X (Twitter) — Postli docs

Home / Docs / X (Twitter)

Provider

X (Twitter)

Publish tweets, threads, and media to X. Postli uses the X API v2 with OAuth 2.0 PKCE. Replies and self-threading are supported; quote-tweets and DMs are not.

Requirements

An X account in good standing — suspended or shadow-restricted accounts may publish but lose engagement read.
An X developer account on a paid tier (Basic or higher) — tweet publishing is not available on the free tier. You will create your own app and paste the credentials into Postli; see Create your X developer app below.
For long-form posts (>280 characters): X Premium on the connected account.

Spec

Account type

Any X account (Premium required for long posts)

Auth

OAuth 2.0 with PKCE

Token type

2-hour access token + refresh token (Postli refreshes automatically)

Post types

Tweet, self-reply thread, image / video / GIF tweet

Character limit

280 (free) · up to 25,000 (X Premium)

Image

JPEG, PNG, WebP, GIF · ≤5 MB · up to 4 per tweet

Video

MP4, H.264 + AAC · ≤512 MB · 0.5–140 s · 1 per tweet

GIF

≤15 MB · 1 per tweet (cannot mix with images / video)

Auto-comments

Supported via self-reply (Instant, Time)

Create your X developer app

X requires merchants to bring their own API credentials — the app you build sits under your X developer account, with its own quota and pricing tier.

Paid plan required. Tweet publishing via the API is not on X’s free tier. You need Basic (paid) or higher to write tweets. See developer.x.com/en/portal/products for current pricing.

Sign in at developer.x.com/en/portal/dashboard. If you don’t have a developer account yet, apply — approval is usually instant for paid tiers.
Create a Project, then a App inside it. The Project lets you upgrade to higher tiers if you ever need them.
Open User authentication settings on the app. Choose:
- App permissions: Read and write
- Type of App: Native App — not Web App, Automated, or Bot (those break OAuth 2.0 PKCE and fail with error 32)
Add the Callback URI:
https://app.usepostli.com/api/integration/twitter/callback
Set Website URL to your store domain. Save.
Under Keys and Tokens, generate (or regenerate) the OAuth 2.0 Client ID and Client Secret. Save them somewhere private — the secret is shown only once.
In Postli, open Settings → Integrations → X (Twitter), paste the Client ID and Secret, save.

OAuth setup

Once credentials are saved, go to Integrations → X → Connect. You’ll be sent to X’s OAuth 2.0 consent screen. After approval, Postli stores the access and refresh tokens.

Scopes Postli requests:

tweet.read # read engagement tweet.write # publish tweets users.read # identify the connected account offline.access # issue refresh token like.read # like-count threshold for auto-comments

Post types in detail

Single 280-character tweet (or up to 25,000 for Premium accounts — Postli detects which based on the API response). Up to 4 images, or 1 video, or 1 GIF.

Thread

Use + Add tweet on the X channel tab to chain tweets as a self-reply thread. Each tweet in the thread has its own character count; Postli enforces the limit per tweet, not across the thread.

Auto-reply (auto-comment)

Postli implements auto-comments on X as a self-reply tweet to the published parent. Instant and Time conditions both work; LikeCount uses the like metric returned by the v2 metrics endpoint.

Pro tip. The first reply on a tweet is what most users see in expanded view — this is exactly where a product short link goes well. Schedule the link as an Instant auto-comment instead of cramming it into the tweet body.

Rate limits

X API v2 rate limits depend on the access tier and endpoint. For posting tweets via OAuth 2.0 user context, the typical limit is 200 tweets per 15-minute window per user. Media upload limits are separate. Postli back-offs and retries on 429 with exponential delay.

Gotchas & best practices

Long posts need Premium. If the account is not Premium, anything over 280 characters will fail with a 422. Postli surfaces the error on the post detail.
One media-type per tweet. You cannot combine images and video, or images and GIF, in the same tweet.
Quote-tweet is not supported. The v2 publishing endpoint does not currently expose quote_tweet_id for OAuth 2.0 user context.
URL counts as 23 characters. X auto-shortens links to t.co; even a long Postli URL counts the same.
Token refresh. Tokens expire after 2 hours. Postli’s scheduled token-refresh job rotates them ahead of expiry; if a refresh fails (e.g. user revoked from X settings), an account-health alert fires.

Webhooks

Postli does not subscribe to X webhooks (Account Activity API requires a separate access tier). Engagement metrics are polled.