Twilio API: アクセストークン

アクセストークンは、VideoIP メッセージングなどの Twilio クライアント SDK を使用できる、有効期限の短いトークンです。クライアントのアイデンティティを確認し、クライアント API 機能へのアクセスを付与するために、アクセストークンをサーバー上に作成します。全てのトークンは限られた期間の生存期間を持っています。最大で 24 時間です。ただし、ベストプラクティスは、作成するアプリケーションに適した最短時間でアクセストークンを生成することです。

目次

トークンを生成する

TwilioアクセストークンはJSON Web Tokenに準規しています。アクセストークンの JWT フォーマットの詳細については、こちらをご覧ください。ただし、Twilio のオフィシャルヘルパーライブラリーを利用している場合は、トークン生成機能を使用できるので、トークンの構造を知る必要はありません。

では、アプリケーションでアクセストークンを作成する方法について説明します。

Step 1: APIキーを作成する

最初に、APIキーを作成します。これにはアクセストークンの署名に使用するシークレットが含まれます。API キーは、Twilio コンソールから、またはREST API使用して作成します。API キーを作成する際、キーのシークレットが表示されます。セキュリティ上の理由により、キーを作成したときだけ、シークレットが表示されます。シークレットは、次のステップで、安全な場所にキーの SID と一緒に保管する必要があります。

Step 2: アクセストークンを作成する

次に、Twilio ヘルパーライブラリで step 1 で作成した API キーのシークレットを使用して、アクセストークンを作成します。各トークンには、特定のクライアント機能へのアクセス権限が与えられます。次に、IP メッセージングへのアクセス権限を与えるトークンを生成する方法の例を示します。

Loading Code Samples...
言語
SDKバージョン:
  • 4.x
  • 5.x
SDKバージョン:
  • 6.x
  • 7.x
SDKバージョン:
  • 2.x
  • 3.x
SDKバージョン:
  • 4.x
  • 5.x
SDKバージョン:
  • 5.x
  • 6.x
SDKバージョン:
  • 4.x
  • 5.x
using System;
using System.Collections.Generic;
using Twilio.Jwt.AccessToken;

class Example
{
    static void Main(string[] args)
    {
        // These values are necessary for any access token
        const string twilioAccountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiKey = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiSecret = "your_secret";

        // These are specific to IP Messaging
        const string ipmServiceSid = "ISXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string identity = "user@example.com";
        const string deviceId = "someiosdevice";

        // Create an IP messaging grant for this token
        var grant = new IpMessagingGrant();
        grant.EndpointId = $"HipFlowSlackDockRC:{identity}:{deviceId}";
        grant.ServiceSid = ipmServiceSid;

        var grants = new HashSet<IGrant>
        {
            { grant }
        };

        // Create an Access Token generator
        var token = new Token(
            twilioAccountSid,
            twilioApiKey,
            twilioApiSecret,
            identity,
            grants: grants);

        Console.WriteLine(token.ToJwt());
    }
}
<?php
// Get the PHP helper library from twilio.com/docs/php/install
require_once '/path/to/vendor/autoload.php'; // Loads the library
use Twilio\Jwt\AccessToken;
use Twilio\Jwt\Grants\IpMessagingGrant;

// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';

// Required for IP messaging grant
$ipmServiceSid = 'ISxxxxxxxxxxxx';
// An identifier for your app - can be anything you'd like
$appName = 'TwilioChatDemo';
// choose a random username for the connecting user
$identity = "john_doe";
// A device ID should be passed as a query string parameter to this script
$deviceId = 'somedevice';
$endpointId = $appName . ':' . $identity . ':' . $deviceId;

// Create access token, which we will serialize and send to the client
$token = new AccessToken(
    $twilioAccountSid,
    $twilioApiKey,
    $twilioApiSecret,
    3600,
    $identity
);

// Create IP Messaging grant
$ipmGrant = new IpMessagingGrant();
$ipmGrant->setServiceSid($ipmServiceSid);
$ipmGrant->setEndpointId($endpointId);

// Add grant to token
$token->addGrant($ipmGrant);

// render token to string
echo $token->toJWT();
from twilio.access_token import AccessToken, IpMessagingGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for IP messaging grants
ipm_service_sid = 'ISxxxxxxxxxxxx'
identity = 'user@example.com'
device_id = 'someiosdevice'
endpoint_id = "HipFlowSlackDockRC:{0}:{1}".format(identity, device_id)

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create an IP Messaging grant and add to token
ipm_grant = IpMessagingGrant(endpoint_id=endpoint_id, service_sid=ipm_service_sid)
token.add_grant(ipm_grant)

# Return token info as JSON
print(token.to_jwt())
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for IP Messaging
service_sid = 'ISxxxxxxxxxxxx'
device_id = 'someiosdevice'
identity = 'user@example.com'
endpoint_id = "HipFlowSlackDockRC:#{identity}:#{device_id}"

