Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

REST API: Key Resource


You access the Twilio API using API keys that represent the required credentials. These keys:

  • Authenticate to the REST API
  • Create and revoke Access Tokens
(information)

Info

See this document for more information about your request to Twilio's REST API, or read our article on Access Tokens to learn more.

API Keys can be provisioned and revoked through the REST API or the Twilio Console(link takes you to an external page). This provides a powerful and flexible primitive for managing access to the Twilio API. There are two types of API Keys: Standard and Main.

Standard API Keys give you access to all the functionality in Twilio's API, except for managing API Keys, Account Configuration, and Subaccounts.

Main API Keys have the same access as Standard Keys, and can also manage API Keys, Account Configuration, and Subaccounts. Main API Keys give you the same level of access as if you were using account API Credentials.

Since API Keys can be independently revoked, you have complete control of the lifecycle of your API credentials.

For example, you might issue separate API Keys to different developers or different subsystems within your application. If a key is compromised or no longer used, you can easily delete it to prevent unauthorized access!

(warning)

Warning

If your use case requires API Keys to access the /Accounts or /Keys endpoint, a Main Key needs to be used. This can be created in the Console(link takes you to an external page).


Key Properties

key-properties page anchor
Property nameTypePIIDescription
sidSID<SK>
Not PII

The unique string that that we created to identify the Key resource.

Pattern: ^SK[0-9a-fA-F]{32}$Min length: 34Max length: 34

friendly_namestring
PII MTL: 30 days

The string that you assigned to describe the resource.


date_createdstring<date-time-rfc-2822>

The date and time in GMT that the resource was created specified in RFC 2822(link takes you to an external page) format.


date_updatedstring<date-time-rfc-2822>

The date and time in GMT that the resource was last updated specified in RFC 2822(link takes you to an external page) format.


GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json

Returns a representation of the API Key, including the properties below.

(warning)

Warning

For security reasons, the Secret field is ONLY returned when the API Key is first created - never when fetching the resource. Your application should store the API Key's Sid and Secret in a secure location to authenticate to the API and generate Access Tokens in the future.

Path parameters

path-parameters page anchor
Property nameTypeRequiredPIIDescription
AccountSidSID<AC>required

The SID of the Account that created the Key resource to fetch.

Pattern: ^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34

SidSID<SK>required

The Twilio-provided string that uniquely identifies the Key resource to fetch.

Pattern: ^SK[0-9a-fA-F]{32}$Min length: 34Max length: 34

Fetch an API Key

fetch-an-api-key page anchor
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_12
// Download the helper library from https://www.twilio.com/docs/node/install
_12
import twilio from "twilio";
_12
_12
// Find your Account SID and Auth Token at twilio.com/console
_12
// and set the environment variables. See http://twil.io/secure
_12
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_12
const authToken = process.env.TWILIO_AUTH_TOKEN;
_12
const client = twilio(accountSid, authToken);
_12
_12
const key = await client.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").fetch();
_12
_12
console.log(key.sid);

Output

_10
{
_10
"sid": "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_10
"friendly_name": "foo",
_10
"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",
_10
"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"
_10
}

Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_12
// Download the helper library from https://www.twilio.com/docs/node/install
_12
import twilio from "twilio";
_12
_12
// Find your Account SID and Auth Token at twilio.com/console
_12
// and set the environment variables. See http://twil.io/secure
_12
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_12
const authToken = process.env.TWILIO_AUTH_TOKEN;
_12
const client = twilio(accountSid, authToken);
_12
_12
const key = await client.keys("SK2a0747eba6abf96b7e3c3ff0b4530f6e").fetch();
_12
_12
console.log(key.sid);

Output

_10
{
_10
"sid": "SK2a0747eba6abf96b7e3c3ff0b4530f6e",
_10
"friendly_name": "foo",
_10
"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",
_10
"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"
_10
}


GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json

Returns a list of API Keys in this account, sorted by DateUpdated.

The list includes all API Keys. It also includes paging information.

