20160: Invalid Token

This error occurs when the token presented to the Twilio API is not a valid JWT. Twilio Access Tokens are JWTs used by client SDKs and must follow the JSON Web Token structure and constraints documented by Twilio.

• The token is not a properly formed JWT (Twilio Access Tokens are composed of three parts: header, payload, and signature).
• The JWT header is not set as required (for example, typ must be "JWT", alg must be "HS256", and cty must be "twilio-fpa;v=1").
• The token was generated or signed without the correct API Key SID/Secret for the account (the iss identifies the API Key and the signature is created using the API Key Secret).
• A Restricted API Key was used to create an Access Token for client-side SDKs (not supported).

• Re-generate the Access Token on your server using Twilio SDKs and the correct credentials (Account SID, API Key SID, and API Key Secret).
• Ensure the token's header fields meet Twilio's requirements and the alg is HS256.
• Verify the token lifetime: Access Tokens have a maximum age of 24 hours and should be created with the shortest feasible ttl.
• Use a Main or Standard API Key when creating Access Tokens; do not use a Restricted API Key.

• Access Tokens
• 20156: Expired or Invalid Expiration in Token
• 20159: Invalid Signature