All API requests require authentication. The API uses HTTP Basic Authentication with your account credentials.
Credentials
Each account has a unique credential pair:
| Credential | Description |
|---|---|
| Account SID | Public account identifier |
| Auth Token | Secret key for request signing |
Credentials are available in the account dashboard under API Settings.
Request Signing
Include credentials in the Authorization header using the Basic authentication scheme. The header value is the Base64 encoding of {account_sid}:{auth_token}.
Code
Security Requirements
- All requests must use HTTPS
- Auth tokens must be stored securely and never exposed in client-side code
- Rotate credentials immediately if compromised
- Use environment variables or secrets management for token storage
Error Codes
| Status | Code | Description |
|---|---|---|
| 401 | unauthorized | Missing or invalid credentials |
| 403 | forbidden | Credentials valid but operation not permitted |
Credential Rotation
Generate new credentials from the account dashboard. Previous credentials remain valid for 24 hours after rotation to allow for deployment updates.
Last modified on