How to Read & Send Encrypted Twitter (XChat) DMs via API
If you have ever tried to read or send X's XChat direct messages programmatically, you already know the wall you hit: every other Twitter (X) API on the market stops at standard DMs. XChat messages are end-to-end encrypted, so the raw payload that comes back is ciphertext — useless without the key. That is exactly why no rival API supports them.
OmniX is the only X API that reads, sends, and decrypts XChat conversations. This guide shows you how.
Why encrypted DMs are different
Standard X DMs travel through X's normal delivery path and can be fetched with an account token. XChat is different: messages are encrypted on the sender's device and only decrypted on the recipient's. To read or sign them, you need to recover the account's key — and that requires one extra credential beyond the usual auth token.
The two credentials you need
- auth_token — the cookie of the X account the action runs as (the same token every OmniX endpoint uses).
- encryption_code — your XChat PIN, the code you set when you enabled encrypted chats on X. OmniX uses it to recover your key so messages can be decrypted and outgoing events signed.
The PIN is required whenever you touch encrypted content: reading a conversation, reacting, editing, deleting, or sending media. It is optional on the inbox (supply it to also get a preview of each conversation's latest message).
1. List your conversations
Start at the inbox to get a conversation_id:
curl "https://api.omnixapi.com/api/v1/twitter/dm/list?auth_token=YOUR_TOKEN&encryption_code=YOUR_PIN" \
-H "Authorization: Bearer YOUR_OMNIX_KEY"2. Read the decrypted history
Pass the conversation id and your PIN, and OmniX returns the full conversation with every message already decrypted — each carrying a seq_id you can target later:
curl -X POST "https://api.omnixapi.com/api/v1/twitter/dm/conversation" \
-H "Authorization: Bearer YOUR_OMNIX_KEY" \
-H "Content-Type: application/json" \
-d '{ "auth_token": "YOUR_TOKEN", "encryption_code": "YOUR_PIN", "conversation_id": "1189...:1576..." }'3. Send an encrypted message
The send endpoint has two modes. Supply encryption_code with a conversation_id and the message is end-to-end encrypted — and can later be deleted for everyone. Omit it and you fall back to a standard message.
curl -X POST "https://api.omnixapi.com/api/v1/twitter/dm/send" \
-H "Authorization: Bearer YOUR_OMNIX_KEY" \
-H "Content-Type: application/json" \
-d '{ "auth_token": "YOUR_TOKEN", "encryption_code": "YOUR_PIN", "conversation_id": "1189...:1576...", "text": "hello, encrypted world" }'Encrypted vs legacy send
| Mode | How | Delete |
|---|---|---|
| Encrypted | supply encryption_code | delete for everyone |
| Legacy | omit encryption_code | remove from your view only |
What you can build
- AI support agents that handle private encrypted DMs end to end.
- Encrypted broadcast and follow-up flows for creators.
- Compliance and archival tooling that finally sees decrypted XChat history.
Pricing
DM reads (inbox and conversation) are billed per call, and everything else is the flat $0.001 per successful call. No X developer account, no OAuth dance. See full pricing.
Ready to try it? Grab a free key, or wire the same tools into your AI editor with the OmniX MCP server.
Start building on OmniX
The X (Twitter) API with encrypted DMs, webhooks and a native MCP server — flat $0.001 per call, free credits to start.