Authentication

The XScraper API uses API keys to authenticate requests. You can obtain an API key by signing up on our website.

API Key Authentication

All API requests must include your API key in the X-API-Key header.

Example Request with API Key

curl -X GET \
https://api.xscraper.xyz/api/v1/twitter/users/profile_by_username/elonmusk \
-H "X-API-Key: your_api_key_here"

Rate Limiting

API requests are rate-limited based on your subscription plan. If you exceed your rate limit, you'll receive a 429 Too Many Requests response.

Rate Limit Warning

If you exceed your rate limit, your requests will be throttled. Upgrade your plan for higher limits.

Error Responses

If your API key is invalid or expired, you'll receive a 401 Unauthorized response.

401 Unauthorized Response

{
"statusCode": 401,
"timestamp": "2025-04-19T15:49:28.824Z",
"path": "/api/v1/twitter/users/profile_by_username/elonmusk",
"method": "GET",
"message": "Invalid or expired API key"
}

Securing Your API Key

Your API key grants access to your account and should be kept secure. Follow these best practices:

Never share your API key in public repositories or client-side code
Use environment variables to store your API key in your applications
Rotate your API key periodically for enhanced security
Set up IP restrictions for your API key in your account settings