Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

REST API: Auth Token



If you are using Functions(Classic) or Services and have included your auth token directly instead of using a variable, you must redeploy your classic functions and services when you rotate or update your auth token. Otherwise, those functions and services will fail with a "403 Forbidden" error.

Twilio uses the Account SID and Auth Token to authenticate API requests. The Auth Token can be rotated in the Console(link takes you to an external page) or with this API. There are two related endpoints, one to create or delete the secondary Auth Token and this one to promote the secondary Auth Token.

Auth Token properties

auth-token-properties page anchor
Resource properties
account_sidtype: SID<AC>Not PII

The SID of the Account(link takes you to an external page) that the secondary Auth Token was created for.

auth_tokentype: stringPII MTL: 0 days

The promoted Auth Token that must be used to authenticate future API requests.

date_createdtype: string<DATE TIME>Not PII

The date and time in UTC when the resource was created specified in ISO 8601(link takes you to an external page) format.

date_updatedtype: string<DATE TIME>Not PII

The date and time in GMT when the resource was last updated specified in ISO 8601(link takes you to an external page) format.

urltype: string<URI>Not PII

The URI for this resource, relative to

Update an AuthTokenPromotion resource

update-an-authtokenpromotion-resource page anchor

This action will delete the current primary Auth Token, and promote the secondary Auth Token to primary.


update-parameters page anchor

This action does not accept any parameters.

Promote the Secondary Auth Token

promote-the-secondary-auth-token page anchor

// Download the helper library from
// Find your Account SID and Auth Token at
// and set the environment variables. See
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken);
.then(auth_token_promotion => console.log(auth_token_promotion.dateCreated));


"auth_token": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
"date_created": "2015-07-31T04:00:00Z",
"date_updated": "2015-07-31T04:00:00Z",
"url": ""

Rate this page: