X (Twitter) guide

Learn how to implement a custom X (Twitter) authentication flow inside your application using the postpress API.

Step 1: Authenticate to X (Twitter)

Retrieving your X credentials

To authenticate an X account, the user provides their X username, phone number, or email together with their password.

Authentication request

POST to the accounts endpoint with the user's credentials, or call the matching SDK method.

curl --request POST \
     --url https://api.postpress.ai/v1/accounts \
     --header 'X-API-KEY: ${POSTPRESS_API_KEY}' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
  "provider": "TWITTER",
  "username": "your_handle",
  "password": "********"
}'

Step 2: Handle the 2FA checkpoint

If the X account has two-factor authentication enabled, the API returns a checkpoint with a 202 status. Example response:

{
  "object": "Checkpoint",
  "account_id": "098dez89d",
  "checkpoint": {
    "type": "2FA"
  }
}

At this point a new authentication intent starts. The intent lasts 5 minutes and every checkpoint must be solved inside that window.

Step 3: Solve the 2FA checkpoint

POST the 2FA code to the solve-checkpoint endpoint or call the SDK, passing the account_id returned by the first request.

curl --request POST \
     --url https://api.postpress.ai/v1/accounts/checkpoint \
     --header 'X-API-KEY: ${POSTPRESS_API_KEY}' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
  "provider": "TWITTER",
  "account_id": "098dez89d",
  "code": "******"
}'

The response indicates whether the account is successfully connected.

Step 4: Handle intent timeout

If the user takes more than 5 minutes to solve the checkpoint, the account will not be connected. Any later request against that intent first returns a 408 Request Timeout, then a 400 Bad Request as the authentication intent self-destructs.