Skip to contentSkip to navigationSkip to topbar
Page toolsOn this page
Looking for more inspiration?Visit the

Organization OAuth apps


Twilio's organization-level APIs only support OAuth 2.0. API keys and Auth Tokens are not supported.

Organization-level APIs can be accessed using both the Client Credentials and Authorization Code grant types of OAuth 2.0. The steps below explain how to manage both types of OAuth apps.


Client Credentials

client-credentials page anchor

Create an OAuth app

create-an-oauth-app page anchor
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. Click Create OAuth application.
  3. For Grant type, select Client credentials.
  4. Enter the Application name and Application description.
  5. On the Scopes & permissions step, select the scopes and permission you want to include in the OAuth application. Get the Permission to API mapping details here.
  6. On the Copy secret page, copy the credentials and store them somewhere secure.
  7. Select the Got it! checkbox and click Finish.

To generate the access token, use the Token API.

View or update an OAuth app

view-or-update-an-oauth-app page anchor
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. On the OAuth applications page, click on the App name of the Client Credentials app you want to view or update.
  3. On the APPLICATION DETAILS tab, view Application name, Description of the application, Date created and Created by. To update the application details, click Edit application details and update the details, then click Save.
  4. On the ACCESS SETTINGS, view OAuth Scopes. You can update the OAuth scopes.
  5. On the Credentials tab, view the Client ID with the ability to rotate Client Secret.
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. In the Action column of the OAuth app you want to delete, click Delete.
  3. In the dialog, click Delete.

Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. Click Create OAuth application.
  3. Select grant type as Authorization code.
  4. On the Application details page, enter the application details:
    • Application name
    • Application description
    • Company name
    • Images for the application
    • Homepage URL
    • Terms of service URL
    • Redirect URL
  5. On the Scopes & permissions page, select the scopes and permission you want to include in the OAuth application. Get the Permission to API mapping details here.
  6. On the Copy secret page, copy the credentials and store them somewhere secure. For the Authorization Code grant type, Twilio generates a Client ID, Client Secret, and Authorization URL.
  7. Select the Got it! checkbox and click Finish.

Authorize an Authorization code application

authorize-an-authorization-code-application page anchor

After you create the OAuth application, authorize it to obtain an authorization code.

  1. Construct the authorization URL with the following query parameters:
    https://oauth.twilio.com/v2/authorize?client_id=CLIENT_ID&response_type=code&scope=offline_access&redirect_uri=REDIRECT_URL&state=STATE
    • Replace CLIENT_ID with the Client ID from your OAuth application.
    • Replace REDIRECT_URL with the Redirect URL configured in your OAuth application.
    • Replace STATE with a unique value to prevent CSRF attacks.
  2. Open the authorization URL in a browser.
  3. Sign in with your Twilio credentials.
    (information)

    Info

    The authorization page doesn't support SSO login. Use an organization admin user whose SSO is deactivated.

  4. Review the requested scopes and permissions, then click Approve access.

After approval, you're redirected to your Redirect URL with the authorization code:

REDIRECT_URL?code=AUTHORIZATION_CODE&state=STATE

The authorization code expires after five minutes. Use it immediately to generate access tokens using the Token API.

Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. On the OAuth apps page, click on the App name of the Authorization Code app you want to view or update.
  3. On the APPLICATION DETAILS tab, view Application name, Description of the application, Date created, Created by, Company name, Homepage URL, Terms of service URL and Redirect URL. To update the application details, click Edit application details and update the details, then click Save.
  4. On the ACCESS SETTINGS, view OAuth Scopes. You can update the OAuth scopes.
  5. On the Credentials tab, view the Client ID and Authorization URL with the ability to rotate Client Secret.

When the Authorization Code OAuth app is authorized and the authorization code is generated, the OAuth app appears under Authorized apps.

Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. Click AUTHORIZED APPLICATIONS to view all the Authorized apps along with the name of the user who authorized, in the Authorized by column.

Revoke access of an Authorized app

revoke-access-of-an-authorized-app page anchor
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. Click on AUTHORIZED APPLICATIONS to view all the Authorized apps.
  3. Click the Revoke button next to the Authorized app to revoke access.
Twilio ConsoleLegacy Console
  1. Log in to Twilio Console(link takes you to an external page) and navigate to Settings > Organization settings > Organization API access(link takes you to an external page).
  2. In the Action column of the OAuth app you want to delete, click Delete.
  3. In the pop-up, click Delete.
(information)

Info

When you delete an Authorization Code OAuth app, its access is revoked immediately and any active access tokens become invalid.


Scopes/Permissions available for Organization OAuth apps

scopespermissions-available-for-organization-oauth-apps page anchor

Here are the list of Scopes & Permissions and Organization API endpoints associated with them:

Scopes / PermissionsMethodAPI EndpointsAPI doc
managed-users/readGEThttps://iam.twilio.com/scim/v2/Users/sid<US>API Doc
managed-users/listGEThttps://iam.twilio.com/scim/v2/UsersAPI Doc
managed-users/createPOSThttps://iam.twilio.com/scim/v2/UsersAPI Doc
managed-users/updatePUThttps://iam.twilio.com/scim/v2/Users/sid<US>API Doc
managed-users/deleteDELETEhttps://iam.twilio.com/scim/v2/Users/sid<US>API Doc
role-assignments/listGEThttps://iam.twilio.com/v2/Organizations/RoleAssignmentsAPI Doc
role-assignments/createPOSThttps://iam.twilio.com/v2/Organizations/RoleAssignmentsAPI Doc
role-assignments/deleteDELETEhttps://iam.twilio.com/v2/Organizations/RoleAssignments/sid<IY>API Doc
roles/listGEThttps://iam.twilio.com/v2/Organizations/RolesAPI Doc