> ## Documentation Index
> Fetch the complete documentation index at: https://docs.xquik.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Re-authenticate X account

> Re-authenticate a connected X account and send the saved TOTP secret key when Authenticator App 2FA is enabled

<blockquote className="agent-llms-directive">
  For the complete documentation index, see <a href="/llms.txt">llms.txt</a>.
</blockquote>

<Callout icon="circle-check" color="#16a34a">
  **Free** - does not consume credits
</Callout>

<Note>
  Use this when an account session expires or X requires re-verification.
</Note>

<Info>
  If this account uses Authenticator App 2FA, send the saved long key in `totp_secret`. If you never saved it or X rejects it, turn Authentication App off and on again in X to reveal a new text secret. Copy it, add it to your authenticator app, finish the 6-digit confirmation on X, then re-authenticate with that saved key.
</Info>

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://xquik.com/api/v1/x/accounts/3/reauth \
    -H "x-api-key: xq_YOUR_KEY_HERE" \
    -H "Content-Type: application/json" \
    -d '{
      "password": "s3cureP@ss",
      "totp_secret": "JBSWY3DPEHPK3PXP"
    }' | jq
  ```

  ```javascript Node.js theme={null}
  const accountId = "3";
  const response = await fetch(`https://xquik.com/api/v1/x/accounts/${accountId}/reauth`, {
    method: "POST",
    headers: {
      "x-api-key": "xq_YOUR_KEY_HERE",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      password: "s3cureP@ss",
      totp_secret: "JBSWY3DPEHPK3PXP",
    }),
  });
  const data = await response.json();
  ```

  ```python Python theme={null}
  import requests

  account_id = "3"
  response = requests.post(
      f"https://xquik.com/api/v1/x/accounts/{account_id}/reauth",
      headers={"x-api-key": "xq_YOUR_KEY_HERE"},
      json={
          "password": "s3cureP@ss",
          "totp_secret": "JBSWY3DPEHPK3PXP",
      },
  )
  data = response.json()
  ```

  ```go Go theme={null}
  package main

  import (
      "bytes"
      "encoding/json"
      "fmt"
      "net/http"
  )

  func main() {
      body, _ := json.Marshal(map[string]interface{}{
          "password":    "s3cureP@ss",
          "totp_secret": "JBSWY3DPEHPK3PXP",
      })

      accountID := "3"
      req, err := http.NewRequest("POST", "https://xquik.com/api/v1/x/accounts/"+accountID+"/reauth", bytes.NewReader(body))
      if err != nil {
          panic(err)
      }
      req.Header.Set("x-api-key", "xq_YOUR_KEY_HERE")
      req.Header.Set("Content-Type", "application/json")

      resp, err := http.DefaultClient.Do(req)
      if err != nil {
          panic(err)
      }
      defer resp.Body.Close()

