# Account-level OAuth apps

Account-level OAuth apps use the [OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749) standard to authorize access to Twilio APIs. This page explains how to create, view, update, rotate secrets for, and delete account OAuth apps.

> \[!NOTE]
>
> Account-level OAuth apps only support the Client Credentials grant type. They do not support the Authorization Code grant type.

## Create an OAuth app

## Twilio Console

1. Log in to [Twilio Console](https://1console.twilio.com/) and go to **Settings** > **Account settings** > [**OAuth applications**](https://1console.twilio.com/go?to=/account/__account__/settings/oauth).
2. Click **Create an OAuth app**.
3. On the **Application details** step, enter a name for your application. Click Next.
4. On the **Scopes & permissions** step:
   * Enter the **Token expiration time** which can be between 1 min and 30 days. It is defaulted to 1 hr.
   * Select the scopes and permissions you want to include in the OAuth application. See [Permission to API mapping](/docs/iam/oauth-apps/account-oauth-apps#scopespermissions-available-for-oauth-apps).
5. On the **Copy secret** page, copy the credentials and store them somewhere secure.
6. Select the **Got it!** checkbox and click **Finish**.

## Legacy Console

1. Click **Admin > Account management** in the top right corner.
2. Under **Keys & credentials**, click **OAuth apps** (or go directly to the [Console](https://console.twilio.com/us1/account/keys-credentials/server-oauth)).
3. On the **OAuth apps** page, click **Create an OAuth app**.
4. On the **App details** step, enter **App name** and **Description of the app**.
5. On the **Access settings** step:
   * Enter the **Token expiration time** which can be between 1 min and 30 days. It is defaulted to 1 hr.
   * Select **OAuth scopes**, the permissions that the OAuth app needs access to. Get the Permission to API mapping details [here](/docs/iam/oauth-apps/account-oauth-apps#scopespermissions-available-for-oauth-apps).
6. Click **Create app**.
7. On the **Credentials** page, copy the **Client ID** and **Client Secret** and store them somewhere secure.
8. Select the **Got it!** checkbox and click **Finish**.

To generate the access token, use the [Token API](/docs/iam/oauth-apps/oauth-access-token).

## View or update an OAuth app

## Twilio Console

1. Log in to [Twilio Console](https://1console.twilio.com/) and go to **Settings** > **Account settings** > [**OAuth applications**](https://1console.twilio.com/go?to=/account/__account__/settings/oauth).
2. Click the OAuth app name you want to view or update.
3. On the **Application details** tab, you can see basic information about the application. To update the application's name or description, click **Edit application details** and update the details, then click **Save**.
4. On the **Access settings** tab, you can see the **Token expiration time** and **OAuth scopes**. You can update **Token expiration time** and **OAuth scopes**.
5. On the **Credentials** tab, you can see the client ID and you can rotate the client secret.

## Legacy Console

1. Click **Admin > Account management** in the top right corner.
2. Under **Keys & credentials**, click **OAuth apps** (or go directly to the [Console](https://console.twilio.com/us1/account/keys-credentials/server-oauth)).
3. On the **OAuth apps** page, click on the **App name**.
4. On the **Apps detail** tab, view **App name, Description of the app, Date created** and **Created by**. You can update **App name** and **Description of the app**
5. On the **Access settings** tab, view **Token expiration time** and **OAuth Scopes**. You can update **Token expiration time** and **OAuth scopes**.
6. Click **Save** to update the app or **Cancel** to go back to the OAuth apps list page.
7. On the **Credentials** tab, view the Client ID with the ability to rotate Client Secret.

