Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this page
Looking for more inspiration?Visit the

51007: Client Connection: Token authentication is rejected

ERROR: 51007

error-51007 page anchor
ERROR

Description

description page anchor

This error occurs when your SDK client tries to connect with an Access Token that Twilio cannot authenticate. Access Tokens are short-lived JWTs that you generate on your server for Twilio client-side SDKs. They must be signed correctly and include the required identity and product-specific grants for the SDK you are using.

Possible causes

possible-causes page anchor
  • The Access Token has expired or is not yet valid because the exp or nbf claim is outside the allowed time window. Access Tokens are short-lived and can be configured for up to 24 hours.
  • The token was modified after it was generated, or it was signed with the wrong API Key Secret, which prevents Twilio from validating the JWT signature.
  • The grants claim is missing, malformed, or does not include the product-specific grant required for the SDK connection you are attempting.
  • The token is missing required fields inside the grant. For example, Conversations requires a ChatGrant with a Conversation Service SID, Sync requires a SyncGrant with serviceSid, and Voice requires a VoiceGrant with outgoingApplicationSid.
  • The token does not include the required identity grant used to associate the token with a specific user.
  • If you are connecting to Video, the token was created with an API Key outside the US1 region, or it does not include a VideoGrant.

Possible solutions

possible-solutions page anchor
  • Generate a new Access Token on your server and send a fresh token to the client instead of reusing an expired or cached token. Use a Twilio server-side helper library to build the token and grants.
  • Decode the token before you send it to the client and verify that identity, grants, exp, and nbf are present and correct.
  • Make sure the grant matches the SDK you are initializing. Use ChatGrant for Conversations, SyncGrant for Sync, VoiceGrant for Voice, and VideoGrant for Video.
  • Confirm that required grant fields are set correctly. Provide the Conversation Service SID in ChatGrant, the Sync Service SID in SyncGrant, and a valid TwiML App SID in VoiceGrant.outgoingApplicationSid.
  • If you are connecting to Video, create the token with an API Key in the US1 region and include a VideoGrant.

Additional resources

additional-resources page anchor