REST API: Key Resource v2010
Key resource v2010 limitations
The Key resource v2010 doesn't support creating Restricted API keys. The latest version of the Key resource Key resource v1. The Key resource v1 supports all the features of Key resource v2010 and adds the ability to create Restricted API keys.
Use the Key resource to create and manage Standard API keys.
API keys represent the required credentials that you'll use to authenticate to Twilio's REST API and to create and revoke Access Tokens.
Info
If your API key requires access to the Accounts (/Accounts) or Keys (/Accounts/{SID}/Keys, /v1/Keys) endpoints, then you'll need to use a Main key. You can create Main keys only in the Twilio Console.
The API key types are Main, Standard, and Restricted (Public Beta, Key resource v1 only). The following table describes each type:
| Key type | Access permissions | Create in Console | Create with REST API |
|---|---|---|---|
| Main | Full access to all Twilio API resources. Equivalent to using your Account SID and Auth Token for API requests. | Yes | No |
| Standard | Access to all Twilio API resources, except for Accounts (/Accounts) or Keys (/Accounts/{SID}/Keys, /v1/Keys) resources. | Yes | Yes |
| Restricted | Customized, fine-grained access to specific Twilio API resources. Learn more about Restricted API keys. | Yes | Yes (v1 only) |
The unique string that that we created to identify the Key resource.
^SK[0-9a-fA-F]{32}$Min length: 34Max length: 34The date and time in GMT that the resource was created specified in RFC 2822 format.
POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json
Warning
To create Standard API keys with the API, you must use one of the following credentials: your Account SID and Auth Token, a Main API key, or a Restricted API key with the permission for /twilio/iam/api-keys/create.
application/x-www-form-urlencodedA descriptive string that you create to describe the resource. It can be up to 64 characters long.
The response contains a sid property and a secret property. Store the secret in a secure location, because you won't be able to retrieve it again. Twilio uses the Key resource's sid and the secret as the credentials when making API requests.
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function createNewKey() {11const newKey = await client.newKeys.create({12friendlyName: "Mario's API key",13});1415console.log(newKey.sid);16}1718createNewKey();
Response
Note: This shows the raw API response from Twilio. Responses from SDKs (Java, Python, etc.) may look a little different.1{2"sid": "SKaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",3"friendly_name": "Mario's API key",4"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",5"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000",6"secret": "foobar"7}
GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Returns a representation of the API key.
Warning
For security reasons, Twilio returns the secret field only when the API key is first created and never includes the secret field when you fetch the resource. Your application should store the API key's SID and secret in a secure location to authenticate to the API.
The SID of the Account that created the Key resource to fetch.
^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34The Twilio-provided string that uniquely identifies the Key resource to fetch.
^SK[0-9a-fA-F]{32}$Min length: 34Max length: 341// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function fetchKey() {11const key = await client.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").fetch();1213console.log(key.sid);14}1516fetchKey();
Response
Note: This shows the raw API response from Twilio. Responses from SDKs (Java, Python, etc.) may look a little different.1{2"sid": "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",3"friendly_name": "foo",4"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",5"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"6}
GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json
Returns a list of API keys associated with a given Account, sorted by DateUpdated.
The list includes all API keys and paging information.
How many resources to return in each list page. The default is 50, and the maximum is 1000.
1Maximum: 1000The page token. This is provided by the API.
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function listKey() {11const keys = await client.keys.list({ limit: 20 });1213keys.forEach((k) => console.log(k.sid));14}1516listKey();
Response
Note: This shows the raw API response from Twilio. Responses from SDKs (Java, Python, etc.) may look a little different.1{2"keys": [3{4"sid": "SKaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",5"friendly_name": "foo",6"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",7"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"8}9],10"first_page_uri": "/2010-04-01/Accounts/ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Keys.json?PageSize=50&Page=0",11"end": 0,12"previous_page_uri": null,13"uri": "/2010-04-01/Accounts/ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Keys.json?PageSize=50&Page=0",14"page_size": 50,15"start": 0,16"next_page_uri": null,17"page": 018}
POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Attempts to update the fields of an API Key resource.
If successful, Twilio returns the updated resource representation. The response is identical to that of the fetch a Key resource endpoint.
The SID of the Account that created the Key resources to update.
^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34The Twilio-provided string that uniquely identifies the Key resource to update.
^SK[0-9a-fA-F]{32}$Min length: 34Max length: 34application/x-www-form-urlencodedA descriptive string that you create to describe the resource. It can be up to 64 characters long.
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function updateKey() {11const key = await client12.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")13.update({ friendlyName: "friendly_name" });1415console.log(key.sid);16}1718updateKey();
Response
Note: This shows the raw API response from Twilio. Responses from SDKs (Java, Python, etc.) may look a little different.1{2"sid": "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",3"friendly_name": "friendly_name",4"date_created": "Mon, 13 Jun 2016 22:50:08 +0000",5"date_updated": "Mon, 13 Jun 2016 22:50:08 +0000"6}
DELETE https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Deletes an API key. Deleting an API key revokes the authorization to authenticate to the REST API and invalidates all Access Tokens generated using the API key's secret.
If the deletion is successful, Twilio returns an HTTP 204 response with no body.
Warning
You may only delete keys by authenticating with the account's AccountSid and AuthToken or API keys that have the Main key flag set in the console.
The SID of the Account that created the Key resources to delete.
^AC[0-9a-fA-F]{32}$Min length: 34Max length: 34The Twilio-provided string that uniquely identifies the Key resource to delete.
^SK[0-9a-fA-F]{32}$Min length: 34Max length: 341// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function deleteKey() {11await client.keys("SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX").remove();12}1314deleteKey();