We take data privacy seriously at Twilio. Keeping your data confidential means investing in the integrity of our internal systems and giving you a cloud communication platform you can trust. Today we’re happy to announce secondary auth token that give you the ability to access backup credentials in seconds, with zero downtime. If your primary credentials fall into the wrong hands, you can easily get a secondary auth token and ensure your Twilio-powered apps are secure and running even after being exposed to risk.
Consider Auth Tokens (along with your AccountSID) as the keys to your Twilio castle. You need to keep your keys guarded, and keep them secret. AuthTokens allow you to make calls, send messages, download account logs, and do a whole lot more with your sensitive Twilio data. Now, if your keys fall into the wrong hands, you can still keep your castle safe.
Here’s how the secondary AuthTokens process works.
- Create a secondary Token In your Account Portal
- Use both the primary and secondary tokens simultaneously as you transition your apps to the new token sequentially across the servers hosting your app. Once your app is updated on every server.
- Retire your old token
The whole process is seamless, and doesn’t cost you any uptime. You can create a secondary AuthTokens whenever you’re ready. Just visit the Test Credentials section of the Account Portal. For more details, please see our docs page.
The whole process is seamless, and doesn’t cost you any uptime. You can create a secondary Auth Token whenever you’re ready. Just visit the Test Credentials section of the Account Portal. For more details, please see our docs page.
Secondary Auth Tokens are just another example of the ongoing work we do to bring you a cloud communications platform that you can trust to keep your data secure and your apps up and running at all times. Feel free to reach out to us at help@twilio.com if you have any comments or suggestions. We look forward to hearing your feedback.