Skip to contentSkip to navigationSkip to topbar
Page toolsOn this page
Looking for more inspiration?Visit the

Account-level OAuth apps


Account-level OAuth apps use the OAuth 2.0(link takes you to an external page) standard to authorize access to Twilio APIs. This page explains how to create, view, update, rotate secrets for, and delete account OAuth apps.

(information)

Note

Account-level OAuth apps only support the Client Credentials grant type. They do not support the Authorization Code grant type.


Create an OAuth app

create-an-oauth-app page anchor
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and go to Settings > Account settings > OAuth applications(link takes you to an external page).
  2. Click Create an OAuth app.
  3. On the Application details step, enter a name for your application. Click Next.
  4. On the Scopes & permissions step:
    • Enter the Token expiration time which can be between 1 min and 30 days. It is defaulted to 1 hr.
    • Select the scopes and permissions you want to include in the OAuth application. See Permission to API mapping.
  5. On the Copy secret page, copy the credentials and store them somewhere secure.
  6. Select the Got it! checkbox and click Finish.

To generate the access token, use the Token API.


View or update an OAuth app

view-or-update-an-oauth-app page anchor
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and go to Settings > Account settings > OAuth applications(link takes you to an external page).
  2. Click the OAuth app name you want to view or update.
  3. On the Application details tab, you can see basic information about the application. To update the application's name or description, click Edit application details and update the details, then click Save.
  4. On the Access settings tab, you can see the Token expiration time and OAuth scopes. You can update Token expiration time and OAuth scopes.
  5. On the Credentials tab, you can see the client ID and you can rotate the client secret.

Rotate the secret of an OAuth app

rotate-the-secret-of-an-oauth-app page anchor
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and go to Settings > Account settings > OAuth applications(link takes you to an external page).
  2. Click on the OAuth app name you want to rotate secret for.
  3. On the Credentials tab, click Rotate secret.
  4. On the confirmation dialog, enter the Grace period (the time the old secret remains valid, between 0 and 30 days) and click Yes, rotate secret. If set to 0, the old secret becomes invalid immediately.
  5. Copy the new credentials and store them somewhere secure.
  6. Select the Got it! checkbox and click Done.
(information)

Note

To see the grace period for an existing OAuth app, view the oauth-apps.secret-rotated audit event.


Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and go to Settings > Account settings > OAuth applications(link takes you to an external page).
  2. In the Action column of the OAuth app you want to delete, click Delete.
  3. In the dialog, click Delete.

To see audit events in the Twilio Console, go to Settings > Account settings > Audit events(link takes you to an external page). Using Legacy Console, go to Monitor > Insights > Audit(link takes you to an external page). There are four audit events related to OAuth apps:

  1. oauth-apps.created: This event is triggered when an oauth-app is created.
  2. oauth-apps.updated: This event is triggered every time an oauth-app is updated.
  3. oauth-apps.deleted: This event is triggered every time an oauth-app is deleted.
  4. oauth-apps.secret-rotated: This event is triggered every time the client secret of an OAuth app is rotated.

Scopes/Permissions available for OAuth apps

scopespermissions-available-for-oauth-apps page anchor
(warning)

Warning

An OAuth app has a limit of 100 scopes/permissions that can be associated with it.

Each permission maps to one or more endpoints and actions for each API resource. To download a PDF of the permission and endpoint actions, click one of the following links: