Choose an access method
| Access method | Account | Credential | Coverage | Payment |
|---|---|---|---|---|
| Account API key | Required | Full-scope API key | Full authenticated API, subject to the account plan | Subscription and account credits |
| OAuth 2.1 | Required | OAuth Bearer token | Same account capabilities granted by OAuth | Subscription and account credits |
| Guest wallet | Not required | paid_reads API key | Exactly 33 prepaid GET routes | 250 USD Stripe-hosted Payment Link |
| MPP | Not required | Per-request payment credential | 7 fixed-price GET operations | Per-request payment |
Create and activate a wallet
Confirm the amount
Ask the user to choose and explicitly confirm a USD amount from 250. Represent it in cents as
amount_minor.Create the Payment Link
Call This request creates a one-use Stripe-hosted Payment Link. It does not charge the user.
POST /api/v1/guest-wallets with Content-Type: application/json, a cryptographically random UUID v4 Idempotency-Key, and the confirmed amount.Store the credentials
Store the returned
api_key and the original Idempotency-Key in a secret manager. The key appears only in the initial response and an exact idempotent replay. No email recovery is available.Give the user the Stripe URL
Give only
checkout_url to the user. The user opens and completes Stripe checkout. Pending Payment Links expire after 60 minutes.Poll for verified payment
After payment, poll The key remains inactive for paid reads until the status response reports
GET /api/v1/guest-wallets/status every poll_after_seconds with the guest key. Stop when latest_purchase.status is no longer pending.usable: true. Stripe checkout completion alone is not proof of activation. Xquik activates credits only after a verified Stripe webhook.Call paid read routes
Send an active guest key as a Bearer credential:paid_reads scope permits exactly the 33 GET routes listed below. It includes batch GET /api/v1/x/tweets, which accepts up to 100 tweet IDs. Every other route is unavailable.
Eligible paid-read routes
Guest wallets cover these 33 prepaid GET routes:- Tweets:
/api/v1/x/tweets,/api/v1/x/tweets/{id},/api/v1/x/tweets/search,/api/v1/x/tweets/{id}/favoriters,/api/v1/x/tweets/{id}/quotes,/api/v1/x/tweets/{id}/replies,/api/v1/x/tweets/{id}/retweeters,/api/v1/x/tweets/{id}/thread - Users:
/api/v1/x/users/batch,/api/v1/x/users/search,/api/v1/x/users/{id},/api/v1/x/users/{id}/followers,/api/v1/x/users/{id}/followers-you-know,/api/v1/x/users/{id}/following,/api/v1/x/users/{id}/likes,/api/v1/x/users/{id}/media,/api/v1/x/users/{id}/mentions,/api/v1/x/users/{id}/replies,/api/v1/x/users/{id}/tweets,/api/v1/x/users/{id}/verified-followers - Communities:
/api/v1/x/communities/{id}/info,/api/v1/x/communities/{id}/members,/api/v1/x/communities/{id}/moderators,/api/v1/x/communities/{id}/tweets,/api/v1/x/communities/search,/api/v1/x/communities/tweets - Lists:
/api/v1/x/lists/{id}/followers,/api/v1/x/lists/{id}/members,/api/v1/x/lists/{id}/tweets - Trends:
/api/v1/trends,/api/v1/x/trends - Relationships:
/api/v1/x/followers/check - Articles:
/api/v1/x/articles/{tweetId}
Top up an active wallet
When a guest read returns402 insufficient_credits, its payment_options advertises only POST /api/v1/guest-wallets/topups. Ask the user to choose and confirm a 250 USD amount. Then create a new one-use Stripe-hosted Payment Link with the existing guest key and a new UUID v4 Idempotency-Key.
The top-up response keeps the same wallet and key. It never returns a new key. After payment, poll the same status URL every poll_after_seconds until latest_purchase.status is no longer pending.
See Top up guest wallet for the request and response contract.
Handle anonymous 401 and 402 responses
The 26 non-MPP paid reads return401 with a Bearer authentication challenge and a guest wallet creation action:
payment_options.guest_wallet.create_checkout. That action describes the guest wallet route, amount bounds, required UUID v4 header, and returned fields. The Bearer header requests authentication. It is not a Payment challenge.
The 7 direct MPP operations return 402 application/problem+json with WWW-Authenticate: Payment and the same guest wallet action. Complete the MPP challenge or ask the user to confirm a guest wallet amount.
Do not create a guest wallet because a request returned 401 or 402. The guest wallet action is an offer, not authorization.
Use guest keys with MCP
An active guest key can authenticate the API MCP server. Itsexplore and xquik tools expose only the 33 eligible GET read routes. Mutations and noneligible routes are unavailable.
The 3 guest credential routes remain direct REST only:
POST /api/v1/guest-walletsPOST /api/v1/guest-wallets/topupsGET /api/v1/guest-wallets/status
Protect wallet access
- Keep
api_keyandIdempotency-Keyout of URLs, logs, prompts, and shared output. - Respect
Cache-Control: no-store, privateon create, top-up, and status responses. - Reuse an idempotency key only for the exact same request.
- Use
usableand the returned status instead of inferring access from checkout state. - Refunds and disputes reconcile only affected-purchase credits. Unrelated credits remain usable.
- Access pauses only during unresolved settlement risk or unrecovered liability. It resumes after resolution.