# Create an Access Token
token = Twilio::JWT::AccessToken.new(
  account_sid,
  api_key, api_secret,
  3600,
  identity
)

# Create IP Messaging grant for our token
grant = Twilio::JWT::AccessToken::IpMessagingGrant.new
grant.service_sid = service_sid
grant.endpoint_id = endpoint_id
token.add_grant(grant)

# Generate the token
puts token.to_jwt
var AccessToken = require('twilio').AccessToken;
var IpMessagingGrant = AccessToken.IpMessagingGrant;

// Used when generating any kind of tokens
var twilioAccountSid = 'ACxxxxxxxxxx';
var twilioApiKey = 'SKxxxxxxxxxx';
var twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating IP Messaging tokens
var serviceSid = 'ISxxxxxxxxxxxxx';
var appName = 'HipFlowSlackDockRC';
var identity = 'user@example.com';
var deviceId = 'someiosdeviceid';
var endpointId = appName + ':' + identity + ':' + deviceId;

// Create a "grant" which enables a client to use IPM as a given user,
// on a given device
var ipmGrant = new IpMessagingGrant({
    serviceSid: serviceSid,
    endpointId: endpointId
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
var token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(ipmGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
const AccessToken = require('twilio').jwt.AccessToken;
const IpMessagingGrant = AccessToken.IpMessagingGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating IP Messaging tokens
const serviceSid = 'ISxxxxxxxxxxxxx';
const appName = 'HipFlowSlackDockRC';
const identity = 'user@example.com';
const deviceId = 'someiosdeviceid';
const endpointId = `${appName}:${identity}:${deviceId}`;

// Create a "grant" which enables a client to use IPM as a given user,
// on a given device
const ipmGrant = new IpMessagingGrant({
  serviceSid: serviceSid,
  endpointId: endpointId,
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);

token.addGrant(ipmGrant);

token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
package com.twilio;
import com.twilio.sdk.auth.AccessToken;
import com.twilio.sdk.auth.IpMessagingGrant;

public class TokenGenerator {
  
  public static void main(String[] args) {
    // Required for all types of tokens
    String twilioAccountSid = "ACxxxxxxxxxxxx";
    String twilioApiKey = "SKxxxxxxxxxxxx";
    String twilioApiSecret = "xxxxxxxxxxxxxx";

    // Required for IP Messaging
    String ipmServiceSid = "ISxxxxxxxxxxxx";
    String deviceId = "someiosdevice";
    String identity = "user@example.com";
    String appName = "HipFlowSlackDockRC";
    String endpointId = appName + ":" + identity + ":" + deviceId;
      
    // Create IP messaging grant
    IpMessagingGrant grant = new IpMessagingGrant();
    grant.setEndpointId(endpointId);
    grant.setServiceSid(ipmServiceSid);
    
    // Create access token
    AccessToken token = new AccessToken.Builder(
      twilioAccountSid,
      twilioApiKey,
      twilioApiSecret
    ).identity(identity).grant(grant).build();

    System.out.println(token.toJWT());
  }
}
from twilio.jwt.access_token import AccessToken, IpMessagingGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for IP messaging grants
ipm_service_sid = 'ISxxxxxxxxxxxx'
identity = 'user@example.com'
device_id = 'someiosdevice'
endpoint_id = "HipFlowSlackDockRC:{0}:{1}".format(identity, device_id)

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create an IP Messaging grant and add to token
ipm_grant = IpMessagingGrant(
        endpoint_id=endpoint_id,
        service_sid=ipm_service_sid)
token.add_grant(ipm_grant)

# Return token info as JSON
print(token.to_jwt())
using System;
using Twilio.Auth;

class Example
{
	static void Main(string[] args)
	{
    // These values are necessary for any access token
    var twilioAccountSid = "ACxxxxxxxxxxxx";
    var twilioApiKey = "SKxxxxxxxxxxxx";
    var twilioApiSecret = "xxxxxxxxxxxxxx";

    // These are specific to IP Messaging
    var ipmServiceSid = "ISxxxxxxxxxxxx";
    var identity = "user@example.com";
    var deviceId = "someiosdevice";

    // Create an Access Token generator
    var token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
    token.Identity = identity;

    // Create an IP messaging grant for this token
    var grant = new IpMessagingGrant();
    grant.EndpointId = $"HipFlowSlackDockRC:{identity}:{deviceId}";
    grant.ServiceSid = ipmServiceSid;
    token.AddGrant(grant);

    Console.WriteLine(token.ToJWT());
  }
}
<?php
require_once('./twilio-php/Services/Twilio.php');

// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';

// Required for IP messaging grant
$ipmServiceSid = 'ISxxxxxxxxxxxx';
$appName = 'HipFlowSlackDockRC';
$identity = 'user@example.com';
$deviceId = 'someiosdevice';
$endpointId = $appName . ':' . $identity . ':' . $deviceId;

