REST API: API Keys
You access the Twilio API using API keys that represent the required credentials. These keys:
- Authenticate to the REST API
- Create and revoke Access Tokens
See this document for more information about your request to Twilio's REST API, or read our article on Access Tokens to learn more.
API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API.
For example, you might issue separate API Keys to different developers or to different subsystems within your application.
Since API Keys can be independently revoked, you have complete control of the lifecycle of your API credentials.
If your use case requires API Keys to access the /Accounts or /Keys endpoint, a Master Key needs to be used. This can be created in the Console.
Key properties
| Names in PHP format | |
|---|---|
sid
|
A 34 character string that uniquely identifies this API Key. You will use this as the basic-auth |
friendlyName
|
A descriptive string for this resource, chosen by your application, up to 64 characters long. |
dateCreated
|
The date-time this API Key was created, given as a RFC 2822 Timestamp. |
dateUpdated
|
The date-time this API Key was most recently updated, given as a RFC 2822 Timestamp. |
Fetch a Key resource
https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Returns a representation of the API Key, including the properties below.
For security reasons the Secret field is ONLY returned when the API Key is first created – never when fetching the resource.
Example 1
Example 2
Read a Key resource
https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json
Returns a list of API Keys in this account, sorted by DateUpdated.
The list includes all API Keys. It also includes paging information.
Example 1
Update a Key resource
https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Attempts to update the fields of an API Key instance.
If successful, it returns the updated resource representation. The response will be identical to that of the HTTP GET (fetch).
Parameters
| Names in None format | |
|---|---|
friendly_name
Optional
|
A descriptive string for this resource, chosen by your application, up to 64 characters long. |
Example 1
Delete a Key Resource
https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Deletes an API Key. This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret.
If the delete is successful, Twilio will return an HTTP 204 response with no body.
You may only delete Keys by authenticating with the account's AccountSid and AuthToken or API Keys that have the master key flag set in the console.
Example 1
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.