You access the Twilio API using API keys that represent the required credentials. These keys:
The v2010 Key resource provides the ability to create and manage API Keys. However, it does not support the creation of Restricted API Keys. For creating and managing Restricted API Keys, please refer to the Key Resource v1. The Key Resource v1 is a new REST API that supports all the features of the v2010 Key resource, and additionally allows the creation of Restricted API Keys.
See this document for more information about your request to Twilio's REST API, or read our article on Access Tokens to learn more.
API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API. There are two types of API Keys: Standard and Main.
Standard API Keys give you access to all the functionality in Twilio's API, except for managing API Keys, Account Configuration, and Subaccounts.
Main API Keys have the same access as Standard Keys, and can also manage API Keys, Account Configuration, and Subaccounts. Main API Keys give you the same level of access as if you were using account API Credentials.
Since API Keys can be independently revoked, you have complete control of the lifecycle of your API credentials.
For example, you might issue separate API Keys to different developers or different subsystems within your application. If a key is compromised or no longer used, you can delete it to prevent unauthorized access!
If your use case requires API Keys to access the /Accounts
or /Keys
endpoint, a Main Key needs to be used. This can be created in the Console.
The unique string that that we created to identify the Key resource.
^SK[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
The date and time in GMT that the resource was created specified in RFC 2822 format.
GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Returns a representation of the API Key, including the properties below.
For security reasons, the Secret
field is ONLY returned when the API Key is first created - never when fetching the resource. Your application should store the API Key's Sid and Secret in a secure location to authenticate to the API and generate Access Tokens in the future.
The SID of the Account that created the Key resource to fetch.
^AC[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
The Twilio-provided string that uniquely identifies the Key resource to fetch.
^SK[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function fetchKey() {11const key = await client.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").fetch();1213console.log(key.sid);14}1516fetchKey();
1{2"sid": "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",3"friendly_name": "foo",4"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",5"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"6}
GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json
Returns a list of API Keys in this account, sorted by DateUpdated
.
The list includes all API Keys. It also includes paging information.
How many resources to return in each list page. The default is 50, and the maximum is 1000.
1
Maximum: 1000
The page token. This is provided by the API.
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function listKey() {11const keys = await client.keys.list({ limit: 20 });1213keys.forEach((k) => console.log(k.sid));14}1516listKey();
1{2"keys": [3{4"sid": "SKaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",5"friendly_name": "foo",6"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",7"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"8}9],10"first_page_uri": "/2010-04-01/Accounts/ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Keys.json?PageSize=50&Page=0",11"end": 0,12"previous_page_uri": null,13"uri": "/2010-04-01/Accounts/ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Keys.json?PageSize=50&Page=0",14"page_size": 50,15"start": 0,16"next_page_uri": null,17"page": 018}
POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Attempts to update the fields of an API Key instance.
If successful, it returns the updated resource representation. The response will be identical to that of the HTTP GET
(fetch).
The SID of the Account that created the Key resources to update.
^AC[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
The Twilio-provided string that uniquely identifies the Key resource to update.
^SK[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
application/x-www-form-urlencoded
A descriptive string that you create to describe the resource. It can be up to 64 characters long.
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function updateKey() {11const key = await client12.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")13.update({ friendlyName: "friendly_name" });1415console.log(key.sid);16}1718updateKey();
1{2"sid": "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",3"friendly_name": "friendly_name",4"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",5"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"6}
DELETE https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Deletes an API Key. This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret.
If the delete is successful, Twilio will return an HTTP 204 response with no body.
You may only delete Keys by authenticating with the account's AccountSid and AuthToken or API Keys that have the main key flag set in the console.
The SID of the Account that created the Key resources to delete.
^AC[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
The Twilio-provided string that uniquely identifies the Key resource to delete.
^SK[0-9a-fA-F]{32}$
Min length: 34
Max length: 34
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function deleteKey() {11await client.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").remove();12}1314deleteKey();