// Create access token
$token = new Services_Twilio_AccessToken(
    $twilioAccountSid, 
    $twilioApiKey, 
    $twilioApiSecret, 
    3600, 
    $identity
);

// Create IP Messaging grant
$ipmGrant = new Services_Twilio_Auth_IpMessagingGrant();
$ipmGrant->setServiceSid($ipmServiceSid);
$ipmGrant->setEndpointId($endpointId);

// Add grant to token
$token->addGrant($ipmGrant);

// render token to string
echo $token->toJWT();
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for IP Messaging
service_sid = 'ISxxxxxxxxxxxx'
device_id = 'someiosdevice'
identity = 'user@example.com'
endpoint_id = "HipFlowSlackDockRC:#{identity}:#{device_id}"

# Create an Access Token
token = Twilio::Util::AccessToken.new account_sid, api_key, api_secret, 
  3600, identity

# Create IP Messaging grant for our token
grant = Twilio::Util::AccessToken::IpMessagingGrant.new
grant.service_sid = service_sid
grant.endpoint_id = endpoint_id
token.add_grant grant

# Generate the token
puts token.to_jwt
import com.twilio.jwt.accesstoken.AccessToken;
import com.twilio.jwt.accesstoken.IpMessagingGrant;

public class Example {
  public static void main(String[] args) {
    String twilioAccountSid = "ACxxxxxxxxxxxx";
    String twilioApiKey = "SKxxxxxxxxxxxx";
    String twilioApiSecret = "xxxxxxxxxxxxxx";

    String ipmServiceSid = "ISxxxxxxxxxxxx";
    String deviceId = "someiosdevice";
    String identity = "user@example.com";
    String appName = "HipFlowSlackDockRC";
    String endpointId = appName + ":" + identity + ":" + deviceId;

    IpMessagingGrant grant = new IpMessagingGrant();
    grant.setEndpointId(endpointId);
    grant.setServiceSid(ipmServiceSid);

    AccessToken token = new AccessToken.Builder(twilioAccountSid, twilioApiKey, twilioApiSecret)
        .identity(identity).grant(grant).build();

    System.out.println(token.toJwt());
  }
}
アクセストークン(IP メッセージング)の作成
Loading Code Samples...
言語
SDKバージョン:
  • 4.x
  • 5.x
SDKバージョン:
  • 2.x
  • 3.x
SDKバージョン:
  • 5.x
  • 6.x
SDKバージョン:
  • 4.x
  • 5.x
using System;
using System.Collections.Generic;
using Twilio.Jwt.AccessToken;

class Example
{
    static void Main(string[] args)
    {
        // These values are necessary for any access token
        const string twilioAccountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiKey = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiSecret = "your_secret";

        // These are specific to Video
        const string configurationProfileSid = "VSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string identity = "user";

        // Create a Video grant for this token
        var grant = new VideoGrant();
        grant.ConfigurationProfileSid = configurationProfileSid;

        var grants = new HashSet<IGrant>
        {
            { grant }
        };

        // Create an Access Token generator
        var token = new Token(
            twilioAccountSid,
            twilioApiKey,
            twilioApiSecret,
            identity,
            grants: grants);

        Console.WriteLine(token.ToJwt());
    }
}
<?php
// Get the PHP helper library from twilio.com/docs/php/install
require_once '/path/to/vendor/autoload.php'; // Loads the library
use Twilio\Jwt\AccessToken;
use Twilio\Jwt\Grants\VideoGrant;

// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';

// Required for Video grant
$configurationProfileSid = 'VSxxxxxxxxxxxx';
// An identifier for your app - can be anything you'd like
$identity = "john_doe";

// Create access token, which we will serialize and send to the client
$token = new AccessToken(
    $twilioAccountSid,
    $twilioApiKey,
    $twilioApiSecret,
    3600,
    $identity
);

// Create Video grant
$videoGrant = new VideoGrant();
$videoGrant->setConfigurationProfileSid($configurationProfileSid);

// Add grant to token
$token->addGrant($videoGrant);

// render token to string
echo $token->toJWT();
from twilio.access_token import AccessToken, VideoGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for Video grant
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create a Video grant and add to token
video_grant = VideoGrant(configuration_profile_sid=configuration_profile_sid)
token.add_grant(video_grant)

# Return token info as JSON
print(token.to_jwt())
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for Video
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create an Access Token
token = Twilio::JWT::AccessToken.new(
  account_sid,
  api_key,
  api_secret, 
  3600,
  identity);

# Create Video grant for our token
grant = Twilio::JWT::AccessToken::VideoGrant.new
grant.configuration_profile_sid = configuration_profile_sid
token.add_grant(grant)

# Generate the token
puts token.to_jwt
const AccessToken = require('twilio').AccessToken;
const VideoGrant = AccessToken.VideoGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating Video tokens
const configurationProfileSid = 'VSxxxxxxxxxxxxx';
const identity = 'user';

// Create a "grant" which enables a client to use Video as a given user
const videoGrant = new VideoGrant({
    configurationProfileSid: configurationProfileSid
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(videoGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
const AccessToken = require('twilio').jwt.AccessToken;
const VideoGrant = AccessToken.VideoGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating Video tokens
const configurationProfileSid = 'VSxxxxxxxxxxxxx';
const identity = 'user';

// Create a "grant" which enables a client to use Video as a given user
const videoGrant = new VideoGrant({
    configurationProfileSid: configurationProfileSid
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(videoGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
from twilio.jwt.access_token import AccessToken, VideoGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for Video grant
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create a Video grant and add to token
video_grant = VideoGrant(configuration_profile_sid=configuration_profile_sid)
token.add_grant(video_grant)

# Return token info as JSON
print(token.to_jwt())
using System;
using Twilio.Auth;

class Example
{
  static void Main(string[] args)
  {
    // These values are necessary for any access token
    var twilioAccountSid = "ACxxxxxxxxxxxx";
    var twilioApiKey = "SKxxxxxxxxxxxx";
    var twilioApiSecret = "xxxxxxxxxxxxxx";

    // These are specific to Video
    var configurationProfileSid = "VSxxxxxxxxxxxx";
    var identity = "user";

    // Create an Access Token generator
    var token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
    token.Identity = identity;

    // Create a Video grant for this token
    var grant = new VideoGrant();
    grant.ConfigurationProfileSid = configurationProfileSid;
    token.AddGrant(grant);

    Console.WriteLine(token.ToJWT());
  }
}
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for Video
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create an Access Token
token = Twilio::Util::AccessToken.new(
  account_sid,
  api_key,
  api_secret, 
  3600,
  identity);

# Create Video grant for our token
grant = Twilio::Util::AccessToken::VideoGrant.new
grant.configuration_profile_sid = configuration_profile_sid
token.add_grant(grant)

# Generate the token
puts token.to_jwt
import com.twilio.jwt.accesstoken.AccessToken;
import com.twilio.jwt.accesstoken.VideoGrant;

public class TokenGenerator {
  
  public static void main(String[] args) {
    // Required for all types of tokens
    String twilioAccountSid = "ACxxxxxxxxxxxx";
    String twilioApiKey = "SKxxxxxxxxxxxx";
    String twilioApiSecret = "xxxxxxxxxxxxxx";

    // Required for Video
    String configurationProfileSid = "VSxxxxxxxxxxxx";
    String identity = "user";
      
    // Create Video grant
    VideoGrant grant = new VideoGrant();
    grant.setConfigurationProfileSid(configurationProfileSid);
    
    // Create access token
    AccessToken token = new AccessToken.Builder(
      twilioAccountSid,
      twilioApiKey,
      twilioApiSecret
    ).identity(identity).grant(grant).build();

    System.out.println(token.toJwt());
  }
}
Creating an Access Token (Video)

Step 3:認証

これで、トークンを使用する準備ができました。IP MessagingVideo などのクライアントサイドの SDK の場合、Ajax または他の方法を使用して、文字列に変換したトークンをクライアントサイドコードに渡す必要があります。詳細については、製品ドキュメントの『Identity and Access Tokens』関連のガイドの Video または IP Messaging の説明をご覧ください。

APIキーを利用してアクセストークンのライフサイクルを管理する

アプリケーションはAPIキーをアクセストークンの管理をするために利用します。いくつかの基本的なステップで簡単にできます。

  • REST API を使ってAPI キーを作成し、返却されたシークレットを保存します。お使いの製品のコンソールでも API キーを管理できます。
  • Twilio ヘルパーライブラリと API キーの Secret を使用して、クライアントのアクセストークンを生成します。
  • APIキーを削除し生成されたすべてのアクセストークンの無効にします。

JWT フォーマット

各アクセストークンは JWT です。これはエンコードされた JSON オブジェクトであり、ヘッダー、ペイロード、および署名の 3 つの部分で構成されます。次に、前述の例と同様のコードを使用して IP Messaging 用に生成した JWT トークンを示します。

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImN0eSI6InR3aWxpby1mcGE7dj0xIn0.eyJqdGkiOiJTS3h4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4LTE0NTA0NzExNDciLCJpc3MiOiJTS3h4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4Iiwic3ViIjoiQUN4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eCIsIm5iZiI6MTQ1MDQ3MTE0NywiZXhwIjoxNDUwNDc0NzQ3LCJncmFudHMiOnsiaWRlbnRpdHkiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaXBfbWVzc2FnaW5nIjp7InNlcnZpY2Vfc2lkIjoiSVN4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eCIsImVuZHBvaW50X2lkIjoiSGlwRmxvd1NsYWNrRG9ja1JDOnVzZXJAZXhhbXBsZS5jb206c29tZWlvc2RldmljZSJ9fX0.IHx8KeH1acIfwnd8EIin3QBGPbfnF-yVnSFp5NpQJi0

If we inspect it with the debugger at jwt.io, we can further explore its content.

ヘッダー

{
  "typ": "JWT",
  "alg": "HS256",
  "cty": "twilio-fpa;v=1"
}

headerセクションは トークンのフォーマットでエンコードされます

  • alg トークンをエンコードするアルゴリズムです。“HS256” の必要があります。
  • typ トークンのタイプ"JWT" の必要があります。
  • cty はコンテンツタイプであり、アクセストークンのバージョンをエンコードします。"twilio-fpa;v=1" である必要があります。

ペイロード

{
  "jti": "SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-1450471147",
  "iss": "SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "sub": "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "nbf": 1450471147,
  "exp": 1450474747,
  "grants": {
    "identity": "user@example.com",
    "ip_messaging": {
      "service_sid": "ISxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "endpoint_id": "HipFlowSlackDockRC:user@example.com:someiosdevice"
    }
  }
}

payloadセクションは 権限譲渡を表します

  • jti トークンの一意なIDアプリケーションがこのIDを認識できます。標準のヘルパーライブラリーはAPIキー のSID をトークンと一意でランダムな文字列を使います。
  • iss は発行者です。この API キーのシークレットで、トークンに署名します。
  • sub どのアクセスがアカウントのSIDをスコープしたか
  • nbf 生成されたトークンの有効期限が切れる時間(タイムスタンプ)
  • exp トークンの有効期限が切れる時間(タイムスタンプ)アクセストークン有効期限は最大24時間です。
  • grants トークンに付与されている許可のリスト。クライアント SDK (IP Messaging、Video)権限値は、SDK ごとに異なります。

署名

signature セクションは、トークンの信頼性を証明する署名付きハッシュです。これは、API シークレットを使用して JWT のヘッダーとペイロードを一緒にハッシュ化することによって得られ、アプリケーションと Twilio 以外に知られないようにする必要があります。

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.

1 / 1
Loading Code Samples...
SDKバージョン:
  • 4.x
  • 5.x
SDKバージョン:
  • 6.x
  • 7.x
SDKバージョン:
  • 2.x
  • 3.x
SDKバージョン:
  • 4.x
  • 5.x
SDKバージョン:
  • 5.x
  • 6.x
SDKバージョン:
  • 4.x
  • 5.x
using System;
using System.Collections.Generic;
using Twilio.Jwt.AccessToken;

class Example
{
    static void Main(string[] args)
    {
        // These values are necessary for any access token
        const string twilioAccountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiKey = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiSecret = "your_secret";

        // These are specific to IP Messaging
        const string ipmServiceSid = "ISXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string identity = "user@example.com";
        const string deviceId = "someiosdevice";

        // Create an IP messaging grant for this token
        var grant = new IpMessagingGrant();
        grant.EndpointId = $"HipFlowSlackDockRC:{identity}:{deviceId}";
        grant.ServiceSid = ipmServiceSid;

        var grants = new HashSet<IGrant>
        {
            { grant }
        };

        // Create an Access Token generator
        var token = new Token(
            twilioAccountSid,
            twilioApiKey,
            twilioApiSecret,
            identity,
            grants: grants);

        Console.WriteLine(token.ToJwt());
    }
}
<?php
// Get the PHP helper library from twilio.com/docs/php/install
require_once '/path/to/vendor/autoload.php'; // Loads the library
use Twilio\Jwt\AccessToken;
use Twilio\Jwt\Grants\IpMessagingGrant;

// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';

// Required for IP messaging grant
$ipmServiceSid = 'ISxxxxxxxxxxxx';
// An identifier for your app - can be anything you'd like
$appName = 'TwilioChatDemo';
// choose a random username for the connecting user
$identity = "john_doe";
// A device ID should be passed as a query string parameter to this script
$deviceId = 'somedevice';
$endpointId = $appName . ':' . $identity . ':' . $deviceId;

// Create access token, which we will serialize and send to the client
$token = new AccessToken(
    $twilioAccountSid,
    $twilioApiKey,
    $twilioApiSecret,
    3600,
    $identity
);

// Create IP Messaging grant
$ipmGrant = new IpMessagingGrant();
$ipmGrant->setServiceSid($ipmServiceSid);
$ipmGrant->setEndpointId($endpointId);

// Add grant to token
$token->addGrant($ipmGrant);

// render token to string
echo $token->toJWT();
from twilio.access_token import AccessToken, IpMessagingGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for IP messaging grants
ipm_service_sid = 'ISxxxxxxxxxxxx'
identity = 'user@example.com'
device_id = 'someiosdevice'
endpoint_id = "HipFlowSlackDockRC:{0}:{1}".format(identity, device_id)

