Twilio uses two credentials to determine which account an API request is coming from: The Account SID, which acts as a username, and the Auth Token which acts as a password. This guide explains how to find your Auth Token, and how to change it.
Notice: If another user gets access to your Auth Token and Account SID, they will have full access to your account, and use of the Twilio API as if they were you. All users should take steps to keep their Auth Token private. For more recommendations, see Is Someone Else Using Your Twilio Account? Best Practices to Protect Your Auth Token (Twilio Blog).
If you are concerned someone has unauthorized use of your Twilio credentials, see Proactive Steps for Customers Experiencing Account Takeover.
Where is my Auth Token?
You can find the Auth Token in the Account Info pane of the Console Dashboard page.
Your account's Auth Token is hidden by default. Click show to display the token, and hide to conceal it again.
What is a Secondary Auth Token?
A secondary Auth Token is a backup to your primary Auth Token. The secondary token works the same as your primary token and can be used to keep your applications running during a token rotation. This allows you to seamlessly transition your services from one token to another with zero downtime. When ready, Secondary tokens can be promoted to the primary token, replacing the previous primary token.
How do I change my Auth Token?
Notice: Promoting a secondary Auth Token to the primary Auth Token instantly and automatically removes your old existing primary Auth Token from your account. Immediately after promoting the new token, all requests to Twilio using your old Auth Token will result in an error. Any existing Twilio apps using your old token will need to be updated with the new token before they will successfully work again. To make this change without incurring downtime, we recommend users update their apps with the secondary token prior to promoting it to primary.
- Access the Account -> API keys and tokens page in Console.
- From the top right, select the Region you'd like to change the Auth Token for:
- Scroll down to the "Auth Tokens" section, and then click Request a secondary token.
- In the pop-up dialog box, click Request Token.
- Click the Eye icon to view your new secondary token, and use it to update your existing Twilio applications. Be certain your applications are updated with your new secondary token prior to promoting it.
- Click Promote to Primary to make your newly created Auth Token the main token for your account. A dialog box will pop-up asking you to acknowledge the consequences. Once confirmed, the old primary token will stop working.
Note: If you decide you don’t need the second token and want to keep using the primary one, click Delete this Token to remove it.