saved long key in totp_secret when you call Xquik.

Finish the X-side 2FA confirmation after copying the secret key. If setup is abandoned before confirmation, re-authentication cannot use that key.

See 2FA secret key setup for the full connection checklist.

Response

string

Account ID.

xUsername

string

X username.

xUserId

string

X user ID.

status

string

Account status (e.g. active).

health

string

Derived login/cookie health. One of healthy, locked, needsReauth, recovering, suspended, temporaryIssue. See Account health for meanings.

createdAt

string

ISO 8601 creation timestamp.

Optional ISO 3166-1 alpha-2 country code (for example "US"). Present only when the login session country differs from the selected proxy_country. Omitted when both countries match.

{
  "id": "3",
  "xUsername": "elonmusk",
  "xUserId": "44196397",
  "status": "active",
  "health": "healthy",
  "createdAt": "2026-02-20T08:15:00.000Z"
}

{ "error": "invalid_input", "message": "Missing required password field" }

Missing password field or invalid format.

{ "error": "invalid_id", "message": "Invalid account ID format" }

The provided account ID is not a valid format.

{ "error": "unauthenticated", "message": "Missing or invalid API key" }

Missing or invalid API key.

{ "error": "account_not_found", "message": "X account not found." }

No account exists with this ID, or it belongs to a different Xquik account.

{ "error": "login_cooldown", "message": "Login is temporarily paused", "reason": "automated", "retryAfterMs": 3600000 }

A prior login attempt triggered a cooldown (for example, X flagged the session). Wait for retryAfterMs before retrying. The response includes a Retry-After header in seconds.

{ "error": "rate_limit_exceeded", "message": "Too many requests. Try again later.", "retryAfter": 60 }

Wait for the Retry-After value before starting another re-authentication request.

{ "error": "login_failed", "message": "Login failed. Check credentials and try again." }

X rejected the submitted password or TOTP secret. Retry with the current password and the saved Authenticator App secret key, not a 6-digit code.

{
  "error": "passkey_required",
  "message": "Passkey verification is not supported. Use Authenticator app 2FA for this X account, then try again."
}

X asked for passkey verification. Switch the account to Authenticator App 2FA, save the long TOTP secret key, finish setup on X, then re-authenticate with totp_secret.

{ "error": "service_unavailable", "message": "Service temporarily unavailable. Try again." }

The X re-authentication service is temporarily unavailable. Retry after a short delay.

Related: Get X Account to check account status, or Connect X Account if you need to add a new account instead.

Documentation Index

​Path parameters

​Headers

​Body

​2FA re-authentication

Saved key still works

Key is missing

Key was rejected

​Response

Path parameters

Headers

Body

2FA re-authentication

Response