Menu

Expand
Rate this page:

API Key Resource

You access the Twilio API using API Keys that represent the required credentials. These keys allow you to:

  • Authenticate with Twilio’s API.
  • Create and revoke Access Tokens.

See this document for more information about your request to Twilio’s REST API, or read our article on Access Tokens to learn more.

API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API. There are two types of API Keys: Standard and Main.

Standard API Keys give you access to all of the functionality in Twilio’s API, except for managing API Keys, Account Configuration, and Subaccounts.

Main API Keys have the same access as Standard Keys, and can also manage API Keys, Account Configuration, and Subaccounts. Main API Keys give you the same level of access as if you were using account API Credentials.

Since API Keys can be independently revoked, you have complete control of the lifecycle of your API credentials.

For example, you might issue separate API Keys to different developers or to different subsystems within your application. If a key is compromised or no longer used, you can easily delete it to prevent unauthorized access!

If your use case requires API Keys to access the /Accounts or /Keys endpoint, a Main Key needs to be used. This can be created in the Console.

Key properties

Resource Properties in REST API format
sid
sid<SK> Not PII

The unique string that that we created to identify the Key resource.

friendly_name

The string that you assigned to describe the resource.

date_created
date_time<rfc2822> Not PII

The date and time in GMT that the resource was created specified in RFC 2822 format.

date_updated
date_time<rfc2822> Not PII

The date and time in GMT that the resource was last updated specified in RFC 2822 format.

Create a new API Key

If a new API Key was created successfully, Twilio will respond with a representation of the new API Key.

This representation will be the same as that returned when fetching an API Key’s instance resource, but will also include the Secret field.

POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json

For security reasons, the Secret field is only returned when the API Key is first created — never when fetching the resource. Your application should store the API Key’s SID and Secret in a secure location to authenticate to the API and generate Access Tokens in the future.

Parameters

Parameters in REST API format
account_sid
Path
post sid<AC> Not PII

The SID of the Account that will be responsible for the new Key resource.

friendly_name
Optional
post string PII MTL: 30 DAYS

A descriptive string that you create to describe the resource. It can be up to 64 characters long.

Loading Code Sample...
        
        
        Create an API Key with the FriendlyName, in this case "User Joey".

        Create a new named API Key

        Create an API Key with the FriendlyName, in this case "User Joey".

        Fetch a Key resource

        GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json

        Returns a representation of the API Key.

        Parameters in REST API format
        account_sid
        Path
        get sid<AC> Not PII

        The SID of the Account that created the Key resource to fetch.

        sid
        Path
        get sid<SK> Not PII

        The Twilio-provided string that uniquely identifies the Key resource to fetch.

        Loading Code Sample...
              
              
              Note that the API Key’s Secret field is redacted in the output of this example. As noted above, Secret fields are only returned when the API Key is first created.

              Fetch an API Key

              Note that the API Key’s Secret field is redacted in the output of this example. As noted above, Secret fields are only returned when the API Key is first created.
              Loading Code Sample...
                    
                    
                    An example fetching of an API Key.

                    Fetch an API Key

                    An example fetching of an API Key.

                    Read a Key resource

                    GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json

                    Returns a list of API Keys in this account, sorted by DateUpdated.

                    The list includes all API Keys. It also includes paging information.

                    Parameters in REST API format
                    account_sid
                    Path
                    get sid<AC> Not PII

                    The SID of the Account that created the Key resources to read.

                    Loading Code Sample...
                          
                          
                          Retrieve all the API Keys in an account

                          Read Keys

                          Retrieve all the API Keys in an account

                          Update a Key resource

                          POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json

                          Attempts to update the fields of an API Key instance.

                          If successful, it returns the updated resource representation. The response will be identical to that of the HTTP GET (fetch).

                          We recommend following the standard URI specification and avoid the following reserved characters ! * ' ( ) ; : @ & = + $ , / ? % # [ ] for values such as identity and friendly name.

                          Parameters in REST API format
                          account_sid
                          Path
                          post sid<AC> Not PII

                          The SID of the Account that created the Key resources to update.

                          sid
                          Path
                          post sid<SK> Not PII

                          The Twilio-provided string that uniquely identifies the Key resource to update.

                          friendly_name
                          Optional
                          post string PII MTL: 30 DAYS

                          A descriptive string that you create to describe the resource. It can be up to 64 characters long.

                          Loading Code Sample...
                                
                                

                                Update a Key resource

                                Delete a Key resource

                                DELETE https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json

                                Deletes an API Key. This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret.

                                If the delete is successful, Twilio will return an HTTP 204 response with no body.

                                You may only delete Standard or Main API Keys by authenticating the request with AccountSid and AuthToken, or with AccountSID, Main API Key, and the API key’s Secret.

                                Parameters in REST API format
                                account_sid
                                Path
                                delete sid<AC> Not PII

                                The SID of the Account that created the Key resources to delete.

                                sid
                                Path
                                delete sid<SK> Not PII

                                The Twilio-provided string that uniquely identifies the Key resource to delete.

                                Loading Code Sample...
                                      
                                      

                                      Delete a Key resource

                                      Login with an API Key

                                      Using a helper library for the language of your choice, you can use your API Keys to authenticate and use the Twilio REST API.

                                      The API Key type has to be created as key type Main for the command to access your accounts. Keys of type Standard can only be used on commands where you also provide the Account SID as part of the API. For example:

                                      curl -X GET https://api.twilio.com/2010-04-01/Accounts/\
                                        '<YOUR_ACCOUNT_SID>'/Applications.json \
                                        -u '<YOUR_API_KEY>:<YOUR_API_KEY_SECRET>'

                                      If you’ve set these credentials as exported shell environment variables using the standard names, this becomes:

                                      curl -X GET https://api.twilio.com/2010-04-01/Accounts/\
                                        ${TWILIO_ACCOUNT_SID}/Applications.json \
                                        -u ${TWILIO_API_KEY}:${TWILIO_API_KEY_SECRET}
                                      Loading Code Sample...
                                            
                                            

                                            Authenticate with API Key and API Secret

                                            Rate this page:

                                            Need some help?

                                            We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

                                            Loading Code Sample...
                                                  
                                                  
                                                  

                                                  Thank you for your feedback!

                                                  Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

                                                  Sending your feedback...
                                                  🎉 Thank you for your feedback!
                                                  Something went wrong. Please try again.

                                                  Thanks for your feedback!

                                                  thanks-feedback-gif