You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use X Chat for the product; keep Chat API and Chat XDK
Standalone references to Chat as the product are now X Chat.
Chat API and Chat XDK stay as the API and encryption SDK names;
code identifiers (Chat class, paths, event types) are unchanged.
This primer explains the cryptographic ideas behind Chat at a conceptual level. You do not need this depth to build—the [Chat XDK](/xchat/xchat-xdk) performs encryption, decryption, signing, and key storage for you—but the mental model helps when you design your app or debug behavior.
10
+
This primer explains the cryptographic ideas behind X Chat at a conceptual level. You do not need this depth to build—the [Chat XDK](/xchat/xchat-xdk) performs encryption, decryption, signing, and key storage for you—but the mental model helps when you design your app or debug behavior.
11
11
12
12
When you are ready to implement, use [Getting Started](/xchat/getting-started) for a full walkthrough and the [API reference](/x-api/chat/get-chat-conversations) in the sidebar for individual routes.
13
13
@@ -19,7 +19,7 @@ When you are ready to implement, use [Getting Started](/xchat/getting-started) f
19
19
20
20
## The big picture
21
21
22
-
Chat uses a layered encryption system where:
22
+
X Chat uses a layered encryption system where:
23
23
24
24
1.**Messages** are encrypted with a **conversation key** (fast symmetric encryption)
25
25
2.**Conversation keys** are encrypted to each participant using their **identity public key** (asymmetric key exchange)
@@ -51,7 +51,7 @@ In the product flow, X transports **ciphertext and key envelopes**—not readabl
51
51
52
52
## Key types explained
53
53
54
-
Chat uses three kinds of key material, each with a specific purpose.
54
+
X Chat uses three kinds of key material, each with a specific purpose.
55
55
56
56
### 1. Identity keypair
57
57
@@ -110,7 +110,7 @@ Conversation keys are generated when a conversation is set up or when keys rotat
110
110
The Chat XDK signs the encrypted payload with your signing private key, proving you authored this exact content.
111
111
</Step>
112
112
<Steptitle="Send to X">
113
-
Your app sends the encrypted payload and signature to X through the Chat **send message**API. X stores and delivers bytes it cannot read as plaintext.
113
+
Your app sends the encrypted payload and signature to X through the Chat API **send message**endpoint. X stores and delivers bytes it cannot read as plaintext.
114
114
</Step>
115
115
</Steps>
116
116
@@ -166,7 +166,7 @@ Your app should:
166
166
167
167
## Juicebox: Distributed key storage
168
168
169
-
Your **private** identity and signing keys must be stored carefully. Chat integrates **Juicebox** so keys can be recovered with a PIN across devices without giving any single server the full secret.
169
+
Your **private** identity and signing keys must be stored carefully. X Chat integrates **Juicebox** so keys can be recovered with a PIN across devices without giving any single server the full secret.
170
170
171
171
### The problem with traditional key storage
172
172
@@ -208,7 +208,7 @@ You do not configure Juicebox servers by hand for the normal path. The Chat XDK
208
208
209
209
## Signatures explained
210
210
211
-
Every Chat message includes a **digital signature** that supports:
211
+
Every X Chat message includes a **digital signature** that supports:
212
212
213
213
1.**Authenticity** — it was produced with the sender’s signing private key
214
214
2.**Integrity** — the encrypted content was not modified after signing
@@ -230,7 +230,7 @@ The Chat XDK signs when you encrypt outbound messages and verifies when you decr
230
230
231
231
## Security properties
232
232
233
-
### What Chat protects against
233
+
### What X Chat protects against
234
234
235
235
| Threat | Protection |
236
236
|:-------|:-----------|
@@ -240,7 +240,7 @@ The Chat XDK signs when you encrypt outbound messages and verifies when you decr
Group chats use the **same encryption model** as 1:1 Chat: one **conversation key** shared by members, wrapped to each member’s **identity public key**, with messages encrypted and signed by the Chat XDK. What changes is **membership**, **how you create the thread**, and often **encrypted title/avatar** fields on the conversation.
8
+
Group chats use the **same encryption model** as 1:1 X Chat: one **conversation key** shared by members, wrapped to each member’s **identity public key**, with messages encrypted and signed by the Chat XDK. What changes is **membership**, **how you create the thread**, and often **encrypted title/avatar** fields on the conversation.
9
9
10
10
1:1 flows are in [Getting Started](/xchat/getting-started). Endpoint details are under **API reference → Conversations and messages**.
