- Documentation: https://www.twilio.com/docs/usage/api
- Summary: Twilio is a cloud communications company that allows software developers to send and receive text messages and phone calls. Twilio exposes a variety of APIs to allow developers to programmatically interact with the service. Twilio provides two ways of authenticating: master credentials, or API keys that can be quickly created and revoked and are typically safer to use. This detector focuses on detecting these API keys. Gitguardian's engine also detects Twilio' master credentials
- IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
- Scopes: Twilio allows to create two types of API keys: standard keys, or master keys that can manage API keys, account configurations and sub accounts.
Revoke the secret
Keys cannot be rotated but they can be deleted from this page of the dashboard.
Check for suspicious activity
In the enterprise mode, Twilio offers an audit events tab to monitor various events such as API keys usage as well as API calls to monitor events (see here).
Twilio api keys
Category: Messaging system
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 3.89
- type: ContentWhitelistPreValidator
- text: |
var Twilio = require('twilio'); +var fs = require('fs'); +var path = require('path'); + +var apiKeySid='SK1fe059e17c773de4c071a57f9f975873'; +var apiKeySecret='4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'