X (Twitter) API Limits in 2026: What Every Automation User Needs to Know

If you're running outbound on X, the platform you're building on changed underneath you in February 2026. The old fixed-price API tiers — Free, Basic, Pro — are gone for new developers. Pay-per-use is now the default. Rate limits got dynamic. And X's enforcement of its automation policy quietly tightened, with a bot purge that began in February 2026 and is still ongoing.
If you're using any tool that touches the X API — for DMs, replies, prospect research, or content scheduling — the X API limits in 2026 directly affect your cost, your deliverability, and whether your account survives the next sweep. This guide covers the rules as they actually exist today, what's allowed, what gets accounts suspended, and what to look for in any automation tool you're paying for.
TL;DR
- X moved to pay-per-use API pricing in February 2026. New developers can no longer sign up for the old $200 Basic or $5,000 Pro tiers — those are legacy-only.
- DM automation for cold outreach is explicitly prohibited under X's Developer Policy. "Auto-DM after follow," bulk DMs, and programmatic cold outreach all violate ToS.
- What's allowed: scheduled posts, opt-in DM responses, AI-assisted drafting, scraping public data via API, and human-in-the-loop workflows.
- What gets you suspended: bulk identical DMs, coordinated multi-account behavior, scraping outside the API, and "human-only interaction" rule violations from the 2026 bot purge.
- Smart automation tools work with the limits — pacing sends, requiring human approval, and using opt-in flows — rather than trying to bypass them.
How the X API Pricing Model Changed in February 2026
For three years, the X API ran on a tiered subscription model. You picked Free, Basic ($200/month), Pro ($5,000/month), or Enterprise ($42,000+/month) and accepted the rate caps that came with your tier. That model is now legacy.
On February 6, 2026, X replaced tiered pricing with pay-per-use as the default for all new developers. Existing Basic and Pro subscribers can keep their plans, but no one new can sign up for them. New signups buy credits in the Developer Console and get charged per API call.
What you actually pay per call
Based on the published 2026 rates:
- Post creation: ~$0.010 per request
- Post read: ~$0.005 per request
- User profile lookup or DM read: ~$0.010 per request
- Deduplication rule: Requesting the same post or profile within a 24-hour UTC window is billed only once
- Pay-per-use cap: 2 million post reads per month (above that, you need Enterprise)
For a write-heavy workload — say, 5,000 posts/month with light reads — you're looking at roughly $50–100/month, cheaper than the old Basic tier. For read-heavy use cases, costs escalate fast: 100,000 reads/month alone runs about $500.
Why this matters if you're using an automation tool
Two things follow from this. First, if your tool was built against the legacy tier model, watch for re-pricing or feature changes — many smaller tools are renegotiating their cost structures right now. Second, deduplication and caching are no longer "nice to have" — they're cost-control infrastructure. Tools that hit the same prospect's profile twice in a day are now wasting your money.
X API Rate Limits: The Two Layers You Need to Understand
X enforces two separate kinds of limits, and confusing them is one of the most common mistakes in automation planning.
Layer 1: Per-endpoint rate limits (15-minute windows)
Every endpoint has its own short-window cap — typically measured in 15-minute rolling windows on paid tiers. These exist to protect X's infrastructure. Hit one and you get a 429 error, which most tools handle by backing off and retrying.
The free tier — for the legacy users who still have it — uses much more restrictive 24-hour windows, with as few as one request per 15 minutes for tweet retrieval. This is why the free tier is genuinely unworkable for any production use.
Layer 2: Monthly post quota and dynamic limits
Separately, search and stream endpoints draw down a monthly post-read quota. Exceed it and those endpoints stop responding until the next calendar month — even if your per-endpoint rate limit is fine.
In 2026, X also rolled out dynamic rate limits. Instead of fixed numbers, the platform now adjusts your effective cap based on:
- Your recent activity volume
- Account reputation and history
- "Automation footprint" — how programmatic your behavior looks
This is the layer most outbound users underestimate. You can be technically within published limits and still get throttled because your account looks too automated.
