Available through the Twilio Enterprise Plan, Public Key Client Validation helps organizations in compliance-heavy industries meet strict security requirements, such as not relying on shared secrets, validating the sender, or verifying message content.
For organizations under strict compliance requirements, relying on shared secrets may not meet security protocol. With Public Key Client Validation enabled, you’ll be the only one who knows the Secret, which means the Auth Token - a shared secret - will be rendered invalid for REST requests.
By using Public Key Client Validation you’ll be able to easily rotate your keys and stay in full control of your credentials.
When you send a request with Public Key Client Validation, Twilio validates:
- That the request comes from a sender who is in control of the private key
- That the message has not been modified in transit
The Getting Started Guide provides additional details on how the feature works.
Note: This feature is currently not supported by Flex and Studio. If you use any of those products in your Project, PKCV can not be enforced.