Skip to contentSkip to navigationSkip to topbar
Page tools

OAuth apps FAQs


What are the regions supported?

what-are-the-regions-supported page anchor

We currently support this feature only in the US1 region.

Are there any costs associated with using this feature?

are-there-any-costs-associated-with-using-this-feature page anchor

OAuth 2.0 for Twilio APIs is completely free and available to all customer accounts, whether trial or upgraded.

Which roles allow access to the OAuth apps feature?

which-roles-allow-access-to-the-oauth-apps-feature page anchor

Users with the Owner, Administrator or Developer role will be able to access this feature.

What is the expiration time of the access token?

what-is-the-expiration-time-of-the-access-token page anchor

By default, the expiration time of access tokens is 1 hour. This is returned as the expires_in parameter in the API response after calling the token endpoint. The value is provided in seconds, currently defaulted to 3600 seconds (1 hour).

If I generate a new access token will the old token still work?

if-i-generate-a-new-access-token-will-the-old-token-still-work page anchor

Yes. If a new access token is generated, the previous access token will continue to work until it expires.

What happens when a user who has created an OAuth app is deleted or removed from the account?

what-happens-when-a-user-who-has-created-an-oauth-app-is-deleted-or-removed-from-the-account page anchor

There will be no impact on the OAuth app and the credentials will still work.

What should I do if my credentials are compromised?

what-should-i-do-if-my-credentials-are-compromised page anchor

It is recommended that you immediately delete the OAuth app. This will make the credentials and access tokens as invalid.

Is there a way to rotate credentials?

is-there-a-way-to-rotate-credentials page anchor

Yes, users can rotate client secret from within the Twilio Console. On rotation, the old secret will remain valid for 1 day before it becomes inactive. The expiration of previous secret is not currently configurable.

Only two client secrets can remain active at any time. If a user rotates a secret before an existing secret expires, a new secret is generated and the oldest active secret becomes invalid.

Is this feature also available for subaccounts? Will the account OAuth app work for Subaccount?

is-this-feature-also-available-for-subaccounts-will-the-account-oauth-app-work-for-subaccount page anchor

Yes this feature is available for subaccounts as well. Account OAuth app will not work for Subaccounts in an account. Similar to API keys, OAuth apps have to created separately for the Subaccounts to access their API resources.

How are scopes (permissions) mapped with the APIs?

how-are-scopes-permissions-mapped-with-the-apis page anchor

See OAuth apps for more information on mapping of permissions with the APIs. We also support the same feature in Restricted API Keys.