30921: Campaign rejected: Website requires authentication and cannot be reviewed

Your A2P 10DLC campaign registration was rejected because the website URL you submitted requires a login or other authentication to review. Reviewers must be able to access and verify your business website and consent flow without credentials. If your opt-in mechanism or other required details are not publicly accessible at the website URL you provide, submit a publicly accessible URL that hosts screenshots of the relevant pages.

• The website URL points to a page that requires a username, password, single sign-on, or another authentication step before reviewers can view the content.
• The URL points to an internal tool, staging site, admin portal, or development environment that is not publicly accessible. Twilio requires a verifiable, publicly accessible opt-in method for campaign review.
• The website does not expose the business details, opt-in flow, or required disclosures in a way reviewers can verify.

• Submit a publicly accessible website URL that reviewers can open without signing in.
• If your opt-in flow or required information is behind a login or not yet live, provide a publicly accessible URL with hosted screenshots of the relevant pages in your message_flow or Call to Action details.
• If you use a development website that is not live, provide a publicly accessible video or other publicly accessible proof that shows the opt-in process.
• Make sure the submission clearly shows how end users consent to receive messages and includes any required public links, such as your privacy policy and terms of service when the website is used for opt-in.
• If your primary product experience is gated, create a public page that explains your business and messaging program so reviewers can verify the campaign. If the actual opt-in flow remains gated, add publicly accessible screenshots of that flow.

Before you submit or resubmit, confirm your website meets all of these requirements:

• The home page clearly states your business name and what your company does.
• A dedicated About or Contact page provides a phone number, email address, or physical address.
• The website is publicly reachable without a login, VPN, or IP allowlist.
• If you collect opt-in on the site, the opt-in page is linked from the main navigation or footer and loads without authentication.
• A privacy policy page is linked from the opt-in page or site footer and explicitly states that mobile opt-in data will not be shared with or sold to third parties.
• A terms and conditions page is linked from the opt-in page or site footer.
• The business name on the website matches the Brand name in your A2P 10DLC registration.
• The messaging use case described on the site is consistent with the message_flow and campaign description you submitted.

Edit the rejected campaign rather than deleting and recreating it. A vetting fee is assessed only once per campaign, so resubmitting the same campaign avoids a new fee.

• Console: go to Messaging > Regulatory Compliance > Campaigns, click the failed campaign, then click Edit Campaign to correct the fields and resubmit.
• API: update the campaign resource with corrected field values. See Troubleshooting and rectifying A2P Campaigns for detailed instructions.

• A2P 10DLC - Gather the Required Business Information
• A2P 10DLC registration application quickstart
• A2P 10DLC Campaign Approval Best Practices