Event types and authentication

X Activity API

This page lists supported event types and explains how they line up with authentication. For XAA, whether an event is public or private is the same question as whether you may use app-only credentials or must use user credentials. The privacy class tells you which OAuth style X expects.

Supported event types

Most filters use user_id (numeric user ID). The exception is news.new, which uses a keyword filter.

The Privacy column is how X classifies the event for XAA: Public (app Bearer is the usual subscription path, subject to tier rules), Private (user OAuth required), or Multi (both shapes exist, for example a path that is public under Enterprise app auth and a path that is private under pay-per-user / user context, per product configuration).

Profile events

Event typeDescriptionPrivacyFilter
profile.update.bioUser updates their profile bioPublicuser_id
profile.update.profile_pictureUser updates their profile picturePublicuser_id
profile.update.banner_pictureUser updates their profile bannerPublicuser_id
profile.update.screennameUser updates their display namePublicuser_id
profile.update.handleUser updates their handlePublicuser_id
profile.update.geoUser updates their profile locationPublicuser_id
profile.update.urlUser updates their profile website URLPublicuser_id
profile.update.verified_badgeUser updates their verified badgePublicuser_id
profile.update.affiliate_badgeUser updates their affiliate badgePublicuser_id

Follow events

Event typeDescriptionPrivacyFilter
follow.followUser follows another userMultiuser_id, optional direction
follow.unfollowUser unfollows another userMultiuser_id, optional direction

Direction filter: For follow.follow and follow.unfollow, the filter may include direction: "inbound" or "outbound" alongside user_id. See Direction filter.

Multi here means XAA supports more than one auth posture: some trusted packages may subscribe with application-only access, while pay-per-user flows treat the same event as private and require user OAuth. Confirm the matrix for your package on docs.x.com.

Post events

Event typeDescriptionPrivacyFilter
post.createUser creates a post (including replies, quotes, and reposts)Publicuser_id
post.deleteUser deletes one of their postsPublicuser_id
post.mention.createUser is @mentioned in a postPrivateuser_id

Scope: These events fire for posts authored by the filtered user_id (mentions are for the mentioned user). For a high-volume, rule-based firehose of public posts across all of X, the Filtered Stream endpoint is still the right tool; XAA post events are best for tracking activity from specific accounts you subscribe to.

Like events

Event typeDescriptionPrivacyFilter
like.createUser likes a postPrivateuser_id, optional direction

Direction filter: like.create accepts an optional direction ("inbound" or "outbound") alongside user_id. See Direction filter.

Likes are private: subscribing requires user OAuth. See Subscribing to private events.

Spaces events

Event typeDescriptionPrivacyFilter
spaces.startUser starts a SpacePublicuser_id
spaces.endUser ends a SpacePublicuser_id

Legacy DM events

Unencrypted, legacy direct messages.

Event typeDescriptionPrivacyFilter
dm.receivedUser receives an unencrypted DMPrivateuser_id
dm.sentUser sends an unencrypted DMPrivateuser_id
dm.readUser reads a DM or read receipt for the filtered userPrivateuser_id
dm.indicate_typingUser is typing a message to the filtered userPrivateuser_id

Chat events (encrypted / XChat)

Event typeDescriptionPrivacyFilter
chat.receivedUser receives an encrypted direct messagePrivateuser_id
chat.sentUser sends an encrypted direct messagePrivateuser_id
chat.conversation_joinUser joins an encrypted chat conversationPrivateuser_id
chat.indicate_typingUser is typing in an encrypted chatPrivateuser_id
chat.readUser read state in encrypted chatPrivateuser_id

The last two rows are in development; availability and payload fields may change—watch X developer docs.

News events

Event typeDescriptionPrivacyFilter
news.newNew Grok-curated trends and headlinesPublickeyword

news.new is Enterprise and Partner tier only at this time.

XAA continues to add more event types over time; check X developer documentation for the latest list.

Subscription limits

Package tierMaximum subscriptions
Self-serve1,000
Enterprise50,000
Partner100,000

Public vs private events = app vs user auth

X labels each XAA event type as public or private in line with the main app. That label is not a separate concept from authentication: it tells you whose OAuth grant must back your requests.

Private events are activities that are not universally visible on X (for example DMs and encrypted chat). Accessing them requires explicit user authorization: OAuth 2.0 user context or OAuth 1.0a user access. Use xurl --auth oauth2 or xurl --auth oauth1 after registering the matching profile. See the xurl README for setup.

Public events are activities already visible on the platform. Subscribing uses OAuth 2.0 application-only authentication: a Bearer token for your app. In this book that is xurl auth app --bearer-token … then --auth app (see the xURL chapter).

Caveat

Some event types can be accessed with either user OAuth or app-level OAuth depending on your package. For example, app-only subscriptions for follow.follow / follow.unfollow may be reserved to higher tiers. Confirm both privacy class and tier entitlements in the current XAA docs.

Public eventsPrivate events
Relationship to your app Data X treats as already public; no personal OAuth grant needed User must explicitly authorize your app before you can subscribe
OAuth model OAuth 2.0 app-only (Bearer token) OAuth 2.0 user context or OAuth 1.0a user access
xurl --auth app --auth oauth2 or --auth oauth1
Typical subscription rule Filter by user_id (or keyword for news.new) Filter only for users who have authorized your app
Previous The X Activity API