Property nameTypeRequiredPIIDescription
AccountSidSID<AC>required

The SID of the Account that created the Key resources to read.

Pattern: ^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34
Property nameTypeRequiredPIIDescription
PageSizeintegerOptional

How many resources to return in each list page. The default is 50, and the maximum is 1000.

Minimum: 1Maximum: 1000

PageintegerOptional

The page index. This value is simply for client state.

Minimum: 0

PageTokenstringOptional

The page token. This is provided by the API.

Retrieve all the API Keys in an account

Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_12
// Download the helper library from https://www.twilio.com/docs/node/install
_12
import twilio from "twilio";
_12
_12
// Find your Account SID and Auth Token at twilio.com/console
_12
// and set the environment variables. See http://twil.io/secure
_12
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_12
const authToken = process.env.TWILIO_AUTH_TOKEN;
_12
const client = twilio(accountSid, authToken);
_12
_12
const keys = await client.keys.list({ limit: 20 });
_12
_12
keys.forEach((k) => console.log(k.sid));

Output

_18
{
_18
"keys": [
_18
{
_18
"sid": "SKaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
_18
"friendly_name": "foo",
_18
"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",
_18
"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"
_18
}
_18
],
_18
"first_page_uri": "/2010-04-01/Accounts/ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Keys.json?PageSize=50&Page=0",
_18
"end": 0,
_18
"previous_page_uri": null,
_18
"uri": "/2010-04-01/Accounts/ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Keys.json?PageSize=50&Page=0",
_18
"page_size": 50,
_18
"start": 0,
_18
"next_page_uri": null,
_18
"page": 0
_18
}


POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json

Attempts to update the fields of an API Key instance.

If successful, it returns the updated resource representation. The response will be identical to that of the HTTP GET (fetch).

Property nameTypeRequiredPIIDescription
AccountSidSID<AC>required

The SID of the Account that created the Key resources to update.

Pattern: ^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34

SidSID<SK>required

The Twilio-provided string that uniquely identifies the Key resource to update.

Pattern: ^SK[0-9a-fA-F]{32}$Min length: 34Max length: 34
Property nameTypeRequiredPIIDescription
FriendlyNamestringOptional

A descriptive string that you create to describe the resource. It can be up to 64 characters long.

Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_14
// Download the helper library from https://www.twilio.com/docs/node/install
_14
import twilio from "twilio";
_14
_14
// Find your Account SID and Auth Token at twilio.com/console
_14
// and set the environment variables. See http://twil.io/secure
_14
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_14
const authToken = process.env.TWILIO_AUTH_TOKEN;
_14
const client = twilio(accountSid, authToken);
_14
_14
const key = await client
_14
.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")
_14
.update({ friendlyName: "friendly_name" });
_14
_14
console.log(key.sid);

Output

_10
{
_10
"sid": "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
_10
"friendly_name": "friendly_name",
_10
"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",
_10
"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"
_10
}


DELETE https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json

Deletes an API Key. This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret.

If the delete is successful, Twilio will return an HTTP 204 response with no body.

(warning)

Warning

You may only delete Keys by authenticating with the account's AccountSid and AuthToken or API Keys that have the main key flag set in the console.

Property nameTypeRequiredPIIDescription
AccountSidSID<AC>required

The SID of the Account that created the Key resources to delete.

Pattern: ^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34

SidSID<SK>required

The Twilio-provided string that uniquely identifies the Key resource to delete.

Pattern: ^SK[0-9a-fA-F]{32}$Min length: 34Max length: 34
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl

_10
// Download the helper library from https://www.twilio.com/docs/node/install
_10
import twilio from "twilio";
_10
_10
// Find your Account SID and Auth Token at twilio.com/console
_10
// and set the environment variables. See http://twil.io/secure
_10
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_10
const authToken = process.env.TWILIO_AUTH_TOKEN;
_10
const client = twilio(accountSid, authToken);
_10
_10
await client.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").remove();


Rate this page: