Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Account and Key Management with API Keys

To manage API Keys and Accounts, via the API, after enforcing Public Key Client Validation a Master API Key is required. Once Public Key Client Validation is enforced, requests with Auth Tokens will not be successful anymore and by default, API Keys are not permitted to manage Accounts or Keys.

Creating Master Keys

The required keys can be created in the Console by selecting Master as the Key Type.


Creating a new Subaccount when Public Key Client Validation is enforced

To create a new Subaccounts and make a successful API request, the newly created account needs to be primed with it's own API Key and Public Key. Only Master API Key have the permissions to execute the required steps below.

Setting up a Subaccount via API

  1. Creating a new Subaccount with the key created above.
  2. Seed the new account with a API Key
  3. Seed the new account with a Public Key
  4. Make request with new account credentials

Sample Code

import com.twilio.http.TwilioRestClient;
import com.twilio.http.ValidationClient;

public class NewSubAccount {
    private static final String ACCOUNT_SID = CredStore.getEnv("TWILIO_ACCOUNT_SID");
    private static final String API_KEY = CredStore.getEnv("TWILIO_MASTER_KEY");
    private static final String API_SECRET = CredStore.getEnv("TWILIO_MASTER_SECRET");
    private static final String PUBLIC_KEY_SID = CredStore.getEnv("TWILIO_PUBLIC_KEY_SID");
    private static final PrivateKey PRIVATE_KEY = CredStore.getPrivateKey();
    private static final String PUBLIC_KEY = CredStore.getPublicKey();

    public static void main(String[] args) {

        //Create client with Master Account Credentials
        TwilioRestClient client = new TwilioRestClient.Builder(API_KEY, API_SECRET)
                .httpClient(new ValidationClient(ACCOUNT_SID, PUBLIC_KEY_SID, API_KEY, PRIVATE_KEY))

        //Create new Subaccount 
        Account myAccount = Account.creator().setFriendlyName("PKCV Account").create(client);
        String myAccountSid = myAccount.getSid();

        //Seed API Key
        NewKey myKey = NewKey.creator(myAccountSid).setFriendlyName("PKCV Key").create(client);

        //Seed Public Key
        PublicKey myPubKey = PublicKey.creator(PUBLIC_KEY)
                .setFriendlyName("Seed PK")

        //Create client for new Subaccount
        TwilioRestClient newClient = new TwilioRestClient.Builder(myKey.getSid(), myKey.getSecret())
                .httpClient(new ValidationClient(myAccountSid, myPubKey.getSid(), myKey.getSid(), PRIVATE_KEY))

        //Make API call with new account and list public key sid(s) assigned to account
        Iterable pks = PublicKey.reader().read(newClient);
        for (PublicKey pk : pks) {
            System.out.println("key: " + pk.getSid() + "  - friendlyName: " + pk.getFriendlyName());

        //Clean up

The Console also supports creating API Keys and adding Public Keys for new Subaccounts.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.