User-level DM caps (separate from API limits)
For DMs specifically, X enforces account-level caps that exist independently of API rate limits. The current published soft caps:
- ~150 DMs per hour
- 500 DMs per day (verified accounts get higher headroom)
- Counter resets 24 hours from your first DM of the day (not at midnight UTC)
Hit either one and X will lock your DM ability — sometimes silently. Sending identical or near-identical DMs to multiple recipients within a short window will trigger spam filters even if you're under the numeric cap.
What X's Automation Policy Actually Says About DMs
This is where most outbound teams get into trouble. The rules are clearly written; they just aren't widely read.
X's Developer Policy and Automation Rules are explicit on a few points:

Prohibited
- Bulk or coordinated DMs. Sending identical or substantially similar DMs to many recipients programmatically is prohibited.
- Auto-DMs triggered by follow. The classic "Thanks for following — check out my product" DM that fires automatically is a direct violation.
- Programmatic cold DMs for marketing. X explicitly calls out "any programmatic use of the DM endpoint for marketing purposes" as prohibited.
- Misleading links. Automated DMs containing redirect links, shorteners that obscure the destination, or deceptive landing pages.
- Coordinated multi-account behavior. Posting or DMing identical content from multiple accounts to amplify reach.
Permitted
- Scheduled content publishing through authorized OAuth-connected apps.
- Opt-in DM responses — replies sent to users who initiated a conversation or explicitly requested contact (e.g., replying to a public tweet asking for a DM).
- AI-assisted drafting of posts and messages, as long as a human reviews and sends.
- Reading public data via the API for research, lead intelligence, or signal detection.
- Engaging followers manually with help from tools that surface relevant prospects or conversations.
The line that matters
The deciding factor X uses internally isn't "did you use a tool" — it's "did a human meaningfully participate in this action." A tool that drafts a personalized message based on a prospect's recent activity, surfaces it to you, and lets you review and send is on the safe side. A tool that fires the same DM to 500 leads while you sleep is not.
The 2026 Bot Purge and "Human-Only Interaction" Rules
In February 2026, X launched what it called a "new initiative against AI-powered bots." This followed a 2024 sweep that suspended roughly 800 million accounts and a second-half-2025 purge that removed several hundred million more.
The 2026 sweep is different. According to public statements from X's product leadership, stricter "human-only interaction" rules are now in force — accounts showing no real manual activity are flagged as high risk for permanent suspension. Independent estimates put the bot population on X at 9–15% of accounts (roughly 50–84 million on a 560M MAU base), and X has been aggressive about reducing that share.
For anyone running outbound automation, this changes the math:
Pure-automation accounts are no longer viable.
Even if your tool is technically compliant, an account that does nothing but send programmatic DMs reads as bot-like.
Engagement diversity matters.
Real likes, real replies, real reads in the X mobile app — these signals protect your account's reputation score.
Account warming is no longer optional.
New accounts pushed straight into outbound get suspended fast.
What to Look For in a Compliant X Automation Tool
If you're evaluating an automation platform — whether it's NetworkX.ai or a competitor — these are the questions that matter in 2026:
Does it use the official X API via OAuth, or does it scrape?
Scrapers will get your account suspended; OAuth-connected apps appear in X's "posted via" metadata as legitimate.
Does it require human approval for DMs?
"Send DMs in your sleep" is a red flag. Approval-required workflows are the compliant path.
Does it pace sends?
Tools that fire 100 DMs in 10 minutes will burn your account, regardless of what they advertise.
Does it personalize at the message level?
Identical-content detection is one of X's primary spam signals.
Does it support opt-in flows?
The cleanest outbound on X starts with a public reply or post that invites the DM, not a cold programmatic message.
How does it handle the dedup rule?
