X Ads API Credentials Setup
You need four credentials to connect the X Ads connector:
- Consumer Key and Consumer Secret — identify your developer app (Steps 1–3)
- Access Token and Access Token Secret — prove your app can access your ad account (Steps 4–6)
Steps 4–6 use OAuth 1.0a — a secure handshake that lets OWOX read your X Ads data without storing your X password.
Before you start: Sign up for Postman if you don’t have an account yet. It’s a free tool for sending API requests. You’ll use it in Steps 4 and 6.
- Step 1: Create a Developer App
- Step 2: Request Ads API Access
- Step 3: Get Your Consumer Key and Secret
- Step 4: Get a Temporary OAuth Token
- Step 5: Authorize the App
- Step 6: Exchange for Permanent Tokens
Step 1: Create a Developer App
Section titled “Step 1: Create a Developer App”Go to the X Developer Console and sign in with the X (Twitter) account you use to run your ads. Click Start Building.
A Create Project dialog opens. Fill in:
- Project Name: anything works (for example, OWOX Project)
- Use Case: Exploring the API
- Description: optional
Click Create.
Go to the Apps page. Choose the Free (Deprecated) tier. Click Create App.
Fill in the Application Name (for example, OWOX Ads Connector). Click Create New Client Application.
An Application Created Successfully dialog appears with your Consumer Key and Secret Key. Copy both and save them in a password manager — X shows them only once.
⚠️ If you close this dialog without copying, go to Step 3 to regenerate them.
Step 2: Request Ads API Access
Section titled “Step 2: Request Ads API Access”Creating a developer app doesn’t automatically give you access to the Ads API. You need to request it separately.
Submit the Ads API Access Form.
The form asks for your Developer App ID. To find it:
- Go to console.x.com
- Click on your app name
- The App ID is the number shown next to the ACTIVE badge
The form also asks you to describe how you’ll use the API. X grants access based on this description, so name the data areas the connector needs: Analytics, Campaign Management, and Creatives. These belong to Standard Access. Conversion Only access covers conversion tracking alone and won’t work with this connector.
Adapt this example:
“We are advertisers connecting to the X Ads API to access campaign analytics, campaign management, and ad creative data for reporting and optimization. The data will be imported via the OWOX Data Marts platform to support strategic marketing decisions.”
Submit the form. X reviews requests within 3 business days and sends an approval email to your address.
⛔ Do not continue until you receive the approval email from X.
Step 3: Get Your Consumer Key and Secret
Section titled “Step 3: Get Your Consumer Key and Secret”ℹ️ Skip this step if you already saved your Consumer Key and Secret Key in Step 1.
Go to console.x.com, click your app name, then open the Keys & Tokens tab.
Scroll to the OAuth 1.0 Keys section. Click Regenerate.
⚠️ Regenerating creates new keys and invalidates the old ones. If anything was using the old keys, it will stop working.
Copy and save both values in a password manager:
- Consumer Key
- Secret Key ← X calls this “Secret Key” here, but you’ll enter it as Consumer Secret in Postman later
Step 4: Get a Temporary OAuth Token
Section titled “Step 4: Get a Temporary OAuth Token”Open Postman. Click the + button to open a new tab.
-
Change the method dropdown from GET to POST
-
Paste this URL into the address bar:
https://api.x.com/oauth/request_token -
Click the Authorization tab (below the URL bar)
-
Open the Auth Type dropdown and select OAuth 1.0
Fill in the fields that appear on the right:
| Field | Value |
|---|---|
| Signature Method | HMAC-SHA1 |
| Consumer Key | your Consumer Key from Step 1 or Step 3 |
| Consumer Secret | your Secret Key from Step 1 or Step 3 |
ℹ️ This request works because the app you created in Step 1 has OAuth 1.0a user authentication enabled. If it fails with a callback error, or Step 5 shows no PIN, open your app’s User authentication settings, turn on OAuth 1.0a, and set any callback URL. In Postman, you can also add
oauth_callback=oobunder the OAuth 1.0 advanced parameters.
