Skip to main content
This guide walks you through setting up the Account Activity API, managing user subscriptions, validating your webhook, and using the replay feature to recover missed events.

1. Create an X App

Create an X app with an approved developer account from the developer portal. If creating the app on behalf of your company, use a corporate X account.
  • Enable “Read, Write, and Access direct messages” on the permissions tab of your app page.
  • On the “Keys and Access Tokens” tab, note your app’s Consumer Key (API Key), Consumer Token (API Secret), and Bearer Token.
  • Generate your app’s Access Token and Access Token Secret. These are needed to subscribe to user accounts.
  • Review Obtaining Access Tokens if unfamiliar with X Sign-in and user contexts.
  • Note your app’s numeric ID from the “Apps” page in the developer portal. This is required when applying for Account Activity API access.

2. Get Account Activity API access

The Account Activity API is available on the Enterprise and Pay Per Use tiers. Submit an application for access via the developer portal.

3. Register a webhook

To receive Account Activity events, you must register a webhook with a publicly accessible HTTPS URL. See the V2 Webhooks API documentation for details on developing a webhook consumer app, registering a webhook, securing it, and handling Challenge-Response Checks (CRC).
  • Ensure your webhook is configured to handle POST requests with JSON-encoded event payloads.
  • Obtain the webhook_id from the webhook registration response, as it is required for managing subscriptions.

4. Validate setup

To validate that your app and webhook are configured correctly:
  1. Subscribe a user account to your webhook (see Adding a Subscription below).
  2. Favorite a Post posted by one of the X accounts your app is subscribed to.
  3. You should receive a favorite_events payload via a POST request to your webhook URL.
It may take up to 10 seconds for events to start being delivered after adding a subscription.

Managing subscriptions

Once you have a registered webhook with a valid webhook_id, you can manage user subscriptions to receive their account activities. Use the following endpoints to add, view, or remove subscriptions.

Adding a subscription

Endpoint: POST /2/account_activity/webhooks/:webhook_id/subscriptions/allAPI Reference Subscribes the authenticating user to receive events via the specified webhook. Authentication: OAuth 1.0a (3-legged OAuth flow required, representing the user being subscribed).
Success (200 OK):
Failure reasons:

Checking a subscription

Endpoint: GET /2/account_activity/webhooks/:webhook_id/subscriptions/allAPI Reference Checks if the authenticating user is subscribed to the specified webhook. Authentication: OAuth 1.0a (3-legged OAuth flow required).
Success (200 OK):
Failure reasons:

Removing a subscription

Endpoint: DELETE /2/account_activity/webhooks/:webhook_id/subscriptions/:user_id/allAPI Reference Deactivates the subscription for a specific user ID, stopping event delivery to the webhook. Authentication: OAuth2 App Only Bearer Token.
Success (200 OK):
Failure reasons:

Viewing all subscriptions

Endpoint: GET /2/account_activity/webhooks/:webhook_id/subscriptions/all/listAPI Reference Retrieves a list of all user IDs currently subscribed to the specified webhook. Authentication: OAuth2 App Only Bearer Token.
Success (200 OK):
Failure reasons:

Subscription count

Endpoint: GET /2/account_activity/subscriptions/countAPI Reference Returns the total count of active subscriptions and the provisioned limit for the authenticating application. Authentication: OAuth2 App Only Bearer Token.
Success (200 OK):
DM-only subscriptions are no longer supported. The subscriptions_count_direct_messages field will always be "0".

Replay

AAAv2 provides replay functionality that allows you to retrieve past events for a specified time range and re-deliver them to your webhook. This is useful for recovering missed events due to downtime. Endpoint: POST /2/account_activity/replay/webhooks/:webhook_id/subscriptions/allAPI Reference Authentication: OAuth2 App Only Bearer Token. Success (200 OK):
Failure reasons:

Job completed messages

Once your replay job successfully completes, X will deliver the following job completion event. Once you receive this event, the job has finished running and another can be submitted.
In the event your job does not complete successfully, X will return the following message encouraging you to retry your Replay Job. Once you receive this event, the job has finished running and another can be submitted.

Important notes

  • Authentication: When subscribing users, use the consumer key, consumer secret, access token, and access token secret for the user’s account.
  • Direct Messages: All incoming and outgoing Direct Messages (sent via POST /2/dm_conversations/with/:participant_id/messages) are delivered via webhooks to keep your app aware of all DM activity.
  • Event Duplication:
    • If two subscribed users are in the same DM conversation, your webhook receives duplicate events (one per user). Use the for_user_id field to distinguish them.
    • If multiple apps share the same webhook URL and user, events are sent multiple times (once per app).
    • Your app should deduplicate events using the event ID to handle occasional duplicates.

Sample apps


Next steps

Introduction

Activity types, data objects, and payload examples

Webhooks API

Register and manage your webhooks

Migration guide

Migrate from legacy Enterprise to v2

Webhook quickstart

CRC setup, security, and webhook registration