Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.xquik.com/llms.txt

Use this file to discover all available pages before exploring further.

Xquik is a hosted SaaS platform for X (Twitter) data. All data processing happens server-side. There is no infrastructure to deploy, no workers to manage, and no X API credentials to configure. You interact with Xquik through the REST API, MCP server, or dashboard.

Architecture overview

┌──────────────────────────────────────────────────┐
│                    Clients                        │
│  REST API  ·  MCP Server  ·  Dashboard  ·  CLI   │
└──────────────────────┬───────────────────────────┘
                       │ HTTPS
┌──────────────────────▼───────────────────────────┐
│                  Xquik Server                     │
│  Next.js App Router  ·  API Routes  ·  MCP Host  │
├───────────────────────────────────────────────────┤
│  Auth  ·  Rate Limiter  ·  Usage Tracking         │
├───────────────────────────────────────────────────┤
│  Extraction Engine · Draw Engine · Monitors · Write API │
└──────────┬──────────────────────┬─────────────────┘
           │                      │
┌──────────▼──────────┐  ┌───────▼─────────────────┐
│     Database        │  │   Xquik Stream Service   │
│                     │  │  Real-time event         │
│                     │  │  processing & webhooks   │
└─────────────────────┘  └───────┬─────────────────┘

                        ┌────────▼────────┐
                        │   X API Layer   │
                        └─────────────────┘

Components

REST API

120 documented operations at https://xquik.com/api/v1/* for apps, backends, scripts, and fine-grained pagination.

MCP server

2 tools, explore and xquik, at https://xquik.com/mcp for ChatGPT, Claude, Cursor, and agent workflows.

Dashboard

Manage API keys, connected X accounts, monitors, extractions, draws, webhooks, media, billing, and support.

Monitoring & webhooks

Track accounts or keywords, store events, and deliver HMAC-signed webhook payloads with retry history.

Extractions & draws

Run stored jobs for followers, replies, quotes, retweeters, favoriters, search, articles, and giveaway draws.

Write actions

Post tweets and replies, upload media, send DMs, follow, like, retweet, update profiles, and poll write status.
See integration workflows for end-to-end code examples using these components.

Security model

Authentication

Xquik uses API key authentication for all API and MCP access. The MCP server also supports OAuth 2.1 for platforms that require it (Claude.ai, ChatGPT Developer Mode).

API header

Send x-api-key on every REST API request. MCP clients can authenticate with the same Xquik API key.

Key format

Keys start with xq_ followed by 64 hex characters. The dashboard shows the full key only once.

Stored hash

Xquik stores the SHA-256 key hash and display prefix, not the plaintext key.

Revocation

Revoked or inactive keys stop authenticating immediately and return 401.

Audit trail

Successful API-key checks update lastUsedAt for account audit views.

OAuth 2.1

MCP also supports OAuth 2.1 with S256 PKCE for clients that require delegated authorization.

Session auth

Dashboard login uses session cookies. API-key creation and revocation require session auth.
API keys are shown once at creation. Store them securely. There is no way to retrieve a key after creation.

Data isolation

Every API key is scoped to a single user account. There is no cross-user access.

Monitors

Account and keyword monitors are scoped to the creating user account.

Events

Stored events resolve through account or keyword monitor ownership before returning data.

Webhooks

Webhook endpoints, signing configuration, and delivery logs belong to one user.

Extractions

Extraction jobs, result pages, and exports belong to the user that created the job.

Draws

Giveaway draws, entries, and winner lists belong to the user that created the draw.

API keys

API-key listing, creation, and revocation filter by the authenticated user ID.
Attempting to access another user’s resources returns 404 Not Found (not 403), preventing enumeration attacks.

Authorization

Xquik uses a flat permission model: no roles, no RBAC, no team workspaces.
  • One user, one account: Each account has full access to all its own resources
  • API key = full access: Any valid API key for an account can perform all operations that account is authorized for
  • Session-only endpoints: API key management (/api/v1/api-keys/*) requires session auth (dashboard login), not API key auth. You cannot create or revoke API keys using an API key.
  • Subscription gates: Creating extractions, draws, active monitors, media downloads, and X lookups require an active subscription or credits. All webhook operations (create, read, update, delete, deliveries, test) are always free. Reading, updating, deleting, exporting, and testing existing extractions, draws, monitors, and stored events is always free. Active instant monitors cost 21 credits per hour while enabled.