Tools that re-fetch the same prospect data multiple times are wasting your API spend.
What's its compliance documentation?
Reputable tools publish a clear stance on X's automation policy. Vague answers are a warning sign.
A Practical Framework for Staying Within X API Limits
For teams running outbound on X today, the workable model looks like this:
Use automation for research and drafting, not for sending.
Let the tool find the prospects, read their recent activity, draft a personalized message, and queue it. You review and send.
Build opt-in entry points.
A pinned tweet that says "Reply 'PLAYBOOK' for the guide" turns cold outreach into responses to inbound interest — completely outside the cold DM rules.
Pace your activity.
Stay well under the 150 DMs/hour soft cap. 20–30 second gaps between sends. Mix in genuine engagement.
Diversify your signals.
Reply to tweets manually. Like things. Read posts in the app. The 2026 reputation system rewards human-pattern activity.
Cache aggressively.
Don't re-fetch prospect data you already have. Respect the 24-hour dedup window — it's your friend on cost.
How NetworkX.ai Approaches X API Limits

NetworkX.ai is built for this regulatory environment, not the pre-2026 one. The platform operates as a smart assistant rather than a bulk-send blaster — it surfaces high-intent prospects based on their public X activity, drafts personalized messages tailored to each conversation, and routes them through human-approval workflows that satisfy X's "meaningful human participation" standard.
That positioning isn't an accident. It's a direct response to where the platform is actually going: tighter automation enforcement, dynamic rate limits, and a clear preference for tools that augment human outbound rather than replace it.
If you're rebuilding your X outbound stack for 2026, start a free trial and see how the assistant-style workflow handles the new API reality — without the compliance risk of legacy bulk-DM tools.
Frequently Asked Questions
How much does the X API cost in 2026?
Under the pay-per-use model launched February 2026, post creation costs roughly $0.010 per request and post reads cost $0.005 per request. A write-heavy workload of 5,000 posts/month with light reads runs about $50–100/month. Read-heavy workloads scale faster: 100,000 reads/month costs around $500. Pay-per-use is capped at 2 million reads/month before Enterprise is required.
Is DM automation allowed on X?
Programmatic cold DMs and bulk identical DMs are explicitly prohibited under X's Developer Policy. What is allowed: opt-in DM responses (replying to users who initiated contact), AI-assisted drafting where a human reviews and sends, and personalized one-to-one DMs paced within X's user-level limits (roughly 150/hour, 500/day). The deciding factor is meaningful human participation in each send.
What is the X DM rate limit per day?
Standard accounts can send approximately 500 DMs per day with a soft hourly cap of about 150. Verified and Premium accounts get higher headroom. The daily counter resets 24 hours from your first DM of the day, not at midnight UTC. Sending identical content to multiple recipients can trigger spam filters before you reach the numeric cap.
Can I still use the old Basic or Pro X API tiers?
Only if you're already subscribed. As of February 6, 2026, new developers cannot sign up for the legacy Basic ($200/month) or Pro ($5,000/month) tiers. Existing subscribers can keep their plans, but all new signups are routed to pay-per-use pricing. Enterprise tier remains available for high-volume use cases.
What happens if I exceed X API rate limits?
Per-endpoint rate limit breaches return a 429 error and require backing off until the rolling window resets (typically 15 minutes on paid tiers). Exceeding the monthly post-read quota stops affected endpoints until the next calendar month. Repeated violations or patterns flagged as automation abuse can trigger account-level restrictions, dynamic rate limit reductions, or suspension under the platform integrity policy.
How do I avoid getting suspended for automation in 2026?
Use OAuth-connected official apps rather than scrapers. Require human approval for DMs. Pace your activity well below published caps. Personalize every message — identical content is a primary spam signal. Maintain genuine engagement signals (manual replies, likes, in-app reads) to preserve account reputation, especially given the 2026 bot purge's "human-only interaction" enforcement.


