Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Access Token Lifecycle

Twilio access tokens have a lifetime determined by your server when you generate the token, with a maximum of 24 hours. When an access token in your application expires, you must update the token with your client(s) to continue using Twilio.

Twilio Client SDKs such as Chat and Sync take an access token as part of their initial parameters. They also offer a method to provide updated tokens over the lifetime of the client. For uninterrupted access to Twilio's services, you should provide renewed tokens to your Twilio client SDKs before expiration with the client's updateToken method.


        Twilio offers an optional helper, AccessManager, to manage this renewal process. The usage of this helper is:

        • Implement AccessManager's facility to be notified of tokens that have already expired or are about to.
        • Provide AccessManager with a copy of a token in use by one or more Twilio clients.
        • Instruct AccessManager how to update your client with a callback that will be called with a new token.

        When a token is in its final three minutes, the token will expire method is called. If the token was not updated before its expiry, a token expired method will trigger. You should use this method to get a new access token and set it on the AccessManager, making sure to update the token. AccessManager will then trigger the update you provided and set a timer based on the new token's expire time.

        The implementation of this varies by platform and is described in detail below.

        Integration of AccessManager

        AccessManager is optional and provided in the same manner as the first person client SDKs. How you use it depends on your platform.


        For Android, we distribute Access Manager using gradle and bintray.


        For iOS, you can choose between CocoaPods or manual integration of the .framework file.


        For Javascript, you can integrate directly via npm, our website, or download and host the file yourself.



              Your access token is passed to both AccessManager and your Twilio client(s). You also provide a block of code or method body to call upon token updates.

              You should initialize both Access Manager and the Chat client with the same initial token. You can then either register an update lambda or implement a listener method depending on your platform. If you are using multiple Twilio client SDKs in your project that share a common access token with multiple service grants, you can register multiple update blocks here to renew each client.


                    AccessManager Events

                    AccessManager will trigger an event three minutes before token expiry (on iOS, Android, and coming soon to JS) and at the time of token expiration. It is best to implement only one of these methods. A token error event may surface if there is a problem with the token provided to AccessManager.

                    If a token is used with less than three minutes remaining until expiry, the token expiring mechanism will be called immediately. If the token is already expired, the token-expiring call, as well as the "token expired" call, will trigger in that order.


                          Regardless of the way you choose to update your client's access token, renewing the token prior to expiry is important for ensuring that your chat application is a great user experience.

                          Next: Channels and Messages

                          Need some help?

                          We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.