Skip to contentSkip to navigationSkip to topbar
Page toolsOn this page
Looking for more inspiration?Visit the

OAuth Token API


Access Tokens can be generated by calling the Token API endpoint with the right set of parameters and values. The request differs between Client Credentials and Authorization Code OAuth apps.


Client Credentials Access Token request

client-credentials-access-token-request page anchor

POST https://oauth.twilio.com/v2/token

Encoding type:application/x-www-form-urlencoded

Request body parameters

request-body-parameters page anchor
ParameterTypeRequiredDescription
client_idstringyesThe unique identifier of an OAuth app
client_secretstringyesThe confidential secret associated with the client ID
grant_typestringyesSpecify the OAuth grant type as client_credentials
1
curl --location 'https://oauth.twilio.com/v2/token' \
2
--header 'Content-Type: application/x-www-form-urlencoded' \
3
--data-urlencode 'client_id={CLIENT_ID}' \
4
--data-urlencode 'client_secret={CLIENT_SECRET}' \
5
--data-urlencode 'grant_type=client_credentials'

Status: 200 OK

Body(JSON):

1
{
2
"access_token": "{ACCESS_TOKEN}",
3
"id_token": null,
4
"token_type": "Bearer",
5
"expires_in": 3600,
6
"refresh_token": null
7
}

Response Fields

ParameterTypeDescription
access_tokenstringThe Access Token issued by the authorization server
token_typestringThe type of token (typically Bearer)
expires_inintegerThe token lifetime in seconds

Authorization code access token request

authorization-code-access-token-request page anchor

POST https://oauth.twilio.com/v2/token

Encoding type:application/x-www-form-urlencoded

ParameterTypeRequiredDescription
client_idstringyesThe unique identifier of an OAuth app
client_secretstringyesThe confidential secret associated with the client ID
grant_typestringyesSpecify the OAuth grant type as authorization_code
codestringyesAuthorization code generated after consent
redirect_uristringyesThe redirect URL of the OAuth app
1
curl --location 'https://oauth.twilio.com/v2/token' \
2
--header 'Content-Type: application/x-www-form-urlencoded' \
3
--data-urlencode 'client_id={CLIENT_ID}' \
4
--data-urlencode 'client_secret={CLIENT_SECRET}' \
5
--data-urlencode 'grant_type=authorization_code' \
6
--data-urlencode 'code=AUTHORIZATION_CODE' \
7
--data-urlencode 'redirect_uri={REDIRECT_URL}'

Status: 200 OK

Body(JSON):

1
{
2
"access_token": "{ACCESS_TOKEN}",
3
"id_token": null,
4
"token_type": "Bearer",
5
"expires_in": 3600,
6
"refresh_token": "{REFRESH_TOKEN}"
7
}

Response Fields

ParameterTypeDescription
access_tokenstringThe Access Token issued by the authorization server
token_typestringThe type of token (typically Bearer)
expires_inintegerThe token lifetime in seconds
refresh_tokenstringThe Refresh Token issued by the authorization server

Authorization Code Access Token request using Refresh Token

authorization-code-access-token-request-using-refresh-token page anchor

When the access token expires, use the refresh token to obtain a new access token without prompting the user to re-authorize.

POST https://oauth.twilio.com/v2/token

Encoding type:application/x-www-form-urlencoded

ParameterTypeRequiredDescription
client_idstringyesThe unique identifier of an OAuth app
client_secretstringyesThe confidential secret associated with the client ID
grant_typestringyesSpecify the OAuth grant type as refresh_token
refresh_tokenstringyesThe Refresh Token issued by the authorization server
1
curl --location 'https://oauth.twilio.com/v2/token' \
2
--header 'Content-Type: application/x-www-form-urlencoded' \
3
--data-urlencode 'client_id={CLIENT_ID}' \
4
--data-urlencode 'client_secret={CLIENT_SECRET}' \
5
--data-urlencode 'grant_type=refresh_token' \
6
--data-urlencode 'refresh_token={REFRESH_TOKEN}'

Status: 200 OK

Body(JSON):

1
{
2
"access_token": "{ACCESS_TOKEN}",
3
"id_token": null,
4
"token_type": "Bearer",
5
"expires_in": 3600,
6
"refresh_token": "{REFRESH_TOKEN}"
7
}

Response Fields

ParameterTypeDescription
access_tokenstringThe Access Token issued by the authorization server
token_typestringThe type of token (typically Bearer)
expires_inintegerThe token lifetime in seconds
refresh_tokenstringThe Refresh Token issued by the authorization server

API resource call examples

api-resource-call-examples page anchor

Pass the access_token returned by the Token API as a Bearer token in the Authorization header of your Twilio API requests.

cURL example: list Messages for an account

1
curl --location 'https://api.twilio.com/2010-04-01/Accounts/<AccountSID>/Messages.json' \
2
--header 'Authorization: Bearer {AccessToken}'

OAuth support for Twilio APIs is available in all server-side SDKs. Here are details of the versions and examples: