Public Key Client Validation helps organizations in compliance-heavy industries meet strict security requirements, such as not relying on shared secrets, validating senders, and verifying message content. It is available with either Twilio Enterprise Edition or Twilio Security Edition.
For organizations under strict compliance requirements, relying on shared secrets may not meet required security protocols. With Public Key Client Validation enabled, you’ll be the only one who knows the Secret, which means the Auth Token — a shared secret — will be rendered invalid for REST requests.
By using Public Key Client Validation, you’ll also be able to easily rotate your keys and stay in full control of your credentials.
When you send a request with Public Key Client Validation, Twilio validates:
- That the request comes from a sender who is in control of the private key.
- That the message has not been modified in transit.
The Public Key Client Validation Quickstart will provide you with additional details on how the feature works.
This feature is currently not supported by Flex or Studio. If you use either of these products, Public Key Client Validation Quickstart can’t be enforced.