X (Twitter) API v2

X (formerly Twitter) API v2 for reading, writing, and searching tweets, managing user accounts, and streaming real-time public conversation data.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Social Media twitter x tweets social-media oauth2 rest-api streaming tweepy
⚙ Agent Friendliness
46
/ 100
Can an agent use this?
🔒 Security
79
/ 100
Is it safe for agents?
⚡ Reliability
54
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
45
Documentation
62
Error Messages
55
Auth Simplicity
48
Rate Limits
40

🔒 Security

TLS Enforcement
100
Auth Strength
78
Scope Granularity
72
Dep. Hygiene
70
Secret Handling
75

TLS enforced. OAuth 2.0 scopes allow read/write/DM separation. However, developer app secrets have historically appeared in leaks; client_secret handling in OAuth flows requires care. App-Only tokens have full read access with no scope narrowing possible. No IP allowlisting available on standard tiers.

⚡ Reliability

Uptime/SLA
65
Version Stability
50
Breaking Changes
42
Error Recovery
60
AF Security Reliability

Best When

An agent needs to post announcements or monitor a specific brand/topic for a well-funded product team that can justify the Pro tier ($5,000/month) cost.

Avoid When

You need high-volume reads, automated replies, or cost-effective social listening — Twitter's pricing and rate limits make it impractical for most agent workflows below the Pro tier.

Use Cases

  • Monitoring brand mentions and hashtags via filtered stream or recent search
  • Scheduling and posting tweets or thread replies from an agent workflow
  • Pulling public timeline data for sentiment analysis or competitive research
  • Managing lists, bookmarks, and follows programmatically
  • Building social listening dashboards from historical or streaming tweet data

Not For

  • High-volume social listening on the free or Basic tier — read limits are extremely low
  • Personal account automation — ToS prohibits most automated posting on personal accounts
  • Real-time firehose data — full volume requires Enterprise tier ($42,000+/month)
  • Competitor intelligence or scraping at scale — aggressive enforcement of ToS violations
  • Any agent workflow where cost must be kept low — tiers are disproportionately expensive

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: oauth2 oauth1a bearer_token
OAuth: Yes Scopes: Yes

OAuth 2.0 with PKCE for user-context auth (required for posting as a user); App-Only Bearer Token for read-only public data. OAuth 1.0a still supported for legacy. PKCE flow requires browser redirect, which is hostile to headless agent workflows. Token refresh requires managing refresh tokens with short expiry windows. App-Only auth is simpler but cannot write tweets.

Pricing

Model: tiered
Free tier: Yes
Requires CC: Yes

Free tier added in 2023 is intentionally crippled — 1 post/day is not viable for any automated workflow. Basic tier at $200/month is the minimum for practical use. Pro is $5,000/month. Price increases have been sudden and without warning. Developer accounts have been terminated without clear recourse.

Agent Metadata

Pagination
cursor
Idempotent
No
Retry Guidance
Not documented

Known Gotchas

  • OAuth 2.0 PKCE requires browser redirect — fully headless agent auth requires OAuth 1.0a or App-Only, neither of which can post tweets on behalf of users
  • Free tier posts cap of 1/day makes any automated posting workflow require paid subscription immediately
  • Rate limits are per 15-minute window and vary by endpoint — many are not documented; agents must implement adaptive throttling
  • Account suspension risk is high for automated behavior; automated liking, following, and retweeting are strictly prohibited and actively detected
  • Refresh token rotation: OAuth 2.0 tokens expire after 2 hours; rotating refresh tokens require persistent token storage and atomic swap logic
  • Streaming endpoints (filtered stream) count against different quotas than REST endpoints; quota math is complex across tiers
  • Developer portal policy changes have broken apps without notice; sudden enforcement events have killed businesses built on Twitter API
  • Tweet IDs are large integers that exceed JavaScript's safe integer range — must use string IDs in all JavaScript/TypeScript clients

Alternatives

{'id': 'bluesky-api', 'reason': 'Open protocol, no fees, much more agent-friendly for social posting and reading'} {'id': 'mastodon-api', 'reason': 'Open-source, self-hostable, no approval process or per-tier fees'} {'id': 'threads-api', 'reason': "Meta's Twitter alternative with simpler OAuth and no posting fees"}

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for X (Twitter) API v2.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6352
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered