What is the Auth Token, and how can it be reset?
What is the Auth Token?
Twilio uses two credentials to determine which account an API request is coming from. The “Account SID”, which acts as a username, and the “Auth Token” which acts as a password.
If another user gets access to your Auth Token, and he or she knows your Account SID, they will have the ability to use the Twilio API as if they were you. That means they can make calls or send messages coming from your phone numbers, download your account logs, and change the URL settings of your Twilio phone numbers. Keep your Auth Token private, and if you share your code publicly make sure to remove your Auth Token.
Where is my Auth Token?
You can find the Auth Token in the account dashboard, hidden behind a bunch of dots. Click on these dots to reveal your AuthToken. Click on the lock icon to hide it again.
How can I have my Auth Token reset?
Twilio customer support can reset your Auth Token for you if you think that it may have been compromised. If you would like to have your Auth Token reset, please do the following:
- Login to your Twilio account
- Visit the “Talk to support” page
- Request an Auth Token reset by submitting the form.
- Since all the applications which use the Twilio API will stop working until you update them with the new Auth Token value, please let us know when you would like the Auth Token reset to take place. Be sure to choose a time that is convenient for you to update your code.