Skip to main content

Twilio Keys

Description#

General#

  • Documentation: https://www.twilio.com/docs/usage/api
  • Summary: Twilio is a cloud communications company that allows software developers to send and receive text messages and phone calls. Twilio exposes a variety of APIs to allow developers to programmatically interact with the service. Twilio provides two ways of authenticating : master credentials, or API keys that can be quickly created and revoked and are typically safer to use. This detector focuses on detecting these API keys. Gitguardian's engine also detects Twilio' master credentials
  • IPs allowlist: This feature is not supported.
  • Scopes: Twilio allows to create two types of API keys : standard keys, or master keys that can manage API keys, account configurations and sub accounts.

Revoke the secret#

Keys cannot be rotated but they can be deleted from this page of the dashboard.

Check for suspicious activity#

In the enterprise mode, Twilio offers an audit events tab to monitor various events such as API keys usage as well as API calls to monitor events (see here).

Details for Twilio api keys#

  • Category: Messaging system

  • Company: Twilio

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 3.89

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - css  - html  - lock  - md  - storyboard  - xib  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - sk[0-9a-f]{32}

Examples#

- text: >    var Twilio = require('twilio'); +var fs = require('fs'); +var path = require('path'); + +var apiKeySid='SK1fe059e17c773de4c071a57f9f975873'; +var apiKeySecret='4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'  client_id: "SK1fe059e17c773de4c071a57f9f975873"  client_secret: "4BDNaWxPP5naXdt54Fb4KwAWkfNohej8"