## Rotate the secret of an OAuth app

## Twilio Console

1. Log in to [Twilio Console](https://1console.twilio.com/) and go to **Settings** > **Account settings** > [**OAuth applications**](https://1console.twilio.com/go?to=/account/__account__/settings/oauth).
2. Click on the OAuth app name you want to rotate secret for.
3. On the **Credentials** tab, click **Rotate secret**.
4. On the confirmation dialog, enter the **Grace period** (the time the old secret remains valid, between 0 and 30 days) and click **Yes, rotate secret**. If set to 0, the old secret becomes invalid immediately.
5. Copy the new credentials and store them somewhere secure.
6. Select the **Got it!** checkbox and click **Done**.

## Legacy Console

1. Click **Admin > Account management** in the top right corner.
2. Under **Keys & credentials**, click **OAuth apps** (or go directly to the [Console](https://console.twilio.com/us1/account/keys-credentials/server-oauth)).
3. On the **OAuth apps** page, click on the **App name**.
4. On the **Credentials** tab, click **Rotate secret**.
5. On the confirmation pop-up, enter the **Grace period** and then click **Yes, rotate secret**. Grace period is the time until which the old secret remains valid. Grace period can be between 0 and 30 days. If it is set to 0, the old secret will become invalid immediately.
6. **Copy the new Client Secret** and store it somewhere secure.
7. Select the **Got it!** checkbox and click **Done**.

> \[!NOTE]
>
> To see the grace period for an existing OAuth app, view the **oauth-apps.secret-rotated** audit event.

## Delete an OAuth app

## Twilio Console

1. Log in to [Twilio Console](https://1console.twilio.com/) and go to **Settings** > **Account settings** > [**OAuth applications**](https://1console.twilio.com/go?to=/account/__account__/settings/oauth).
2. In the **Action** column of the OAuth app you want to delete, click **Delete**.
3. In the dialog, click **Delete**.

## Legacy Console

1. Click **Admin > Account management** in the top right corner.
2. Under **Keys & credentials**, click **OAuth apps** (or go directly to the [Console](https://console.twilio.com/us1/account/keys-credentials/server-oauth)).
3. On the **OAuth apps** page, click **Delete** in the **Actions** column.
4. In the pop-up, click **Yes, delete application** to confirm deletion.

## OAuth app Audit Events

To see audit events in the Twilio Console, go to **Settings** > **Account settings** > [**Audit events**](https://1console.twilio.com/go?to=/account/__account__/us1/insights/audit-insights). Using Legacy Console, go to **Monitor** > **Insights** > [**Audit**](https://console.twilio.com/us1/monitor/insights/audit). There are four audit events related to OAuth apps:

1. **oauth-apps.created:** This event is triggered when an oauth-app is created.
2. **oauth-apps.updated:** This event is triggered every time an oauth-app is updated.
3. **oauth-apps.deleted:** This event is triggered every time an oauth-app is deleted.
4. **oauth-apps.secret-rotated:** This event is triggered every time the client secret of an OAuth app is rotated.

## Scopes/Permissions available for OAuth apps

> \[!WARNING]
>
> An OAuth app has a limit of 100 scopes/permissions that can be associated with it.

Each permission maps to one or more endpoints and actions for each API resource. To download a PDF of the permission and endpoint actions, click one of the following links:

* [Messaging Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Messaging_Permissions.pdf)
* [Phone Numbers Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Numbers_Permissions.pdf)
* [Studio Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Studio_Permissons.pdf)
* [TaskRouter Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_TaskRouter.pdf)
* [Voice Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Voice_Permissions.pdf)
* [Lookup Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Lookup_Permissions.pdf)
* [Identity and Access Management (IAM) Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_IAM_Permissons.pdf)
* [Monitor Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Monitor_Permissons.pdf)
* [Verify Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Verify_Permissions.pdf)
* [Video Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Video_Permissions.pdf)
* [Event Streams Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Event_Streams_Permissions.pdf)
* [Usage Records Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Usage_Records_Permissions.pdf)
* [Serverless Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Serverless_Permissions.pdf)
* [Flex Permissions](https://docs-resources.prod.twilio.com/documents/Twilio_Restricted_API_Keys_Permissions_-_Flex_Permissions.pdf)
