You access the Twilio API using API keys that represent the required credentials. These keys:
Authenticate to the REST API
Create and revoke Access Tokens
(information)
Info
See this document for more information about your request to Twilio's REST API, or read our article on Access Tokens to learn more.
API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API. There are two types of API Keys: Standard and Main.
Standard API Keys give you access to all the functionality in Twilio's API, except for managing API Keys, Account Configuration, and Subaccounts.
Main API Keys have the same access as Standard Keys, and can also manage API Keys, Account Configuration, and Subaccounts. Main API Keys give you the same level of access as if you were using account API Credentials.
Since API Keys can be independently revoked, you have complete control of the lifecycle of your API credentials.
For example, you might issue separate API Keys to different developers or different subsystems within your application. If a key is compromised or no longer used, you can easily delete it to prevent unauthorized access!
(warning)
Warning
If your use case requires API Keys to access the /Accounts or /Keys endpoint, a Main Key needs to be used. This can be created in the Console.
The string that you assigned to describe the resource.
date_createdtype: string<DATE TIME RFC 2822>Not PII
The date and time in GMT that the resource was created specified in RFC 2822 format.
date_updatedtype: string<DATE TIME RFC 2822>Not PII
The date and time in GMT that the resource was last updated specified in RFC 2822 format.
Fetch a Key resource
GET https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json
Returns a representation of the API Key, including the properties below.
(warning)
Warning
For security reasons, the Secret field is ONLY returned when the API Key is first created - never when fetching the resource. Your application should store the API Key's Sid and Secret in a secure location to authenticate to the API and generate Access Tokens in the future.