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create an IP Messaging grant and add to token
ipm_grant = IpMessagingGrant(endpoint_id=endpoint_id, service_sid=ipm_service_sid)
token.add_grant(ipm_grant)

# Return token info as JSON
print(token.to_jwt())
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for IP Messaging
service_sid = 'ISxxxxxxxxxxxx'
device_id = 'someiosdevice'
identity = 'user@example.com'
endpoint_id = "HipFlowSlackDockRC:#{identity}:#{device_id}"

# Create an Access Token
token = Twilio::JWT::AccessToken.new(
  account_sid,
  api_key, api_secret,
  3600,
  identity
)

# Create IP Messaging grant for our token
grant = Twilio::JWT::AccessToken::IpMessagingGrant.new
grant.service_sid = service_sid
grant.endpoint_id = endpoint_id
token.add_grant(grant)

# Generate the token
puts token.to_jwt
var AccessToken = require('twilio').AccessToken;
var IpMessagingGrant = AccessToken.IpMessagingGrant;

// Used when generating any kind of tokens
var twilioAccountSid = 'ACxxxxxxxxxx';
var twilioApiKey = 'SKxxxxxxxxxx';
var twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating IP Messaging tokens
var serviceSid = 'ISxxxxxxxxxxxxx';
var appName = 'HipFlowSlackDockRC';
var identity = 'user@example.com';
var deviceId = 'someiosdeviceid';
var endpointId = appName + ':' + identity + ':' + deviceId;

// Create a "grant" which enables a client to use IPM as a given user,
// on a given device
var ipmGrant = new IpMessagingGrant({
    serviceSid: serviceSid,
    endpointId: endpointId
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
var token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(ipmGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
const AccessToken = require('twilio').jwt.AccessToken;
const IpMessagingGrant = AccessToken.IpMessagingGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating IP Messaging tokens
const serviceSid = 'ISxxxxxxxxxxxxx';
const appName = 'HipFlowSlackDockRC';
const identity = 'user@example.com';
const deviceId = 'someiosdeviceid';
const endpointId = `${appName}:${identity}:${deviceId}`;

// Create a "grant" which enables a client to use IPM as a given user,
// on a given device
const ipmGrant = new IpMessagingGrant({
  serviceSid: serviceSid,
  endpointId: endpointId,
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);

token.addGrant(ipmGrant);

token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
package com.twilio;
import com.twilio.sdk.auth.AccessToken;
import com.twilio.sdk.auth.IpMessagingGrant;

public class TokenGenerator {
  
  public static void main(String[] args) {
    // Required for all types of tokens
    String twilioAccountSid = "ACxxxxxxxxxxxx";
    String twilioApiKey = "SKxxxxxxxxxxxx";
    String twilioApiSecret = "xxxxxxxxxxxxxx";

    // Required for IP Messaging
    String ipmServiceSid = "ISxxxxxxxxxxxx";
    String deviceId = "someiosdevice";
    String identity = "user@example.com";
    String appName = "HipFlowSlackDockRC";
    String endpointId = appName + ":" + identity + ":" + deviceId;
      
    // Create IP messaging grant
    IpMessagingGrant grant = new IpMessagingGrant();
    grant.setEndpointId(endpointId);
    grant.setServiceSid(ipmServiceSid);
    
    // Create access token
    AccessToken token = new AccessToken.Builder(
      twilioAccountSid,
      twilioApiKey,
      twilioApiSecret
    ).identity(identity).grant(grant).build();

    System.out.println(token.toJWT());
  }
}
from twilio.jwt.access_token import AccessToken, IpMessagingGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for IP messaging grants
ipm_service_sid = 'ISxxxxxxxxxxxx'
identity = 'user@example.com'
device_id = 'someiosdevice'
endpoint_id = "HipFlowSlackDockRC:{0}:{1}".format(identity, device_id)

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create an IP Messaging grant and add to token
ipm_grant = IpMessagingGrant(
        endpoint_id=endpoint_id,
        service_sid=ipm_service_sid)
token.add_grant(ipm_grant)

# Return token info as JSON
print(token.to_jwt())
using System;
using Twilio.Auth;

class Example
{
	static void Main(string[] args)
	{
    // These values are necessary for any access token
    var twilioAccountSid = "ACxxxxxxxxxxxx";
    var twilioApiKey = "SKxxxxxxxxxxxx";
    var twilioApiSecret = "xxxxxxxxxxxxxx";

    // These are specific to IP Messaging
    var ipmServiceSid = "ISxxxxxxxxxxxx";
    var identity = "user@example.com";
    var deviceId = "someiosdevice";

    // Create an Access Token generator
    var token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
    token.Identity = identity;

