App permissions
Third-party apps may request access to perform different actions using your X account.
OAuth 1.0a User Context
Apps using OAuth 1.0a User Context may ask for the following permissions to access certain information in your account and take certain actions:
Read
Apps with read access to your X account will have the ability to:
- Profile information: View your profile information, such as your name, location, description, and profile and header photos. Note that the email address associated with your X account and your phone number are not considered profile information. An app will not be able to view your email address unless you grant the app specific permission to do so.
- posts: View your posts (including details such as the number of times a post has been viewed and the interactions others have with a post) and posts from accounts you follow on your timeline, including any protected posts.
- Account settings: View your account settings, such as your preferred language and time zone.
- Other accounts: See who you follow, mute, and block.
- Lists: View your Lists of X accounts.
- Collections: View your collections of posts.
OAuth 1.0a User Context
Apps using OAuth 1.0a User Context may ask for the following permissions:
Read and Write
Apps with read and write access to your X account will have access to view your information as described in the Read section above, and will also have the ability to:
Profile information: Update your profile information for you.
posts: Post posts and media on your behalf, delete posts for you, and engage with posts posted by others for you (for example, like, un-like, or reply to a post, Repost, etc.).
Account settings: Manage your account settings for you.
Other accounts: Follow and unfollow accounts for you, and mute, block, or report accounts on your behalf.
Lists: Create Lists of X accounts for you, manage your Lists (for example, add and remove accounts from Lists) for you, and delete your Lists for you.
Collections: Create collections of posts for you, manage your collections (for example, add and remove posts from collections) for you, and delete your collections for you.
Read, Write, and Direct Messages
Apps with read, write, and Direct Message access to your X account will have access to view your information and take actions as described above in the Read and Write sections, and will also have the ability to: send Direct Messages for you, view Direct Messages you’ve sent and received, and manage and delete your Direct Messages. Remember that each communication participant has their own copy of the communication — deletion of a Direct Message will remove it from your account, not the accounts of the other participants to the communication.
Email Address
In addition to the permissions above, apps may also ask for permission to view the email address associated with your X account.
X Ads
If you use X Ads, apps may also ask to:
Analytics: Access your advertising data, including your campaigns, audiences, business and ad account information (such as account name, ID, and creation date, business name, timezone, and users), ad account and user settings (such as notification email, contact phone number and extensions, industry type, email subscription settings, and tax settings), and creatives and media.
Campaign and account management: Access your advertising data as described above, create and manage your advertising data (such as media, creatives, campaigns, and audiences) for you, and manage your account (such as account name, industry type, account and user settings, etc.).
Learn more about granting access to your X Ads account with multi-user login.
OAuth 2.0 User Context
OAuth 2.0 User Context enables a developer to set more granular access for their app. Apps using OAuth 2.0 User Context may may ask for permissions in the following categories:
Read
Read permissions define what an app can see in your X account. For example, an app may ask permission to view things like:
- All the posts and Spaces you can view, including posts from protected accounts.
- People who follow you and people you follow.
- Accounts you've muted and blocked.
You'll see a list of things an app is requesting permission to view under "Things this App can view."
Write
Write permissions define what actions an app can take on your behalf. For example, an app may ask permission to do things like:
- post and repost for you.
- Hide and unhide replies to your posts.
- Follow and unfollow people for you.
You'll see a list of things an app is requesting permission to do on your behalf under "Things this App can do."
We do not share your X password with apps. Remember that when you authorize an app to access your X account or take actions on your behalf, the app may use, store, and share your information in accordance with its own business practices. While app developers agree to abide by our rules and guidelines, we strongly recommend that you review an app’s terms and privacy policy before you authorize the app to access your account.
Learn more about our rules and guidelines for third-party app developers in our Developer Policy.
