What is the Auth Token, and how can it be reset?

What is the Auth Token?

Twilio uses two credentials to determine which account an API request is coming from. The “Account SID”, which acts as a username, and the “Auth Token” which acts as a password.

If another user gets access to your Auth Token, and he or she knows your Account SID, they will have the ability to use the Twilio API as if they were you. That means they can make calls or send messages coming from your phone numbers, download your account logs, and change the URL settings of your Twilio phone numbers. Keep your Auth Token private, and if you share your code publicly make sure to remove your Auth Token.

Where is my Auth Token?

You can find the Auth Token in the account dashboard, hidden behind a bunch of dots. Click on these dots to reveal your AuthToken. Click on the lock icon to hide it again.Where is my Auth Token?

How do I reset my Auth Token?

If you think that your Auth Token may have been compromised, please follow the instructions below to reset it. But beware! All the applications which use the Twilio API will stop working until you update them with the new Auth Token value. Be sure to choose a time that is convenient for you to update your code.

1. Login to your Twilio account and go to your account settings page

2. Click the link for “Reset” next to your AuthToken

3. Enter your password, read all of the warning messages and click the check boxes.

4. You will be taken back to your Account Settings page. If you click on the image of the lock you will be able to view your new AuthToken