Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Public Key Client Validation - Getting Started

Available through the Twilio Enterprise Plan, Public Key Client Validation helps organizations in compliance-heavy industries meet strict security requirements, such as not relying on shared secrets, validating the sender, or verifying message content.

Stay in Control of Your Secrets

For organizations under strict compliance requirements, relying on shared secrets may not meet security protocol. With Public Key Client Validation enabled, you’ll be the only one who knows the Secret, which means the Auth Token - a shared secret - will be rendered invalid for REST requests.

By using Public Key Client Validation you’ll be able to easily rotate your keys and stay in full control of your credentials.

Client and Message Validation

When you send a request with Public Key Client Validation, Twilio validates:

  • That the request comes from a sender who is in control of the private key
  • That the message has not been modified in transit

Learn more

The Getting Started Guide provides additional details on how the feature works.

Note: This feature is currently not supported by Flex and Studio. If you use any of those products in your Project, PKCV can not be enforced.

Enabling the feature:

If this sounds like a good fit for your organization, learn more about the Twilio Enterprise Plan or get in touch with Sales.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.