Restricted API Keys are currently available as a public beta release. Some features are not yet implemented and others may be changed before the product is declared as Generally Available. Beta products are not covered by a Twilio SLA.
Learn more about beta product support.
Restricted API Keys allow you to decide which Twilio API Resources an API Key can access, and which action(s) the API Key is allowed to take on those API Resources. You can now create and manage Restricted API Keys using REST APIs, in addition to using Twilio Console.
Restricted API Keys currently allow you to grant API access to specific Studio, Voice, Voice Intelligence, Voice Insights, Messaging, Long Codes, Regulatory Compliance, SIP, TaskRouter, Monitor Events, Monitor Alerts and Lookup endpoints. Please note, Twilio is actively adding more permissions to this product.
For example, if your Programmable Voice application's testing suite makes test Voice calls, you can create a Restricted API Key that is only permitted to send POST
requests to create Call Resources.
Or you can create Restricted API Keys that provide your engineering team with access to every Voice endpoint except the Call Recording Resource endpoints.
Currently, you cannot create Access Tokens for Twilio's client-side SDKs if you're using Restricted API Keys.
You can create and manage Restricted API Keys using REST APIs. If you'd like to use the Twilio Console, please complete the following steps to create a Restricted API Key.
In the dropdown menu, under Keys & Credentials , select API Keys & tokens. (Note: You may need to authenticate your Twilio Account at this point.)
A Permissions section appears with a grid showing Twilio API Resources and endpoints (i.e., Read, List, Create, Update, and Delete). Select the permissions you want for this API Key.
The SID of the Restricted API Key and the associated secret (from step 10 above) are used as your credentials when sending API requests to Twilio.
Read the Requests to Twilio page to learn more.
To modify the friendly name or the permissions of a Restricted API Key, follow the directions below.
Duplicating a Restricted API Key is a convenience feature that allows you to create a new Restricted API Key with the same permissions as another Restricted API Key. You can then modify the Friendly name and permissions with the new Key.
You can duplicate a Restricted API Key in two ways:
From the API keys & tokens page in the Console
In the Console, navigate to Account > API Keys & tokens. Select the Duplicate key action next to the Key you want to duplicate. \
Via the Restricted API Key's info page
In the Console, navigate to Account > API Keys & tokens and select the Restricted API Key you wish to duplicate. On the Key's details page, click on the Duplicate this key button at the bottom of the page.
Click Delete this API key at the bottom of the page.
Restricted API Keys allow you to select specific API endpoints that the Key is authorized to access. Currently, you can grant these permissions for Studio, Voice, Messages, Long Codes, and SIP endpoints.
Each permission maps to one or more endpoints/actions for each API Resource.
Click on one of the product areas below to download a PDF of the permissions/endpoint actions.
Twilio Restricted API Keys Permissions - Messaging Permissions
Twilio Restricted API Keys Permissions - Phone Numbers Permissions
Twilio Restricted API Keys Permissions - Studio Permissions
Twilio Restricted API Keys Permissions - TaskRouter Permissions
Twilio Restricted API Keys Permissions - Voice Permissions
Twilio Restricted API Keys Permissions - Lookup Permissions
Twilio Restricted API Keys Permissions - API Keys Permissions
Twilio Restricted API Keys Permissions - Monitor Permissions