How CreatifyHQ Uses the X API

CreatifyHQ uses the X API only to allow authenticated users to create, schedule, and publish tweets on their own accounts, and to see basic performance metrics.

Requested Scopes

tweet.read – read tweets created through CreatifyHQ for analytics.
tweet.write – publish tweets that users draft and schedule in the app.
users.read – read logged‑in user’s public profile (name, handle, avatar).
offline.access – refresh tokens for scheduled tweets while user is offline.

We only request the minimum scopes needed to let users publish and review their own content. We do not follow, unfollow, like, or send DMs.

Example User Flow

1. Connect X account

User opens Settings → Social Accounts → “Connect X / Twitter”.
We redirect to X’s OAuth 2.0 authorization URL with the scopes above.
User approves the app and is redirected back to https://app.creatifyhq.com/auth/x/callback.
We exchange the authorization code for an access token and refresh token.

2. Create and schedule a tweet

User writes a tweet or uses AI to generate copy.
User selects “X” as a destination and sets a publish time.

3. Background worker posts to X

At the scheduled time, our worker calls POST /2/tweets with the tweet text.
We store returned tweet ID and public URL for analytics.

Data Handling

We store:

X user ID, handle, and avatar URL to show which account is connected.
Access and refresh tokens, encrypted at rest.
Tweet IDs and creation timestamps for analytics.

We do not:

Store or access DMs or non‑public data.
Use X data to build profiles for advertising or resale.

Users may disconnect X at any time from CreatifyHQ, which deletes their tokens and stops all API usage for that account.

Last updated: February 2026.