Twilio Changelog | Aug. 16, 2023
Extended notice and update on security changes: HTTP Authentication for Voice and Messaging Media enabled by default
Effective today, Twilio will apply the following security measures:
Newly-created main accounts will have HTTP authentication enabled by default. Customer have the option to disable it in the Programmable Voice and Programmable Messaging Settings areas of the Twilio Console
Newly-created subaccounts of existing accounts will inherit this setting from the main account, and HTTP authentication will be disabled or enabled (with the option to disable it) accordingly.
There are no changes on existing accounts:
Existing accounts that currently have HTTP authentication enabled will continue to have the option to disable it.
Existing accounts that currently have HTTP authentication disabled will maintain this setting (authentication disabled).
Twilio previously announced the enforcement of HTTP authentication for Programmable Voice and Programmable Messaging media on new accounts on 31 July, 2023. We’ve made the decision to roll-out these changes more gradually, so the initial scope and timeline has been adjusted.
This extension will provide you with enough time to prepare your application for retrieving Programmable Voice and Programmable Messaging media in an authenticated manner.