20152: Invalid Header

This error occurs when the header portion of the JWT presented for Public Key Client Validation does not meet Twilio's required structure or values (for example, missing required fields or using unsupported algorithms).

• The JWT header omits required fields such as cty, alg, or kid, which Twilio marks as required for Public Key Client Validation.
• The cty value is not exactly twilio-pkrv;v=1.
• The alg value is not one of RS256 or PS256, which are the only algorithms Twilio supports for this feature.
• The typ value is set to something other than JWT (other values are rejected), or the header is otherwise malformed.
• The JWT components are not correctly base64url-encoded and concatenated as <base64URLencoded header>.<base64URLencoded claims>.<base64URLencoded signature>.

• Construct the JWT header with the exact fields and values Twilio requires:
  • Set cty to twilio-pkrv;v=1.
  • Use alg as RS256 or PS256 only.
  • Include kid referencing the CredentialSid for the uploaded public key.
  • Use typ as JWT or omit it (defaults to JWT).
• Ensure the JWT is base64url-encoded and formed as <base64URLencoded header>.<base64URLencoded claims>.<base64URLencoded signature>.
• Upload your public key and reference it via the CredentialSid in kid so Twilio can validate the signature.
• Attach the generated JWT to your API request using the Twilio-Client-Validation header.

• Public Key Client Validation Quickstart
• Get Started with Public Key Client Validation
• Credentials API