| title | Getting Enterprise Access | |||||||
|---|---|---|---|---|---|---|---|---|
| sidebarTitle | Getting Access | |||||||
| description | Enterprise access requires an application and onboarding process. Your dedicated account team will help you get set up with credentials and configure. | |||||||
| keywords |
|
import { Button } from '/snippets/button.mdx';
Enterprise access requires an application and onboarding process. Your dedicated account team will help you get set up with credentials and configure your access.
Apply for Enterprise access
[Fill out the Enterprise interest form](/forms/enterprise-api-interest) with details about your organization and use case. Our sales team will reach out to understand your data volume, endpoint requirements, and support needs. Receive a tailored plan with pricing, rate limits, and access levels designed for your use case.
Once your Enterprise plan is in place, your dedicated account manager will help you set up:
Set up your app in the [Developer Console](https://console.x.com) with Enterprise-level access. Your account manager will help configure rate limits, endpoint access, and any custom settings. Generate your API keys and tokens for authentication.You'll receive several credentials depending on your authentication needs:
| Credential | Purpose |
|---|---|
| API Key & Secret | Identify your app. Used to generate tokens and sign OAuth 1.0a requests. |
| Bearer Token | App-only authentication for reading public data. |
| Access Token & Secret | Make requests on behalf of your own account (OAuth 1.0a). |
| Client ID & Secret | OAuth 2.0 authentication for user-context requests. |
Use the **Bearer Token** for simple, read-only access to public data.
```bash
curl "https://api.x.com/2/users/by/username/xdevelopers" \
-H "Authorization: Bearer $BEARER_TOKEN"
```
Best for: Searching posts, looking up users, reading trends.
OAuth 2.0 offers fine-grained scopes—request only the permissions you need.
Best for: Posting, liking, following, accessing DMs.
[OAuth 2.0 guide →](/resources/fundamentals/authentication/oauth-2-0/overview)
These tokens represent the account that owns the app.
Best for: Testing, personal bots, your own automation.
Never hardcode credentials in your source code. Add credential files to `.gitignore`. Regenerate credentials periodically as a security measure. Only request the OAuth permissions your app needs.
Call the API with your new credentials. Understand OAuth 1.0a and OAuth 2.0.