Updated November 3, 2017
This page is primarily intended for developers.
For X users: You are ultimately responsible for the actions taken with your account, or by applications associated with your account. Before authorizing a third-party application to access or use your account, make sure you've thoroughly investigated the application and understand what it will do. If automated activity on your account violates the X Rules or these automation rules, X may take action on your account, including filtering your posts from search results or suspending your account.
For more information on third-party applications, please see our article on connecting and revoking third-party applications.
I. Ground Rules
- Build solutions that automatically broadcast helpful information in posts.
- Run creative campaigns that auto-reply to users who engage with your content.
- Build solutions that automatically respond to users in Direct Messages.
- Try new things that help people (and comply with our rules).
- Make sure your application provides a good user experience and performs well — and confirm that remains the case over time.
- Violate these or other policies. Be extra mindful of our rules about abuse and user privacy.
- Abuse the X API or attempt to circumvent rate limits.
- Use non-API-based forms of automation, such as scripting the X website. The use of these techniques may result in the permanent suspension of your account.
- Spam or bother users, or otherwise send them unsolicited messages.
A. The X Rules and the Developer Agreement and Policy
As with all activity on X, automated activity is subject to the X Rules and, if you’re a developer using the X API, the Developer Agreement and Policy.
You should carefully review these policies to ensure that your automated activity is compliant. Automated applications or activities that violate these policies, or that facilitate or induce users to violate them, may be subject to enforcement action, potentially including suspension of associated X accounts. We may also rate limit, suspend, or terminate developers’ access to the X API based on violations of these policies.
Although all aspects of the X Rules and the Developer Agreement and Policy apply to automated activity, you should keep the following rules top of mind:
Spamming: You may not send automated posts or Direct Messages that are spam, or otherwise engage in spamming activity. Some examples of spammy behavior to avoid with automation include:
- Trending topics: You may not automatically post about trending topics on X, or use automation to attempt to influence or manipulate trending topics.
- Multiple posts/accounts: You may not post duplicative or substantially similar posts on one account or over multiple accounts you operate.
Duplicate accounts: You may not create and/or automate multiple accounts for duplicative or substantially similar use cases.
- However, automating multiple accounts for related but non-duplicative use cases is permitted. For example, you may automate separate accounts to post when the Hubble Space Telescope passes over different cities, such as San Francisco or Hong Kong.
Misleading links: You may not send automated posts or Direct Messages containing links that are misleading, including links that maliciously or deceptively redirect through landing pages or ad pages before displaying the final content.
Sensitive media: Automated posts and Direct Messages must comply with the X media policy, and you should mark your account as potentially sensitive if you intend to post graphic, pornographic, or potentially sensitive media.
Abusive behavior: You may not engage in any automated activity that encourages, promotes, or incites abuse, violence, hateful conduct, or harassment, on or off X.
Private information: You may not post private or confidential information about a person without their prior express authorization.
B. Other Ground Rules for Automated Activity
In addition to the policies above, the following ground rules apply to all automated activity on X:
- Don’t surprise or mislead users: Automated activity should honor users’ expectations. Ask for the user’s permission before taking an action if you aren’t sure.
- Mature content or profanity: Don’t Direct Message, mention, or reply to users with potentially sensitive content (including profanity), unless they’ve clearly indicated an intent to receive it in advance.
- Be thoughtful about the information you request or exchange on X
- posts: Don’t ask users to send you personal or private information via a public post. If you need additional personal or private information from a user to provide them with customer service (or other similar use cases), you should ask the user to share such information by Direct Message or another private channel. You might even consider adding a Direct Message deep link to your post.
- Direct Messages: You should only ask users for the minimum amount of information you need to provide them with service. If you need to request or exchange particularly sensitive information (such as credit card information), you should consider directing users to your website or other appropriate channel to do so.
II. Activity-Specific Rules
The activity-specific rules in this section apply to taking specific automated actions on X. Please read these rules carefully, as they outline both permitted and prohibited use cases of automation.
Automated applications or activities that violate these rules, or that facilitate or induce users to violate them, may be subject to enforcement action, including suspension of associated X accounts. We may also rate limit, suspend, or terminate developers’ access the X API based on violations of these rules. As a reminder, you should also carefully review the spam guidelines in the X Rules to avoid having activities performed by you, your app, or other users through your app or service flagged as spam.
A. Automated Actions Through Another User’s Account
X users may authorize your app or service to access their X account through OAuth. A user authorizing your app or service to access their X account through OAuth does not by itself constitute sufficient consent to take automated actions through that user’s account.
You may only take automated actions through another X user’s account if you:
- clearly describe to the user the types of automated actions that will occur;
- receive express consent from the user to take those automated actions; and
- immediately honor a user’s request to opt-out of further automated actions.
If you substantially change the purpose or functionality of your app or service, you must re-obtain express consent from the user to take automated action through their account before doing so.
These requirements apply to any automated action taken through another X user’s account, including posting posts, sending Direct Messages, deleting posts or Direct Messages, or following/unfollowing other accounts. For applications that offer users the ability to delete posts in a bulk or automated manner, you must also clearly state that posts are not recoverable once deleted.
B. Automated posts
1. Posting automated posts
Automated posts that cross-post outside information: You may post automated posts based on sources of outside information — such as an RSS feed, weather data, etc. — as long as you are sufficiently authorized to publish such information.
Other automated posts (excluding mentions or replies): Provided you comply with all other rules, you may post automated posts for entertainment, informational, or novelty purposes. As a reminder, accounts posting duplicative, spammy, or otherwise prohibited content may be subject to suspension.
2. Posting automated mentions and replies
The reply and mention functions are intended to make communication between X users easier. Automating these actions to reach many users on an unsolicited basis is an abuse of the feature, and is not permitted. For example, sending automated replies to posts based on keyword searches alone is not permitted. Spammy or duplicative use of mentions and replies may result in enforcement action, such as the removal of your posts from Search or the suspension of your app or account.
However, you may send automated replies or mentions to X users so long as:
- in advance of sending the automated reply, the recipient or mentioned user(s) have requested or have clearly indicated an intent on X to be contacted by you (i.e. opted in), for example by replying to a post from your account, or by sending you a Direct Message;
- you provide a clear and easy way for such users to opt-out of receiving automated replies and mentions, and promptly honor all such opt-out requests;
- you only send one automated reply or mention per user interaction; and
- the automated reply or mention is a reply to the user’s original post (if your campaign is based on users posting a reply to your post).
Opt-in techniques and indications of user intent take many different forms, depending on the specifics of your use case and implementation. Some examples include:
- A post from your account that clearly indicates that a user taking a specific action on that post (such as Reposting it) will opt the user into receiving an automated response.
- A mention of your account by the user in a manner suggesting the user clearly wishes or intends to receive a response. If you want to run an auto-reply campaign with a campaign- or use-case-specific hashtag, users should also mention you in their posts.
Note that a user following your account is not on its own a sufficient indication of user intent to receive an automated response.