Skip to main content
Two MCP (Model Context Protocol) servers are available for working with X from AI tools:

X MCP — X API

Connect any MCP-compatible AI tool (Grok Build, Cursor, Claude, VS Code, and others) directly to the X API. The model can then search the full archive, look up users, manage bookmarks, fetch trends and news, and draft Articles — all with your own X account’s permissions. The X API exposes a hosted Streamable HTTP MCP server at https://api.x.com/mcp (protocol 2025-06-18, serverInfo: xmcp). You reach it through the open-source xurl mcp bridge, which handles OAuth for you and injects a fresh Bearer token on every call.

Capabilities at a glance

How it works

X’s OAuth requires your own developer app. There is no dynamic client registration, and api.x.com/mcp does not advertise native MCP OAuth discovery. Instead of pointing your client at the URL directly, you run a tiny local bridge. The bridge owns the app identity, performs the one-time login, and keeps the token fresh.
  • The bridge runs via the npm launcher (npx), so there is no separate install step.
  • On first run with no cached token, it opens your browser for a one-time OAuth2 login, then caches and auto-refreshes the token forever after.
  • All diagnostics go to stderr; stdout stays a clean JSON-RPC channel.

Getting started

Pick one of two routes:
  • Simple — App-only Bearer. Paste your app’s Bearer token into an Authorization header on the MCP client. No bridge, no browser login. Read-only endpoints; no user context (can’t act as you). Works with clients that support remote MCP with custom headers.
  • Full — xurl mcp bridge (OAuth 2.0 user context). A local bridge handles the OAuth 2.0 PKCE login and auto-refreshes tokens, so the model acts with your account’s scopes. Required for writes (bookmarks, Articles) and any user-context tool.

Simple route (app-only Bearer)

  1. Create an X app in the X Developer Portal.
  2. Copy your App-only Bearer token from the app’s “Keys and tokens” page.
  3. Point your client at https://api.x.com/mcp with the token as an Authorization header — see App-only (direct URL, no bridge) below for the snippet.

Full route (xurl bridge)

  1. Create an X app with OAuth 2.0 enabled.
  2. Register the redirect URI http://localhost:8080/callback on the app (required for the first-run browser login). To use a different one, set REDIRECT_URI and register that instead.
  3. Copy your CLIENT_ID and CLIENT_SECRET — you’ll put them in the client config. If you ever run xurl auth oauth2 manually (e.g., the headless flow below), export them as environment variables in that shell first — the login fails in the browser without them.
  4. Have Node.js installed (for npx).
  5. We recommend you install xurl:
First login needs a browser. On a headless/remote box, authenticate out-of-band first with xurl auth oauth2 --headless (paste-a-code flow), then the bridge just reuses the cached token. See Headless.

Connect your client

1. Grok Build

Or add the xurl bridge with one command (the -e flags become the server’s environment, args after -- go to npx):
Verify and list:
The first time a tool is invoked (or on doctor), your browser opens for the X login — complete it once and you’re set.

2. Cursor

Create ~/.cursor/mcp.json (global, all projects) or .cursor/mcp.json (this project only):
Then open Cursor → Settings → MCP, confirm xapi shows a green dot and its tools. On first use Cursor spawns the bridge and your browser opens for login; the tool list populates once the handshake completes.

3. Claude Desktop

Edit claude_desktop_config.json (macOS: ~/Library/Application Support/Claude/, Windows: %APPDATA%\Claude\):
Restart Claude Desktop; the X tools appear in the tools (🔌) menu.

4. VS Code (GitHub Copilot / Agent mode)

Add to .vscode/mcp.json:

5. Any MCP client

xurl bridge (stdio): If you installed xurl natively, replace command/args with "command": "xurl", "args": ["mcp", "https://api.x.com/mcp"]. App-only Bearer (remote HTTP):

Authentication

OAuth 2.0 user context (default)

The bridge authenticates as you (PKCE flow), so tools act with your account’s scopes. Resolution order for credentials: CLIENT_ID/CLIENT_SECRET env vars → the active app in ~/.xurl. The bridge caches tokens in ~/.xurl and refreshes them automatically (including a forced refresh after a 401).

First-run browser login

With no cached token, the bridge prints to stderr and opens your browser:
The MCP handshake is held until you finish — that’s why clients need a generous startup_timeout_sec.

Headless / remote machines

No reachable browser? Authenticate once out-of-band, then start the client:

App-only (direct URL, no bridge)

For read endpoints, you can skip the bridge and point a client straight at the URL with a static App-only Bearer token. This is useful for clients that support remote MCP with custom headers:
Trade-off: no auto-refresh and no user context (no actions as you). The bridge is recommended for full functionality.

Multiple apps & accounts

The OAuth login authorizes whichever X account is logged in when the browser opens — not necessarily the account that owns the app. If you’re posting on behalf of a secondary/bot account, switch to that account in your browser before completing the login (or use -u to pick a previously authorized user).
In a client config, add "--app", "my-app" or "-u", "alice" to args.

Configuration reference

Advanced env overrides (rarely needed): AUTH_URL, TOKEN_URL, API_BASE_URL, INFO_URL.

Verify & troubleshoot

Security & best practices

  • Treat ~/.xurl and access tokens as secrets — don’t paste them into chats, logs, or shared configs. Prefer per-project .mcp.json/.grok/config.toml that reference env vars over committing raw secrets.
  • Use a dedicated app for MCP with only the scopes you need.
  • Writes count against rate limits (bookmarks, article_publish) and are stricter than reads; expect occasional 429s and back off.
  • The bridge is local — your credentials never leave your machine except as a Bearer token sent over TLS to api.x.com.

X hosts an MCP server for the X API documentation at https://docs.x.com/mcp. Connect it to your AI tool to search and read documentation pages without leaving your workflow.

Available tools

Configuration

Add the docs MCP server to your MCP client configuration:
This is useful when you’re building with the X API and want your AI assistant to look up endpoint details, authentication guides, or code examples on the fly.

Using both servers together

You can connect both MCP servers simultaneously. This gives your AI assistant the ability to both look up documentation and call the API. Grok Build (~/.grok/config.toml):
Cursor / Claude-style (mcp.json):

OpenAPI specification

The machine-readable API specification for all X API v2 endpoints.
You can use it to auto-generate API clients, import into Postman, feed into custom AI agents, or validate request/response schemas.