OAuth apps FAQs

We currently support this feature only in the US1 region.

OAuth 2.0 for Twilio APIs is completely free and available to all customer accounts, whether trial or upgraded.

Users with the Owner, Administrator or Developer role will be able to access this feature.

By default, the expiration time of access tokens is 1 hour. This is returned as the expires_in parameter in the API response after calling the token endpoint. The value is provided in seconds, currently defaulted to 3600 seconds (1 hour).

Yes. If a new access token is generated, the previous access token will continue to work until it expires.

There will be no impact on the OAuth app and the credentials will still work.

It is recommended that you immediately delete the OAuth app. This will make the credentials and access tokens as invalid.

Yes, users can rotate client secret from within the Twilio Console. On rotation, the old secret will remain valid for 1 day before it becomes inactive. The expiration of previous secret is not currently configurable.

Only two client secrets can remain active at any time. If a user rotates a secret before an existing secret expires, a new secret is generated and the oldest active secret becomes invalid.

Yes this feature is available for subaccounts as well. Account OAuth app will not work for Subaccounts in an account. Similar to API keys, OAuth apps have to created separately for the Subaccounts to access their API resources.

See OAuth apps for more information on mapping of permissions with the APIs. We also support the same feature in Restricted API Keys.