Rate limits

Rate limits are enforced per user account using a fixed-window counter algorithm. Each tier has an independent counter. Read counters reset every 1 second; write and delete counters reset every 60 seconds.

Read bucket

GET, HEAD, and OPTIONS share a standard user limit of 10 requests per 1 second.

Write bucket

POST, PUT, and PATCH share a standard user limit of 30 requests per 60 seconds.

Delete bucket

DELETE requests are limited to 15 requests per 60 seconds.

Retry window

Throttled reads return Retry-After: 1; throttled writes and deletes return Retry-After: 60.
When the limit is reached, requests return 429 Too Many Requests with a Retry-After header. Read throttles return Retry-After: 1; write and delete throttles return Retry-After: 60. See the Rate Limits guide for detailed explanations, backoff strategies, and client-side rate limiter code examples.

Usage & billing

Subscriptions

Starter, Pro, and Business plans run from USD 20 to USD 199 per month and include monthly credits.

Active monitors

Monitor slots are unlimited. Active instant monitors check every 1 second and cost 21 credits per active monitor-hour.

Credit top-ups

Top up from USD 10. Credits are priced at USD 0.00015 each. See Billing & Usage.

What counts as usage

Credit-metered work

Paid X reads, media downloads, trends, extraction estimates, extraction creation, monitor creation, active monitor hours, and draw execution can consume credits.

Subscription-gated work

Tweet search, user and follower lookup, article lookup, media download, trends, draw creation, and publish actions require an active subscription.

Free management paths

List, read, update, delete, export, test, and delivery-history paths stay free for draws, extractions, monitors, events, and webhooks.

Free utilities

Compose, cached styles, drafts, radar, account, API keys, X accounts, support, credit balance, and credit top-up endpoints are free.
See Billing & Usage for credit costs and billing.

Monitoring architecture

Xquik monitors X accounts and keyword queries in real time through a dedicated background service. 
X Data Stream


┌─────────────────┐     ┌──────────────────┐
│  Xquik Stream   │────▶│    Database      │
│    Service      │     │                  │
└────────┬────────┘     └──────────────────┘


┌─────────────────┐
│ Webhook Delivery │
│ HMAC-signed POST │
│ 10 attempts, exp.│
│ backoff           │
└─────────────────┘

Event types

Account monitors emit tweet.new, tweet.reply, tweet.quote, and tweet.retweet.

Signed delivery

Xquik sends an HMAC-SHA256 signed HTTPS POST to each active webhook endpoint. Verify X-Xquik-Signature, X-Xquik-Timestamp, and X-Xquik-Nonce.

Retry schedule

Failed deliveries retry up to 10 attempts with exponential backoff: base 1 second, multiplier 2x, max 60 seconds. 410 Gone exhausts immediately.

Receiver timeout

Webhook receivers should return 2xx within 10 seconds. Slow or non-2xx responses are recorded as failed attempts.

Event propagation

Events usually appear within seconds to minutes, depending on X stream timing and webhook receiver availability.

Platform limitations

Single region

Xquik currently runs as a single-region service. Do not assume multi-region replication.

Bookmarked tweets

Bookmarks and bookmark folders require a connected X account. Use bookmarks and bookmark folders.

Export caps

Extraction exports are capped at 100,000 rows. PDF exports are capped at 10,000 rows. Supported formats: CSV, JSON, MD, MD Document, PDF, TXT, and XLSX.

Webhook retries

Webhook deliveries try up to 10 attempts. 410 Gone exhausts immediately; other failures retry until delivered or exhausted.

Monitor slots

Monitor slots are unlimited. Active instant monitors check every 1 second and cost 21 credits per active monitor-hour.

Next steps

Quickstart

Get up and running with your first API call.

Authentication

API key format, header requirements, and dual auth.

Rate Limits

Fixed-window limits, backoff strategies, and code examples.

Billing & Usage

Pricing, credit allowances, and billing.
Last modified on May 13, 2026