User Login
Get fresh auth tokens for a Twitter account via API. Required for write endpoints like tweeting and DMs. GetXAPI login endpoint docs.
/twitter/user_loginThis endpoint costs $0.01 per API call.
Under maintenance. We're working on improving login reliability. This endpoint may be intermittently unavailable or rate-limited — if you hit failures, grab the auth_token straight from your browser cookies in the meantime.
Use your own proxy for reliable logins. Twitter rate-limits logins per IP (roughly 1–2 logins per IP, then a cooldown), so without a proxy you may hit rate_limited frequently. Supply a residential or ISP (static-residential) proxy with a sticky session — the entire login flow, including 2FA, must come from a single IP. Datacenter and rotating proxies will fail or get rate-limited. Format: http://user:pass@host:port. A fresh IP per login (or one IP per account) is best.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Twitter username (without @) |
password | string | Yes | Account password |
email | string | Yes | Email address for verification. Required in practice — Twitter's login flow conditionally triggers an alternate-identifier subtask asking for the account's email, and login fails with 366 "Missing data" if not supplied. Always pass email if you have it. |
totp_secret | string | Conditional | TOTP secret for 2FA-enabled accounts (base32 string). Required whenever 2FA is enabled on the account. |
proxy | string | No (recommended) | Your own residential or ISP static proxy with a sticky session (http://user:pass@host:port). Strongly recommended — logins are rate-limited per IP, so your own proxy avoids the shared-pool rate_limited. Datacenter and rotating proxies will fail or get rate-limited. |
Notes
- Returns fresh auth tokens (auth_token, ct0, twid) for the account.
- Why email matters: Twitter's login is a multi-step subtask flow. After password, Twitter's risk engine decides whether to trigger an alternate-identifier subtask ("verify it's you, enter your email"). Whether it fires depends on account age, IP reputation, prior login patterns, and random risk scoring — you cannot predict it per request, so the safe default is to always send email.
- For 2FA accounts, provide the
totp_secretto auto-generate the 6-digit code. - Proxy (recommended): Pass your own proxy to log in from your IP instead of the shared server pool. Twitter throttles logins per IP, so a dedicated IP is the most reliable way to avoid
rate_limited. Use a residential or ISP static-residential proxy with a sticky session — the whole flow (password → 2FA) must stay on one IP. Datacenter or rotating proxies will fail or get rate-limited. Best practice: a fresh IP per login, or one IP per account. Also keeps your login IP consistent with subsequent calls. - Profile data is fetched automatically after successful login.
Response (200)
{
"username": "blueriver_42",
"auth_token": "7b3f9c1e2d8a4f6b9c0e1a2d3f4b5c6e7a8b9c0d",
"ct0": "9a2c4e6f8b1d3a5c7e9f0b2d4a6c8e0f",
"twid": "u=1623458791034556928",
"profile": {
"type": "user",
"id": "1623458791034556928",
"userName": "blueriver_42",
"name": "Blue River",
"url": "https://x.com/blueriver_42",
"isVerified": false,
"isBlueVerified": false,
"profilePicture": "https://pbs.twimg.com/profile_images/...",
"description": "",
"location": "",
"followers": 18,
"following": 33,
"createdAt": "Wed Mar 15 09:42:11 +0000 2023"
}
}Error Responses
400 - Missing fields
{
"error": "Missing required fields: username, password"
}500 - Login failed
{
"error": "Login failed: invalid credentials or account locked"
}Example
# Basic login (no 2FA)
curl -X POST "https://api.getxapi.com/twitter/user_login" \
-H "Authorization: Bearer API_KEY" \
-H "Content-Type: application/json" \
-d '{
"username": "myaccount",
"password": "mypassword",
"email": "myemail@example.com"
}'
# Login with 2FA (TOTP)
curl -X POST "https://api.getxapi.com/twitter/user_login" \
-H "Authorization: Bearer API_KEY" \
-H "Content-Type: application/json" \
-d '{
"username": "blueriver_42",
"password": "kp7m9q2nx4tj",
"email": "blueriver42@mailprovider.com",
"totp_secret": "JBSWY3DPEHPK3PXP"
}'Update ProfileNew
Update Twitter profile fields (name, bio, location, URL, color, birthdate) programmatically via API. $0.001 per call. GetXAPI update profile endpoint.
List Members
Get all members of a public Twitter/X list via API. $0.001 per call, ~20 users per call. GetXAPI list members endpoint documentation.