User Login V2 (Recovery)
Recover a Twitter/X account with a dead token and changed password via the mailbox. Returns fresh tokens + a new password. $0.005 per call.
/twitter/user_login_v2This endpoint costs $0.005 per API call.
Recovers an account when the normal User Login can't authenticate — i.e. the auth_token is dead and the password was changed after the account was captured (common with resold accounts). It regains access using the account's mailbox and returns fresh tokens plus a new password. High success rate on dead / changed-password accounts.
Save the returned new_password. This recovery flow sets a new password on the account — the old password no longer works.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
username | string | Yes | Twitter username (without @) |
email | string | Yes | The email address on the account |
mail_pw | string | Yes | The mailbox password for that email |
totp_secret | string | Conditional | Base32 TOTP secret — required if the account has 2FA |
proxy | string | No | Proxy URL. Recommended so the recovery/login IP matches the IP used for later writes. |
Email Provider Support
Supported mailbox providers include GMX / mail.com and Hotmail / Outlook / Live. Gmail and Yahoo mailboxes are not supported and return EMAIL_AUTH_FAILED — use the two-step Reset Password flow for those instead.
Notes
- Try
/user_loginfirst (fast, no password change). If it fails with dead-token / wrong-password errors and you have the mailbox password, fall back to/user_login_v2. - For Gmail/Yahoo, or when you don't have the mailbox password, use the two-step Reset Password flow (the account owner reads the code).
Response (200)
Same shape as /user_login, plus new_password:
{
"username": "myaccount",
"new_password": "Gx7c266vra3z",
"auth_token": "a3b02c3782dc4f...",
"ct0": "e63a5e4d0a...",
"twid": "u=143711528",
"profile": { "...": "..." }
}Error Responses
Errors include a code field identifying the reason:
| HTTP | code | Meaning |
|---|---|---|
| 400 | — | Missing username / email / mail_pw |
| 404 | ACCOUNT_NOT_FOUND | Account not found (suspended, deleted, or renamed) |
| 502 | EMAIL_AUTH_FAILED | Mailbox not accessible — check email / mail_pw (Gmail and Yahoo not supported) |
| 502 | NO_CODE | Could not verify the account in time — retry |
| 400 | TOTP_REQUIRED | Account has 2FA — supply totp_secret |
| 502 | TWO_FA_FAILED | 2FA step failed (check totp_secret) |
| 422 | NO_EMAIL_METHOD | Account can't be recovered automatically |
| 503 | NO_BEGIN_TOKEN | Transient — retry |
{
"error": "Could not access the mailbox — check the email and mail_pw. Gmail and Yahoo mailboxes are not supported.",
"code": "EMAIL_AUTH_FAILED"
}Example
curl -X POST "https://api.getxapi.com/twitter/user_login_v2" \
-H "Authorization: Bearer API_KEY" \
-H "Content-Type: application/json" \
-d '{
"username": "myaccount",
"email": "myaccount@gmx.com",
"mail_pw": "mailboxpassword",
"totp_secret": "SXGS5MN2IHUMV34H",
"proxy": "http://user:pass@host:port"
}'User LoginUpdated
Get fresh auth tokens for a Twitter account via API. Required for write endpoints like tweeting and DMs. GetXAPI login endpoint docs.
Reset Password (two-step)New
Two-step Twitter/X account recovery — you trigger the reset, the owner supplies the emailed code, you get fresh tokens. Works for any mailbox. $0.005 per step.