20102: Invalid Access Token header

This error occurs when the header of the Access Token sent to a Twilio API does not meet Twilio's expected format/values for a JWT header.

Twilio Access Tokens are JWTs whose header must include the fields typ, alg, and cty with specific required values. If these are missing or incorrect, the token will be rejected.

• The Access Token header does not contain the required typ field with value JWT.
• The Access Token header uses an unsupported signing algorithm (e.g., anything other than HS256) in the alg field.
• The Access Token header omits the cty field or sets it to a value other than twilio-fpa;v=1.

• Regenerate the Access Token using a Twilio SDK AccessToken helper to ensure the header is formed correctly, then serialize with toJwt().
• Verify the header fields and values before issuing tokens:
  • Set typ to JWT.
  • Set alg to HS256.
  • Set cty to twilio-fpa;v=1.

• Access Tokens
• Issuing Sync Tokens
• Generate Twilio Access Tokens in Python