Copy file name to clipboardExpand all lines: xchat/introduction.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,7 @@ Grouped under **API reference** in the sidebar, including:
52
52
53
53
## Auth notes
54
54
55
-
Use **OAuth 2.0 user context** with DM-related scopes (`dm.read`, `dm.write`, plus `users.read` / `tweet.read` as required; `media.write` for uploads). Chat activity for a user requires that user’s authorization. Juicebox config for PIN storage is returned on **your** public-key record (`juicebox_config` field)—see Getting Started.
55
+
Use **OAuth 2.0 user context** with DM-related scopes (`dm.read`, `dm.write`, plus `users.read` / `tweet.read` as required; `media.write` for uploads). X Chat activity for a user requires that user’s authorization. Juicebox config for PIN storage is returned on **your** public-key record (`juicebox_config` field)—see Getting Started.
Images and other files use the **same conversation key** as text. Encrypt bytes with the Chat XDK (`encrypt_stream` / `decrypt_stream`), upload via **`/2/chat/media/...`** (sidebar **API reference → Media**), then attach **`media_hash_key`** on `encrypt_message`.
9
9
10
10
Include **`media.write`** with your DM scopes when uploading. Use hyphenated conversation ids in paths (`:` → `-`). Prefer MIME/dimensions from **decrypted** bytes.
11
11
12
-
This path is **not** the Posts media model (`expansions=attachments.media_keys`, `media.fields=variants`, etc.). Those parameters apply to **Posts**; E2EE Chat blobs are addressed by **`media_hash_key`** and Chat media download.
12
+
This path is **not** the Posts media model (`expansions=attachments.media_keys`, `media.fields=variants`, etc.). Those parameters apply to **Posts**; E2EE X Chat blobs are addressed by **`media_hash_key`** and X Chat media download.
Copy file name to clipboardExpand all lines: xchat/real-time-events.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,18 +1,18 @@
1
1
---
2
-
title: Real-time Chat Events
2
+
title: Real-time X Chat Events
3
3
sidebarTitle: Real-time events
4
4
description: Receive encrypted chat events via webhooks or the activity stream
5
5
---
6
6
7
-
X delivers **`chat.received`**, **`chat.sent`**, and related chat activity with **ciphertext** in the payload. Decrypt with the [Chat XDK](/xchat/xchat-xdk).
7
+
X delivers **`chat.received`**, **`chat.sent`**, and related X Chat activity with **ciphertext** in the payload. Decrypt with the [Chat XDK](/xchat/xchat-xdk).
8
8
9
9
| Layer | Role |
10
10
|:------|:-----|
11
11
|**Activity API**|`GET /2/activity/stream`; `POST` / `GET` / `PUT` / `DELETE``/2/activity/subscriptions` (see OpenAPI security per operation) |
12
12
|**Account Activity webhooks**| Optional `/2/account_activity/webhooks/...` subscription routes if you terminate on your own HTTPS URL |
Private chat event types need authorization for the user you monitor. Encrypted Chat file attachments use **`media_hash_key`** and Chat media download—not Post API `expansions=attachments.media_keys` / `media.fields=variants`.
15
+
Private X Chat event types need authorization for the user you monitor. Encrypted X Chat file attachments use **`media_hash_key`** and X Chat media download—not Post API `expansions=attachments.media_keys` / `media.fields=variants`.
This page covers problems that are **specific to Chat encryption and the Chat XDK**—keys, Juicebox, decrypt/verify, and building encrypted send payloads.
8
+
This page covers problems that are **specific to X Chat encryption and the Chat XDK**—keys, Juicebox, decrypt/verify, and building encrypted send payloads.
9
9
10
10
For webhooks, OAuth, HTTP status codes, and rate limits, use the general [X API](/x-api/introduction) and [authentication](/fundamentals/authentication/overview) documentation.
11
11
@@ -169,7 +169,7 @@ They may not have finished onboarding. After they register, load `public_key`, `
169
169
170
170
## Building the send payload
171
171
172
-
These mistakes are specific to Chat encryption (not general HTTP errors):
172
+
These mistakes are specific to X Chat encryption (not general HTTP errors):
The **Chat XDK** handles key management, encryption, decryption, and signing for Chat. It does **not** call the X HTTP API—pair it with the [Python](/xdks/python/overview) or [TypeScript](/xdks/typescript/overview)**XDK**, or with HTTPS and a user access token.
8
+
The **Chat XDK** handles key management, encryption, decryption, and signing for X Chat. It does **not** call the X HTTP API—pair it with the [Python](/xdks/python/overview) or [TypeScript](/xdks/typescript/overview)**XDK**, or with HTTPS and a user access token.
0 commit comments