Click Send. The response appears in the panel at the bottom of the screen. It looks like:
oauth_token=E4MQKQAAAAAB1yCFAAABl2OHH80&oauth_token_secret=UlDQaqOoJHj1VvLQ8fQH6Iq686rEFww2&oauth_callback_confirmed=trueThis is a single string with values separated by &. Extract both values and keep them handy — you’ll use them in the next two steps:
oauth_token— the value betweenoauth_token=and&oauth_token_secret. In the example above:E4MQKQAAAAAB1yCFAAABl2OHH80oauth_token_secret— the value betweenoauth_token_secret=and&oauth_callback_confirmed. In the example above:UlDQaqOoJHj1VvLQ8fQH6Iq686rEFww2
Possible errors:
This request sends only your Consumer Key and Consumer Secret. So an authentication error points to one of those two values:
- “Could not authenticate you.” — Your Consumer Key or Consumer Secret is wrong. Re-enter them carefully and try again.
- Still failing after re-entering? Regenerate the keys in Step 3, then use the new values.
Step 5: Authorize the App
Section titled “Step 5: Authorize the App”Replace YOUR_OAUTH_TOKEN in the URL below with the oauth_token value you saved in Step 4:
https://api.x.com/oauth/authorize?oauth_token=YOUR_OAUTH_TOKENFor example, if your oauth_token is E4MQKQAAAAAB1yCFAAABl2OHH80, the URL is:
https://api.x.com/oauth/authorize?oauth_token=E4MQKQAAAAAB1yCFAAABl2OHH80Open the URL in your browser. An authorization page appears. Click Authorize app.
After you click Authorize app, X shows a page with a numeric PIN. Copy the PIN and save it — you’ll enter it in Step 6.
ℹ️ If X redirects you to a website instead of showing a PIN, look at the URL bar. Copy the
oauth_verifiervalue from it — that value serves the same purpose as the PIN. Use it as the Verifier in Step 6.
Possible errors:
- “The request token for this page is invalid.” — The
oauth_tokenexpired. Temporary tokens are short-lived. Go back to Step 4, request a new one, and complete Steps 5–6 without delay.
Step 6: Exchange for Permanent Tokens
Section titled “Step 6: Exchange for Permanent Tokens”In Postman, open a new tab (click +) to keep this request separate from the one in Step 4.
-
Change the method to POST
-
Paste this URL:
https://api.x.com/oauth/access_token -
Click the Authorization tab and select OAuth 1.0
Fill in the fields. Note: the Access Token and Access Token Secret here are the temporary values from Step 4.
| Field | Value |
|---|---|
| Signature Method | HMAC-SHA1 |
| Consumer Key | your Consumer Key from Step 1 or Step 3 |
| Consumer Secret | your Secret Key from Step 1 or Step 3 |
| Access Token | oauth_token from Step 4 (temporary) |
| Access Token Secret | oauth_token_secret from Step 4 (temporary) |
| Verifier | the PIN from Step 5 |
Click Send. The response appears in the bottom panel:
oauth_token=1534231826281152515-kDGnM70as1fh6xoYWK9HvlwtDHHqe8&oauth_token_secret=KiXVKSyHifVoVm7vq3iC7zjclE1ocqvgpouS95RuLXM61&user_id=1534231826281152213&screen_name=examplenameSave these two values — these are your permanent credentials:
oauth_token→ this is your Access Tokenoauth_token_secret→ this is your Access Token Secret
Your Credentials
Section titled “Your Credentials”You now have all four credentials for the connector:
| Credential | What X calls it | Where it comes from |
|---|---|---|
| Consumer Key | Consumer Key | Step 1 or Step 3 |
| Consumer Secret | Secret Key | Step 1 or Step 3 |
| Access Token | oauth_token | Step 6 response |
| Access Token Secret | oauth_token_secret | Step 6 response |
Go to the Getting Started Guide to complete the setup.
Support
Section titled “Support”- Join the Slack Community to ask questions and connect with other users
- Browse the Q&A section for common answers
- Found a bug? Open an issue
- Have a suggestion? Start a discussion