      var data map[string]interface{}
      if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
          panic(err)
      }
      fmt.Println(data)
  }
  ```
</CodeGroup>

## Path parameters

<ParamField path="id" type="string" required>
  The unique account ID.
</ParamField>

## Headers

<ParamField header="x-api-key" type="string" required>
  Your API key. Session cookie authentication is also supported. Generate a key from the [dashboard](https://xquik.com/dashboard).
</ParamField>

<ParamField header="Content-Type" type="string" required>
  Must be `application/json`.
</ParamField>

## Body

<ParamField body="password" type="string" required>
  Current password for the X account.
</ParamField>

<ParamField body="totp_secret" type="string">
  TOTP secret key if the account has 2FA enabled. This is the base32-encoded secret, not the 6-digit code.
</ParamField>

<ParamField body="email" type="string">
  Email for the X account. Updates the stored email during re-authentication.
</ParamField>

## 2FA re-authentication

Use the long authenticator app secret key in `totp_secret`. Do not send the 6-digit authenticator code, a 12-character backup code, a passkey, or a security key prompt.

If you never saved the secret key, or X rejects the current one, reset the authenticator app setup before re-authenticating:

<CardGroup cols={1}>
  <Card title="Saved key still works" icon="clipboard-check">
    Send the saved base32 secret in `totp_secret` with the current password. Do not send the live 6-digit authenticator code.
  </Card>

  <Card title="Key is missing" icon="rotate-ccw">
    X shows the text secret only during Authentication App setup. Turn Authentication App off, turn it on again, copy the new key, then finish setup on X.
  </Card>

  <Card title="Key was rejected" icon="triangle-alert">
    Treat the old TOTP secret as stale. Reset Authentication App setup on X, save the new long key, finish 2FA confirmation, then re-authenticate.
  </Card>
</CardGroup>

1. Open X **Settings and Privacy > Security and Account Access > Security**.
2. Open **Two-Step Verification > Authentication App**.
3. Turn Authentication App off, then turn it on again.
4. When the QR code appears, choose **Can't scan the QR code?** to reveal the text secret.
5. Copy the long secret key and store it safely before leaving the setup screen.
6. Add that key to your authenticator app if you are setting it up fresh.
7. Finish enabling 2FA on X by entering the current 6-digit code from your authenticator app.
8. Send the saved long key in `totp_secret` when you call Xquik.

<Warning>
  Finish the X-side 2FA confirmation after copying the secret key. If setup is abandoned before confirmation, re-authentication cannot use that key.
</Warning>

<Note>
  See [2FA secret key setup](/api-reference/x-accounts/connect#2fa-secret-key-setup) for the full connection checklist.
</Note>

## Response

<Tabs>
  <Tab title="200 OK">
    <ResponseField name="id" type="string">Account ID.</ResponseField>
    <ResponseField name="xUsername" type="string">X username.</ResponseField>
    <ResponseField name="xUserId" type="string">X user ID.</ResponseField>
    <ResponseField name="status" type="string">Account status (e.g. `active`).</ResponseField>
    <ResponseField name="health" type="string">Derived login/cookie health. One of `healthy`, `locked`, `needsReauth`, `recovering`, `suspended`, `temporaryIssue`. See [Account health](/api-reference/x-accounts/list#account-health) for meanings.</ResponseField>
    <ResponseField name="createdAt" type="string">ISO 8601 creation timestamp.</ResponseField>

    ```json theme={null}
    {
      "id": "3",
      "xUsername": "elonmusk",
      "xUserId": "44196397",
      "status": "active",
      "health": "healthy",
      "createdAt": "2026-02-20T08:15:00.000Z"
    }
    ```
  </Tab>

  <Tab title="400 Invalid Input">
    ```json theme={null}
    { "error": "invalid_input", "message": "Missing required password field" }
    ```

    Missing `password` field or invalid format.

    ```json theme={null}
    { "error": "invalid_id", "message": "Invalid account ID format" }
    ```

    The provided account ID is not a valid format.
  </Tab>

  <Tab title="401 Unauthenticated">
    ```json theme={null}
    { "error": "unauthenticated", "message": "Missing or invalid API key" }
    ```

    Missing or invalid API key.
  </Tab>

  <Tab title="404 Not Found">
    ```json theme={null}
    { "error": "account_not_found", "message": "X account not found." }
    ```

    No account exists with this ID, or it belongs to a different Xquik account.
  </Tab>

  <Tab title="429 Login Cooldown">
    ```json theme={null}
    { "error": "login_cooldown", "message": "Login is temporarily paused", "reason": "automated", "retryAfterMs": 3600000 }
    ```

    A prior login attempt triggered a cooldown (for example, X flagged the session). Wait for `retryAfterMs` before retrying. The response includes a `Retry-After` header in seconds.
  </Tab>

  <Tab title="429 Rate Limited">
    ```json theme={null}
    { "error": "rate_limit_exceeded", "message": "Too many requests. Try again later.", "retryAfter": 60 }
    ```

    Wait for the `Retry-After` value before starting another re-authentication request.
  </Tab>

  <Tab title="422 Login Failed">
    ```json theme={null}
    { "error": "login_failed", "message": "Login failed. Check credentials and try again." }
    ```

    X rejected the submitted password or TOTP secret. Retry with the current password and the saved Authenticator App secret key, not a 6-digit code.

    ```json theme={null}
    {
      "error": "passkey_required",
      "message": "Passkey verification is not supported. Use Authenticator app 2FA for this X account, then try again."
    }
    ```

    X asked for passkey verification. Switch the account to Authenticator App 2FA, save the long TOTP secret key, finish setup on X, then re-authenticate with `totp_secret`.
  </Tab>

  <Tab title="503 Service Unavailable">
    ```json theme={null}
    { "error": "service_unavailable", "message": "Service temporarily unavailable. Try again." }
    ```

    The X re-authentication service is temporarily unavailable. Retry after a short delay.
  </Tab>
</Tabs>

<Note>
  **Related:** [Get X Account](/api-reference/x-accounts/get) to check account status, or [Connect X Account](/api-reference/x-accounts/connect) if you need to add a new account instead.
</Note>
