Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

REST API: API Keys

You access the Twilio API using API keys that represent the required credentials. These keys:

  • Authenticate to the REST API
  • Create and revoke Access Tokens

See this document for more information about your request to Twilio's REST API, or read our article on Access Tokens to learn more.

API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API.

For example, you might issue separate API Keys to different developers or to different subsystems within your application.

Since API Keys can be independently revoked, you have complete control of the lifecycle of your API credentials.

If your use case requires API Keys to access the /Accounts or /Keys endpoint, a Master Key needs to be used. This can be created in the Console.

Names in PHP format
sid
sid<SK> Not PII

A 34 character string that uniquely identifies this API Key. You will use this as the basic-auth user when authenticating to the API.

friendlyName

A descriptive string for this resource, chosen by your application, up to 64 characters long.

dateCreated
date_time<rfc2822> Not PII

The date-time this API Key was created, given as a RFC 2822 Timestamp.

dateUpdated
date_time<rfc2822> Not PII

The date-time this API Key was most recently updated, given as a RFC 2822 Timestamp.

Create a new API Key

If a new API Key was created successfully, Twilio will respond with a representation of the new API Key.

This representation will be the same as that returned when fetching an API Key's instance resource, but will also include the Secret field.

POST

https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json

You may only delete Keys by authenticating with the account's AccountSid and AuthToken or API Keys that have the master key flag set in the console.

Parameters

Parameter Description
FriendlyName A descriptive string that you create to describe the new key. It can be up to 64 characters long.

If successful, Twilio will respond with a representation of the new API Key. This representation will be exactly the same as that returned by issuing a GET to the API Key's instance resource, except that the Secret field will be included.

        
        
        
        
        Create a default API Key

        Create a new API Key

        Create a default API Key
              
              
              
              
              Create an API Key with the FriendlyName, in this case "User Joey".

              Create a new named API Key

              Create an API Key with the FriendlyName, in this case "User Joey".

              For security reasons, the API Key's Secret is only returned here, when the API Key is first created. Your application should store the API Key's Sid and Secret in a secure location to authenticate to the API and generate Access Tokens in the future.

              Fetch a Key resource

              GET

              https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
              

              Returns a representation of the API Key.

              For security reasons the Secret field is ONLY returned when the API Key is first created – never when fetching the resource.

                    
                    
                    
                    
                    Note that the API Key's Secret field is redacted in the output of this example. As noted above, Secret fields are only returned when the API Key is first created.

                    Fetch an API Key

                    Note that the API Key's Secret field is redacted in the output of this example. As noted above, Secret fields are only returned when the API Key is first created.
                          
                          
                          
                          
                          An example fetching of an API Key.

                          Fetch an API Key

                          An example fetching of an API Key.

                          Read a Key resource

                          GET

                          https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json
                          

                          Returns a list of API Keys in this account, sorted by DateUpdated.

                          The list includes all API Keys. It also includes paging information.

                                
                                
                                
                                
                                Retrieve all the API Keys in an account

                                Read Keys

                                Retrieve all the API Keys in an account

                                Update a Key resource

                                POST

                                https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
                                

                                Attempts to update the fields of an API Key instance.

                                If successful, it returns the updated resource representation. The response will be identical to that of the HTTP GET (fetch).

                                Names in PHP format
                                friendlyName
                                Optional
                                post string PII MTL: 30 DAYS

                                A descriptive string for this resource, chosen by your application, up to 64 characters long.

                                      
                                      
                                      
                                      

                                      Delete a Key resource

                                      DELETE

                                      https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
                                      

                                      Deletes an API Key. This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret.

                                      If the delete is successful, Twilio will return an HTTP 204 response with no body.

                                      You may only delete Keys by authenticating with the account's AccountSid and AuthToken or API Keys that have the master key flag set in the console.

                                            
                                            
                                            
                                            
                                            Rate this page:

                                            Need some help?

                                            We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.