Skills

twilio-security-api-auth

Installation
SKILL.md

Overview

Twilio supports four authentication methods. Choosing the wrong one is a security risk — Auth Tokens in production code are the most common credential leak.

Method Use for Token lifetime Revocable individually
Auth Token Local testing only Permanent (until rotated) No — rotation invalidates all integrations using that token and breaks webhook signature validation; API keys (SK-prefixed) are unaffected
API Key + Secret Production server-side Permanent (until deleted) Yes
OAuth2 Bearer Token Production server-side (enhanced) 1 hour Expires automatically
Access Token (JWT) Client-side SDKs (Voice, Video, Chat) Up to 24 hours No — delete issuing API key

Decision framework:

  • Building a quick prototype? → Auth Token (but switch to API Key before deploying)
  • Production server-side code? → API Key + Secret (simplest production auth) or OAuth2 (time-limited tokens)
  • Browser/mobile client needs to connect? → Access Token (JWT) generated server-side
  • Running tests without charges? → Test credentials with magic numbers
Installs
57
Repository
twilio/ai
GitHub Stars
22
First Seen
May 13, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
twilio-security-api-auth — twilio/ai