Introducing Secondary Auth Tokens: Get A Backup Auth Token With Zero Downtime

December 08, 2014
Written by

Twilio Bug Logo

We take data privacy seriously at Twilio. Keeping your data confidential means investing in the integrity of our internal systems and giving you a cloud communication platform you can trust. Today we’re happy to announce secondary Auth Tokens that give you the ability to access backup credentials in seconds, with zero downtime. If your primary credentials fall into the wrong hands, you can easily get a secondary Auth Token and ensure your Twilio-powered apps are secure and running even after being exposed to risk.

Consider Auth Tokens (along with your Account SID) as the keys to your Twilio castle. You need to keep your keys guarded, and keep them secret. Auth Tokens allow you to make calls, send messages, download account logs, and do a whole lot more with your sensitive Twilio data. Now, if your keys fall into the wrong hands, you can still keep your castle safe.

Here’s how the secondary Auth Tokens process works.

  • Create a secondary token in your Account Portal
  • Use both the primary and secondary tokens simultaneously as you transition your apps to the new token sequentially across the servers hosting your app. Once your app is updated on every server.
  • Retire your old token

request-secondary-token

The whole process is seamless, and doesn’t cost you any uptime. You can create a secondary Auth Token whenever you’re ready. For more details, please see our helpful user guide Auth Tokens and How to Change Them.

Secondary Auth Tokens are a great example of the ongoing work we do to bring you a cloud communications platform that you can trust to keep your data secure and your apps up and running at all times. Another data security feature is you can also set your Auth Token by regions. See our blog Operate Globally with Twilio Regions and Edge Locations for more details on regions.