Skip to contentSkip to navigationSkip to topbar
On this page

Get Started with Public Key Client Validation


Public Key Client Validation helps organizations in compliance-heavy industries meet strict security requirements, such as not relying on shared secrets, validating senders, and verifying message content. It is available with either Twilio Enterprise Edition or Twilio Security Edition(link takes you to an external page).


Take full control of your secrets

take-full-control-of-your-secrets page anchor

For organizations under strict compliance requirements, relying on shared secrets may not meet required security protocols. With Public Key Client Validation enabled you'll be the only one who knows the Secret, which means the Auth Token — a shared secret — will be rendered invalid for REST requests.

By using Public Key Client Validation, you'll also be able to rotate your keys and stay in full control of your credentials.


Client and message validation

client-and-message-validation page anchor

When you send a request with Public Key Client Validation, Twilio validates:

  • That the request comes from a sender who is in control of the private key.
  • That the message has not been modified in transit.

The Public Key Client Validation Quickstart will provide you with additional details on how the feature works.

(warning)

Warning

This feature is currently not supported by Flex or Studio. If you use either of these products, Public Key Client Validation Quickstart can't be enforced.


How to enable Public Key Client Validation

how-to-enable-public-key-client-validation page anchor

If Public Key Client Validation sounds like a good fit for your organization, find out more about Twilio Editions(link takes you to an external page) or get in touch with Sales(link takes you to an external page) to start the enablement process.

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.