    // Create an IP messaging grant for this token
    var grant = new IpMessagingGrant();
    grant.EndpointId = $"HipFlowSlackDockRC:{identity}:{deviceId}";
    grant.ServiceSid = ipmServiceSid;
    token.AddGrant(grant);

    Console.WriteLine(token.ToJWT());
  }
}
<?php
require_once('./twilio-php/Services/Twilio.php');

// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';

// Required for IP messaging grant
$ipmServiceSid = 'ISxxxxxxxxxxxx';
$appName = 'HipFlowSlackDockRC';
$identity = 'user@example.com';
$deviceId = 'someiosdevice';
$endpointId = $appName . ':' . $identity . ':' . $deviceId;

// Create access token
$token = new Services_Twilio_AccessToken(
    $twilioAccountSid, 
    $twilioApiKey, 
    $twilioApiSecret, 
    3600, 
    $identity
);

// Create IP Messaging grant
$ipmGrant = new Services_Twilio_Auth_IpMessagingGrant();
$ipmGrant->setServiceSid($ipmServiceSid);
$ipmGrant->setEndpointId($endpointId);

// Add grant to token
$token->addGrant($ipmGrant);

// render token to string
echo $token->toJWT();
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for IP Messaging
service_sid = 'ISxxxxxxxxxxxx'
device_id = 'someiosdevice'
identity = 'user@example.com'
endpoint_id = "HipFlowSlackDockRC:#{identity}:#{device_id}"

# Create an Access Token
token = Twilio::Util::AccessToken.new account_sid, api_key, api_secret, 
  3600, identity

# Create IP Messaging grant for our token
grant = Twilio::Util::AccessToken::IpMessagingGrant.new
grant.service_sid = service_sid
grant.endpoint_id = endpoint_id
token.add_grant grant

# Generate the token
puts token.to_jwt
import com.twilio.jwt.accesstoken.AccessToken;
import com.twilio.jwt.accesstoken.IpMessagingGrant;

public class Example {
  public static void main(String[] args) {
    String twilioAccountSid = "ACxxxxxxxxxxxx";
    String twilioApiKey = "SKxxxxxxxxxxxx";
    String twilioApiSecret = "xxxxxxxxxxxxxx";

    String ipmServiceSid = "ISxxxxxxxxxxxx";
    String deviceId = "someiosdevice";
    String identity = "user@example.com";
    String appName = "HipFlowSlackDockRC";
    String endpointId = appName + ":" + identity + ":" + deviceId;

    IpMessagingGrant grant = new IpMessagingGrant();
    grant.setEndpointId(endpointId);
    grant.setServiceSid(ipmServiceSid);

    AccessToken token = new AccessToken.Builder(twilioAccountSid, twilioApiKey, twilioApiSecret)
        .identity(identity).grant(grant).build();

    System.out.println(token.toJwt());
  }
}
SDKバージョン:
  • 4.x
  • 5.x
SDKバージョン:
  • 2.x
  • 3.x
SDKバージョン:
  • 5.x
  • 6.x
SDKバージョン:
  • 4.x
  • 5.x
using System;
using System.Collections.Generic;
using Twilio.Jwt.AccessToken;

class Example
{
    static void Main(string[] args)
    {
        // These values are necessary for any access token
        const string twilioAccountSid = "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiKey = "SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string twilioApiSecret = "your_secret";

        // These are specific to Video
        const string configurationProfileSid = "VSXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
        const string identity = "user";

        // Create a Video grant for this token
        var grant = new VideoGrant();
        grant.ConfigurationProfileSid = configurationProfileSid;

        var grants = new HashSet<IGrant>
        {
            { grant }
        };

        // Create an Access Token generator
        var token = new Token(
            twilioAccountSid,
            twilioApiKey,
            twilioApiSecret,
            identity,
            grants: grants);

        Console.WriteLine(token.ToJwt());
    }
}
<?php
// Get the PHP helper library from twilio.com/docs/php/install
require_once '/path/to/vendor/autoload.php'; // Loads the library
use Twilio\Jwt\AccessToken;
use Twilio\Jwt\Grants\VideoGrant;

// Required for all Twilio access tokens
$twilioAccountSid = 'ACxxxxxxxxxxxx';
$twilioApiKey = 'SKxxxxxxxxxxxx';
$twilioApiSecret = 'xxxxxxxxxxxxxx';

// Required for Video grant
$configurationProfileSid = 'VSxxxxxxxxxxxx';
// An identifier for your app - can be anything you'd like
$identity = "john_doe";

// Create access token, which we will serialize and send to the client
$token = new AccessToken(
    $twilioAccountSid,
    $twilioApiKey,
    $twilioApiSecret,
    3600,
    $identity
);

// Create Video grant
$videoGrant = new VideoGrant();
$videoGrant->setConfigurationProfileSid($configurationProfileSid);

