Skip to content

X Ads API Credentials Setup

You need four credentials to connect the X Ads connector:

  • Consumer Key and Consumer Secret — identify your developer app (Steps 1–3)
  • Access Token and Access Token Secret — prove your app can access your ad account (Steps 4–6)

Steps 4–6 use OAuth 1.0a — a secure handshake that lets OWOX read your X Ads data without storing your X password.

Before you start: Sign up for Postman if you don’t have an account yet. It’s a free tool for sending API requests. You’ll use it in Steps 4 and 6.


Go to the X Developer Console and sign in with the X (Twitter) account you use to run your ads. Click Start Building.

X Developer Console welcome page with the Start Building button

A Create Project dialog opens. Fill in:

  • Project Name: anything works (for example, OWOX Project)
  • Use Case: Exploring the API
  • Description: optional

Click Create.

Create Project dialog with Project Name set to "OWOX Project", Use Case set to "Exploring the API", and the Create button

Go to the Apps page. Choose the Free (Deprecated) tier. Click Create App.

X Developer Console Apps page in the Free tier showing the Create App button

Fill in the Application Name (for example, OWOX Ads Connector). Click Create New Client Application.

Create New Client Application dialog with the Application Name field set to "OWOX Ads Connector" and the Create New Client Application button

An Application Created Successfully dialog appears with your Consumer Key and Secret Key. Copy both and save them in a password manager — X shows them only once.

⚠️ If you close this dialog without copying, go to Step 3 to regenerate them.

Application Created Successfully dialog showing the Consumer Key and Secret Key with Copy buttons


Creating a developer app doesn’t automatically give you access to the Ads API. You need to request it separately.

Submit the Ads API Access Form.

The form asks for your Developer App ID. To find it:

  1. Go to console.x.com
  2. Click on your app name
  3. The App ID is the number shown next to the ACTIVE badge

X Developer Console app detail page showing the App ID highlighted next to the app name

The form also asks you to describe how you’ll use the API. X grants access based on this description, so name the data areas the connector needs: Analytics, Campaign Management, and Creatives. These belong to Standard Access. Conversion Only access covers conversion tracking alone and won’t work with this connector.

Adapt this example:

“We are advertisers connecting to the X Ads API to access campaign analytics, campaign management, and ad creative data for reporting and optimization. The data will be imported via the OWOX Data Marts platform to support strategic marketing decisions.”

Ads API Access Form with fields for company info, contact details, Developer App ID, and API purpose description

Submit the form. X reviews requests within 3 business days and sends an approval email to your address.

Do not continue until you receive the approval email from X.


ℹ️ Skip this step if you already saved your Consumer Key and Secret Key in Step 1.

Go to console.x.com, click your app name, then open the Keys & Tokens tab.

Scroll to the OAuth 1.0 Keys section. Click Regenerate.

⚠️ Regenerating creates new keys and invalidates the old ones. If anything was using the old keys, it will stop working.

Copy and save both values in a password manager:

  • Consumer Key
  • Secret Key ← X calls this “Secret Key” here, but you’ll enter it as Consumer Secret in Postman later

Keys & Tokens tab showing the OAuth 1.0 Keys section with the Regenerate button for Consumer Key


Open Postman. Click the + button to open a new tab.

  1. Change the method dropdown from GET to POST

  2. Paste this URL into the address bar:

    https://api.x.com/oauth/request_token
  3. Click the Authorization tab (below the URL bar)

  4. Open the Auth Type dropdown and select OAuth 1.0

Fill in the fields that appear on the right:

FieldValue
Signature MethodHMAC-SHA1
Consumer Keyyour Consumer Key from Step 1 or Step 3
Consumer Secretyour Secret Key from Step 1 or Step 3

ℹ️ This request works because the app you created in Step 1 has OAuth 1.0a user authentication enabled. If it fails with a callback error, or Step 5 shows no PIN, open your app’s User authentication settings, turn on OAuth 1.0a, and set any callback URL. In Postman, you can also add oauth_callback = oob under the OAuth 1.0 advanced parameters.

