Submit X account email code

Free - does not consume credits

Use this endpoint after Connect X Account returns 202 Email Code Required. Submit the one-time code from the account email inbox before expiresAt while the challenge is still active.

This endpoint cannot reopen an expired, failed, completed, or replaced challenge. After 409, 410, or 422, start Connect X Account again for a new account. For an existing account, use Re-authenticate X Account with the current password and any required TOTP secret key.

Use the returned challenge ID

Keep the id from the 202 response and submit the inbox code to that challenge. The challenge belongs to the same pending login attempt.

Enter the account email code

Use the one-time code X sent to the account email inbox. Xquik strips spaces before submission, so 123 456 and 123456 are handled the same way.

Handle another code prompt

If X asks for a new email code, this endpoint returns 202 again. Keep the same flow open and submit the next inbox code before expiresAt.

Start over when stale

410 means the code expired. 409 means the challenge was already completed, failed, expired, or replaced. Start Connect X Account again for a new account, or use Re-authenticate X Account for an existing account.

The dashboard follows the same flow: it keeps the pending row open, asks for the email code, accepts a new 202 prompt if X asks again, and refreshes the account list after the 201 response.

curl -X POST https://xquik.com/api/v1/x/account-connection-challenges/xch_8vGd8Y9JvH6dV0xA/submit \
  -H "x-api-key: xq_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{ "email_code": "123456" }' | jq

Headers

x-api-key

string

required

Your API key. Session cookie authentication is also supported. Generate a key from the dashboard.

Content-Type

string

required

Must be application/json.

Path Parameters

string

required

Challenge ID returned by Connect X Account.

Body

email_code

string

required

Email verification code for the pending connection. Codes from 4 to 64 characters are accepted. Spaces are stripped before submission.

Response

string

Unique account ID.

xUsername

string

Connected X username.

xUserId

string

X user ID.

status

string

Account connection status (e.g. "active").

health

string

Derived login/cookie health. One of healthy, locked, needsReauth, recovering, suspended, temporaryIssue. See Account health for meanings.

createdAt

string

ISO 8601 timestamp of when the account was connected.

{
  "id": "3",
  "xUsername": "elonmusk",
  "xUserId": "44196397",
  "status": "active",
  "health": "healthy",
  "createdAt": "2026-02-20T08:15:00.000Z"
}

object

string

Always x_account_connection_challenge.

string

Challenge ID to submit with the next email verification code.

status

string

Always requires_email_code.

expiresAt

string

ISO 8601 expiration time for the challenge.

message

string

Human-readable next step.

username

string

X username being connected.

{
  "object": "x_account_connection_challenge",
  "id": "xch_8vGd8Y9JvH6dV0xA",
  "status": "requires_email_code",
  "expiresAt": "2026-05-08T12:10:00Z",
  "message": "Enter the email verification code to continue.",
  "username": "elonmusk"
}

The connection still needs a valid email code. Submit the new code to the same endpoint.

{ "error": "invalid_input", "message": "Invalid input. Check the request body." }

Missing email_code, invalid JSON, or a code outside the accepted length.

{ "error": "unauthenticated", "message": "Missing or invalid API key" }

Missing or invalid API key.

{ "error": "connection_challenge_not_found", "message": "Connection challenge not found." }

The challenge ID does not exist or does not belong to the authenticated user.

{ "error": "connection_challenge_inactive", "message": "Connection challenge is no longer active." }

The challenge was already completed, failed, expired, or replaced.

{ "error": "connection_challenge_expired", "message": "Verification code expired. Start again." }

Start a new account connection to receive a fresh challenge.

{ "error": "login_failed", "message": "Login failed. Check credentials and try again." }

The code or account login state was rejected. Start a new connection if the account requires fresh credentials.

{ "error": "rate_limit_exceeded", "message": "Too many requests. Try again later.", "retryAfter": 60 }

Wait for the Retry-After header before retrying.

{ "error": "service_unavailable", "message": "Service temporarily unavailable. Try again later." }

Retry after a short delay.

Related: Connect X Account starts the challenge, and List X Accounts verifies the account after connection.

​Continue the pending login

Use the returned challenge ID

Enter the account email code

Handle another code prompt

Start over when stale

​Headers

​Path Parameters

​Body

​Response

Continue the pending login

Headers

Path Parameters

Body

Response