# 57019: 'Authorization' header is missing or is invalid

Log Type: APPLICATION

Log Level: ERROR

## Description

Twilio returns this error when a Messaging request does not include a usable `Authorization` header. Authenticate Twilio API requests with HTTP Basic authentication using an API key and API key secret, or for local testing, your Account SID and Auth Token. If the endpoint uses OAuth, send `Authorization: Bearer {AccessToken}`.

### Possible causes

* The request was sent without an `Authorization` header.
* The `Authorization` header value is malformed or uses the wrong authentication scheme for the endpoint. Twilio API requests use HTTP Basic authentication for API key or Account SID credentials, while OAuth requests use a `Bearer` access token.
* The credentials in the header are incomplete, such as an API key without its secret or an Account SID without its Auth Token.

### Possible solutions

* Add a valid `Authorization` header to the request before retrying.
* For production requests, authenticate with an API key as the username and the API key secret as the password. Twilio recommends API keys for production authentication.
* For local testing, authenticate with your Account SID as the username and your Auth Token as the password.
* If you are calling an OAuth-protected endpoint, generate a valid access token and send it as `Authorization: Bearer {AccessToken}`.
* If you build raw HTTP requests manually, use a Twilio server-side SDK when possible so the SDK can handle credentials consistently.

#### Additional resources

* [Twilio API requests](/docs/usage/requests-to-twilio)
* [API keys overview](/docs/iam/api-keys)
* [OAuth Token API](/docs/iam/oauth-apps/oauth-access-token)