Suddenly getting 403 from X API

[Piedone]

Suddenly, without changing anything, we started getting 403 errors from the X API like below:

ApiResponseError: Request failed with code 403
    at RequestHandlerHelper.createResponseError (/home/runner/work/_actions/twitter-together/action/08857009da2aacd9bd08204550ec96e15d76b4da/dist/index.js:17832:16)
    at RequestHandlerHelper.onResponseEndHandler (/home/runner/work/_actions/twitter-together/action/08857009da2aacd9bd08204550ec96e15d76b4da/dist/index.js:17981:25)
    at Gunzip.emit (node:events:524:28)
    at endReadableNT (node:internal/streams/readable:1698:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  error: true,
  type: 'response',
  code: 403,
  headers: {
    date: 'Wed, 13 May 2026 20:37:37 GMT',
    'content-type': 'application/json; charset=utf-8',
    'content-length': '328',
    connection: 'keep-alive',
    perf: '7402827104',
    server: 'cloudflare envoy',
    'set-cookie': [
      'guest_id=v1%3A177870465773311002; Max-Age=34214400; Expires=Sun, 13 Jun 2027 20:37:37 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None',
      '__cf_bm=uwWluzas6yc8Q3Wf5iM4OML_DfX8iT57eFUsM3D5a1g-1778704657.7172506-1.0.1.1-lVOe_qjNVN6EsWwBdWNp0Az7BOYs8xQ30TboSpP9QqNxwuRdBKmhzbevjtFXksB4ffQLoutCEwKrsS16vbAhDDY6vj5MbJ2Wbx7tmv34Wh56_dDdQzNLvq8CuoXAlwhH; HttpOnly; Secure; Path=/; Domain=twitter.com; Expires=Wed, 13 May 2026 21:07:37 GMT'
    ],
    'api-version': '2.163',
    'cache-control': 'no-cache, no-store, max-age=0',
    'x-access-level': 'read-write',
    'x-frame-options': 'SAMEORIGIN',
    'content-encoding': 'gzip',
    'x-transaction-id': '2df4e4823ba7d282',
    'x-xss-protection': '0',
    'x-rate-limit-limit': '1200000',
    'x-rate-limit-reset': '1778705557',
    'content-disposition': 'attachment; filename=json.json',
    'x-content-type-options': 'nosniff',
    'x-rate-limit-remaining': '1199999',
    'x-response-time': '14',
    'origin-cf-ray': '9fb4764ebaba8f74-SJC',
    'strict-transport-security': 'max-age=631138519; includeSubdomains',
    'x-served-by': 't4_p',
    'cf-cache-status': 'DYNAMIC',
    vary: 'accept-encoding',
    'cf-ray': '9fb4764ebaba8f74-SJC'
  },
  rateLimit: { limit: 1200000, remaining: 1199999, reset: 1778705557 },
  data: {
    client_id: '29480523',
    detail: 'When authenticating requests to the Twitter API v2 endpoints, you must use keys and tokens from a Twitter developer App that is attached to a Project. You can create a project via the developer portal.',
    registration_url: 'https://developer.twitter.com/en/docs/projects/overview',
    title: 'Client Forbidden',
    required_enrollment: 'Appropriate Level of API Access',
    reason: 'client-not-enrolled',
    type: 'https://api.twitter.com/2/problems/client-forbidden'
  }
}

This is with an app that's under a project, so the error message is wrong. I regenerated all the credentials, no luck.

Anybody with a possible solution?

[Piedone]

OK, this is because now you have to pay for such API calls. This is how to fix it:

1. Go to https://console.x.com/.
2. Create a new app or if your existing one shows up there, move it to the Pay Per Use tier. Not sure if it matters whether you select Development, Staging, or Production here, Development and Production both work.
3. Under the app's OAuth 1.0 Keys, generate the API Key and Secret and Access Token and Secret. These can be used the same as the similarly named credentials mentioned under https://github.com/twitter-together/action/blob/main/docs/01-create-twitter-app.md.
4. Add your billing details under Billing -> Billing information.
5. Charge credits to your account under Billing -> Credits. You can use Link instead of a direct card payment if you don't trust X with your card details. If you set up auto recharge, the lowest you can go is "recharge with $10 when the balance reaches $1".
6. Posting will now work.

One X post costs 20 cents.