Twilio stores all media sent and received with our services behind long URLs to increase security until the links are ready to distribute. For added security, users can enforce HTTP authentication so that your Account SID and Auth Token are required for access. This guide explains how to add this extra security step for protecting your media.
- Access the General SMS Settings page in Console.
- Scroll to the "Enforce HTTP Auth on Media URLs" section, and then select Enable.
- Click Save.
Once HTTP Auth is enabled on your project, subsequent attempts to fetch your message media will direct you to a mediaURL that is only valid for 4 hours. The domain of the media URL will also change from s3-external-1.amazonaws.com to
mms.twiliocdn.com. You can make subsequent API requests for new short-lived URLs for your media at any time.