Twilio uses two credentials to determine which account an API request is coming from: The Account SID, which acts as a username, and the Auth Token which acts as a password. This guide explains how to find your Auth Token, and how to change it.
Notice: If another user gets access to your Auth Token and Account SID, they will have full access to your account, and use of the Twilio API as if they were you. All users should take steps to keep their Auth Token private. For more recommendations, see Is Someone Else Using Your Twilio Account? Best Practices to Protect Your Auth Token (Twilio Blog).
If you are concerned someone has unauthorized use of your Twilio credentials, see Proactive Steps for Customers Experiencing Account Takeover.
Where is my Auth Token?
Your account's Auth Token is hidden by default. Click show to display the token, and hide to conceal it again.
Notice: Promoting a secondary Auth Token to the primary role instantly and automatically removes your old existing Auth Token from your account. Immediately after promoting the new token, all requests to Twilio using your old Auth Token will result in an error. Any existing Twilio apps using your old token will need to be updated with the new Auth Token before they can work successfully again. To make this change without incurring downtime, we recommend users update their apps with the secondary token prior to promoting it to primary.
- Access the Account -> General Settings page in Console.
- Scroll down to the "API Credentials" section, and then click Request a Secondary Token.
- In the pop-up dialog, click Request Token.
- Click the Eye icon to view your new secondary token, and use it to update your existing Twilio applications.
- Once your existing Twilio apps are updated, Click Promote to Primary to make your newly created Auth Token the main token for your account. A dialog will pop-up asking you to acknowledge the consequences and confirm.
Note: If you decide you don’t need the second token and want to keep using the primary one, click Delete this Token to remove it.