Click Send. The response appears in the panel at the bottom of the screen. It looks like:

oauth_token=E4MQKQAAAAAB1yCFAAABl2OHH80&oauth_token_secret=UlDQaqOoJHj1VvLQ8fQH6Iq686rEFww2&oauth_callback_confirmed=true

This is a single string with values separated by &. Extract both values and keep them handy — you’ll use them in the next two steps:

  • oauth_token — the value between oauth_token= and &oauth_token_secret. In the example above: E4MQKQAAAAAB1yCFAAABl2OHH80
  • oauth_token_secret — the value between oauth_token_secret= and &oauth_callback_confirmed. In the example above: UlDQaqOoJHj1VvLQ8fQH6Iq686rEFww2

Postman showing POST request to oauth/request_token with OAuth 1.0 selected, all fields filled, and the 200 OK response containing oauth_token and oauth_token_secret

Possible errors:

This request sends only your Consumer Key and Consumer Secret. So an authentication error points to one of those two values:

  • “Could not authenticate you.” — Your Consumer Key or Consumer Secret is wrong. Re-enter them carefully and try again.
  • Still failing after re-entering? Regenerate the keys in Step 3, then use the new values.

Replace YOUR_OAUTH_TOKEN in the URL below with the oauth_token value you saved in Step 4:

https://api.x.com/oauth/authorize?oauth_token=YOUR_OAUTH_TOKEN

For example, if your oauth_token is E4MQKQAAAAAB1yCFAAABl2OHH80, the URL is:

https://api.x.com/oauth/authorize?oauth_token=E4MQKQAAAAAB1yCFAAABl2OHH80

Open the URL in your browser. An authorization page appears. Click Authorize app.

X authorization page in the browser showing the Authorize app button circled, with the oauth_token visible in the URL bar

After you click Authorize app, X shows a page with a numeric PIN. Copy the PIN and save it — you’ll enter it in Step 6.

ℹ️ If X redirects you to a website instead of showing a PIN, look at the URL bar. Copy the oauth_verifier value from it — that value serves the same purpose as the PIN. Use it as the Verifier in Step 6.

Possible errors:

  • “The request token for this page is invalid.” — The oauth_token expired. Temporary tokens are short-lived. Go back to Step 4, request a new one, and complete Steps 5–6 without delay.

X error page showing "Whoa there! The request token for this page is invalid" message


In Postman, open a new tab (click +) to keep this request separate from the one in Step 4.

  1. Change the method to POST

  2. Paste this URL:

    https://api.x.com/oauth/access_token
  3. Click the Authorization tab and select OAuth 1.0

Fill in the fields. Note: the Access Token and Access Token Secret here are the temporary values from Step 4.

FieldValue
Signature MethodHMAC-SHA1
Consumer Keyyour Consumer Key from Step 1 or Step 3
Consumer Secretyour Secret Key from Step 1 or Step 3
Access Tokenoauth_token from Step 4 (temporary)
Access Token Secretoauth_token_secret from Step 4 (temporary)
Verifierthe PIN from Step 5

Click Send. The response appears in the bottom panel:

oauth_token=1534231826281152515-kDGnM70as1fh6xoYWK9HvlwtDHHqe8&oauth_token_secret=KiXVKSyHifVoVm7vq3iC7zjclE1ocqvgpouS95RuLXM61&user_id=1534231826281152213&screen_name=examplename

Save these two values — these are your permanent credentials:

  • oauth_token → this is your Access Token
  • oauth_token_secret → this is your Access Token Secret

Postman showing the POST request to oauth/access_token with OAuth 1.0 settings filled in and the 200 OK response containing oauth_token and oauth_token_secret


You now have all four credentials for the connector:

CredentialWhat X calls itWhere it comes from
Consumer KeyConsumer KeyStep 1 or Step 3
Consumer SecretSecret KeyStep 1 or Step 3
Access Tokenoauth_tokenStep 6 response
Access Token Secretoauth_token_secretStep 6 response

Go to the Getting Started Guide to complete the setup.