API Keys are the preferred way to authenticate with Twilio's REST APIs. With API Keys, you control which applications and/or people have access to your Twilio Account's API resources, and you can revoke access at your discretion.
If your Twilio application uses one of the client-side SDKs, you need to use API Keys in order to create Access Tokens.
Why you should use API Keys
You can use your Account SID and Auth Token as your API credentials for local testing, but using them in production is risky. If a bad actor gains access to your Account SID and Auth Token, your Twilio Account is compromised. This could cost you money and harm your business's reputation.
Instead, you can create API Keys for your applications and software developers. This gives you complete control of the lifecycle of your Twilio Accounts' API credentials. If an API Key is compromised or no longer used, you can delete the API Key to protect your Twilio Account from unauthorized access.
In addition, you can scope access for an API Key using Restricted API Keys. This allows you to reduce security risks by providing minimum and specific levels of access for your applications and API credentials.
Types of API Keys
There are three types of API Keys: Main, Standard and Restricted (Public Beta).
- Main API Keys provide the most permissions. They give you the same level of access as using your Account SID and Auth Token in API requests. Main API Keys provide access to the Account Resource of the Account that created the API Key. If you need API access to the Account Resource of a Subaccount, you need to create a Main API Key within the Subaccount.
- Standard API Keys give you access to all of the functionality in Twilio's APIs, _except_the following API Resources: API Key resources, Account Resource
- Restricted API Keys (Public Beta) allow you to provide fine-grained access to specific Twilio API Resources.
Info
If your Account uses Twilio Regions, read the Global Infrastructure docs to learn how to manage regional API credentials.
- Read the Restricted API Key doc to learn more.