// Add grant to token
$token->addGrant($videoGrant);

// render token to string
echo $token->toJWT();
from twilio.access_token import AccessToken, VideoGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for Video grant
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create a Video grant and add to token
video_grant = VideoGrant(configuration_profile_sid=configuration_profile_sid)
token.add_grant(video_grant)

# Return token info as JSON
print(token.to_jwt())
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for Video
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create an Access Token
token = Twilio::JWT::AccessToken.new(
  account_sid,
  api_key,
  api_secret, 
  3600,
  identity);

# Create Video grant for our token
grant = Twilio::JWT::AccessToken::VideoGrant.new
grant.configuration_profile_sid = configuration_profile_sid
token.add_grant(grant)

# Generate the token
puts token.to_jwt
const AccessToken = require('twilio').AccessToken;
const VideoGrant = AccessToken.VideoGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating Video tokens
const configurationProfileSid = 'VSxxxxxxxxxxxxx';
const identity = 'user';

// Create a "grant" which enables a client to use Video as a given user
const videoGrant = new VideoGrant({
    configurationProfileSid: configurationProfileSid
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(videoGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
const AccessToken = require('twilio').jwt.AccessToken;
const VideoGrant = AccessToken.VideoGrant;

// Used when generating any kind of tokens
const twilioAccountSid = 'ACxxxxxxxxxx';
const twilioApiKey = 'SKxxxxxxxxxx';
const twilioApiSecret = 'xxxxxxxxxxxx';

// Used specifically for creating Video tokens
const configurationProfileSid = 'VSxxxxxxxxxxxxx';
const identity = 'user';

// Create a "grant" which enables a client to use Video as a given user
const videoGrant = new VideoGrant({
    configurationProfileSid: configurationProfileSid
});

// Create an access token which we will sign and return to the client,
// containing the grant we just created
const token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
token.addGrant(videoGrant);
token.identity = identity;

// Serialize the token to a JWT string
console.log(token.toJwt());
from twilio.jwt.access_token import AccessToken, VideoGrant

# required for all twilio access tokens
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# required for Video grant
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create access token with credentials
token = AccessToken(account_sid, api_key, api_secret, identity)

# Create a Video grant and add to token
video_grant = VideoGrant(configuration_profile_sid=configuration_profile_sid)
token.add_grant(video_grant)

# Return token info as JSON
print(token.to_jwt())
using System;
using Twilio.Auth;

class Example
{
  static void Main(string[] args)
  {
    // These values are necessary for any access token
    var twilioAccountSid = "ACxxxxxxxxxxxx";
    var twilioApiKey = "SKxxxxxxxxxxxx";
    var twilioApiSecret = "xxxxxxxxxxxxxx";

    // These are specific to Video
    var configurationProfileSid = "VSxxxxxxxxxxxx";
    var identity = "user";

    // Create an Access Token generator
    var token = new AccessToken(twilioAccountSid, twilioApiKey, twilioApiSecret);
    token.Identity = identity;

    // Create a Video grant for this token
    var grant = new VideoGrant();
    grant.ConfigurationProfileSid = configurationProfileSid;
    token.AddGrant(grant);

    Console.WriteLine(token.ToJWT());
  }
}
require 'twilio-ruby'

# Required for any Twilio Access Token
account_sid = 'ACxxxxxxxxxxxx'
api_key = 'SKxxxxxxxxxxxx'
api_secret = 'xxxxxxxxxxxxxx'

# Required for Video
configuration_profile_sid = 'VSxxxxxxxxxxxx'
identity = 'user'

# Create an Access Token
token = Twilio::Util::AccessToken.new(
  account_sid,
  api_key,
  api_secret, 
  3600,
  identity);

# Create Video grant for our token
grant = Twilio::Util::AccessToken::VideoGrant.new
grant.configuration_profile_sid = configuration_profile_sid
token.add_grant(grant)

# Generate the token
puts token.to_jwt
import com.twilio.jwt.accesstoken.AccessToken;
import com.twilio.jwt.accesstoken.VideoGrant;

public class TokenGenerator {
  
  public static void main(String[] args) {
    // Required for all types of tokens
    String twilioAccountSid = "ACxxxxxxxxxxxx";
    String twilioApiKey = "SKxxxxxxxxxxxx";
    String twilioApiSecret = "xxxxxxxxxxxxxx";

    // Required for Video
    String configurationProfileSid = "VSxxxxxxxxxxxx";
    String identity = "user";
      
    // Create Video grant
    VideoGrant grant = new VideoGrant();
    grant.setConfigurationProfileSid(configurationProfileSid);
    
    // Create access token
    AccessToken token = new AccessToken.Builder(
      twilioAccountSid,
      twilioApiKey,
      twilioApiSecret
    ).identity(identity).grant(grant).build();

    System.out.println(token.toJwt());
  }
}