Build With X

Authentication

API keys and environment configuration for xAI APIs

xAI API Key

Get your API key from the xAI Console.

Environment Variables

# .env
XAI_API_KEY=xai-your-key-here

TypeScript Configuration

import OpenAI from "openai"

const client = new OpenAI({
  apiKey: process.env.XAI_API_KEY,
  baseURL: "https://api.x.ai/v1",
})

xAI's API is OpenAI-compatible. Use the official openai package with the xAI base URL.

X API Authentication

For X (Twitter) API access, you need:

  1. API Key & Secret - From the X Developer Portal
  2. Bearer Token - For app-only authentication
  3. OAuth 2.0 - For user-context authentication

Environment Variables

# .env
X_API_KEY=your-api-key
X_API_SECRET=your-api-secret
X_BEARER_TOKEN=your-bearer-token

# For OAuth 2.0 PKCE
X_CLIENT_ID=your-client-id

Basic Setup

// App-only authentication (read-only public data)
const headers = {
  Authorization: `Bearer ${process.env.X_BEARER_TOKEN}`,
}

// User-context authentication (for posting, DMs, etc.)
// See X API OAuth guide for OAuth 2.0 PKCE flow

Security Best Practices

Never commit API keys to version control. Use .env files and ensure they're in .gitignore.

  1. Use environment variables - Never hardcode keys
  2. Rotate keys regularly - Especially if compromised
  3. Use minimal scopes - Request only needed permissions
  4. Monitor usage - Check the xAI console for anomalies

Build With X

Best practices and patterns for xAI's Grok API and X (Twitter) API

Best Practices

Error handling, rate limits, and design patterns

On this page

xAI API KeyEnvironment VariablesTypeScript ConfigurationX API AuthenticationEnvironment VariablesBasic SetupSecurity Best Practices