OAuth Token API
Access Tokens can be generated by calling the Token API endpoint with the right set of parameters and values. The request differs between Client Credentials and Authorization Code OAuth apps.
POST https://oauth.twilio.com/v2/token
Encoding type:application/x-www-form-urlencoded
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | string | yes | The unique identifier of an OAuth app |
client_secret | string | yes | The confidential secret associated with the client ID |
grant_type | string | yes | Specify the OAuth grant type as client_credentials |
1curl --location 'https://oauth.twilio.com/v2/token' \2--header 'Content-Type: application/x-www-form-urlencoded' \3--data-urlencode 'client_id={CLIENT_ID}' \4--data-urlencode 'client_secret={CLIENT_SECRET}' \5--data-urlencode 'grant_type=client_credentials'
Status: 200 OK
Body(JSON):
1{2"access_token": "{ACCESS_TOKEN}",3"id_token": null,4"token_type": "Bearer",5"expires_in": 3600,6"refresh_token": null7}
Response Fields
| Parameter | Type | Description |
|---|---|---|
access_token | string | The Access Token issued by the authorization server |
token_type | string | The type of token (typically Bearer) |
expires_in | integer | The token lifetime in seconds |
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | string | yes | The unique identifier of an OAuth app |
client_secret | string | yes | The confidential secret associated with the client ID |
grant_type | string | yes | Specify the OAuth grant type as authorization_code |
code | string | yes | Authorization code generated after consent |
redirect_uri | string | yes | The redirect URL of the OAuth app |
1curl --location 'https://oauth.twilio.com/v2/token' \2--header 'Content-Type: application/x-www-form-urlencoded' \3--data-urlencode 'client_id={CLIENT_ID}' \4--data-urlencode 'client_secret={CLIENT_SECRET}' \5--data-urlencode 'grant_type=authorization_code' \6--data-urlencode 'code=AUTHORIZATION_CODE' \7--data-urlencode 'redirect_uri={REDIRECT_URL}'
Status: 200 OK
Body(JSON):
1{2"access_token": "{ACCESS_TOKEN}",3"id_token": null,4"token_type": "Bearer",5"expires_in": 3600,6"refresh_token": "{REFRESH_TOKEN}"7}
Response Fields
| Parameter | Type | Description |
|---|---|---|
access_token | string | The Access Token issued by the authorization server |
token_type | string | The type of token (typically Bearer) |
expires_in | integer | The token lifetime in seconds |
refresh_token | string | The Refresh Token issued by the authorization server |
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | string | yes | The unique identifier of an OAuth app |
client_secret | string | yes | The confidential secret associated with the client ID |
grant_type | string | yes | Specify the OAuth grant type as refresh_token |
refresh_token | string | yes | The Refresh Token issued by the authorization server |
1curl --location 'https://oauth.twilio.com/v2/token' \2--header 'Content-Type: application/x-www-form-urlencoded' \3--data-urlencode 'client_id={CLIENT_ID}' \4--data-urlencode 'client_secret={CLIENT_SECRET}' \5--data-urlencode 'grant_type=refresh_token' \6--data-urlencode 'refresh_token={REFRESH_TOKEN}'
Status: 200 OK
Body(JSON):
1{2"access_token": "{ACCESS_TOKEN}",3"id_token": null,4"token_type": "Bearer",5"expires_in": 3600,6"refresh_token": "{REFRESH_TOKEN}"7}
Response Fields
| Parameter | Type | Description |
|---|---|---|
access_token | string | The Access Token issued by the authorization server |
token_type | string | The type of token (typically Bearer) |
expires_in | integer | The token lifetime in seconds |
refresh_token | string | The Refresh Token issued by the authorization server |
Pass the access_token returned by the Token API as a Bearer token in the Authorization header of your Twilio API requests.
cURL example: list Messages for an account
1curl --location 'https://api.twilio.com/2010-04-01/Accounts/<AccountSID>/Messages.json' \2--header 'Authorization: Bearer {AccessToken}'
OAuth support for Twilio APIs is available in all server-side SDKs. Here are details of the versions and examples:
- Java SDK version 10.6.0 and above:
- C# SDK version 7.6.0 and above:
- Node SDK version 5.4.0 and above:
- Python SDK version 9.4.1 and above:
- Ruby SDK version 7.4.0 and above:
- PHP SDK version 8.5.0 and above:
- Go SDK version 1.25.1 and above: