Twilio Master Credentials
#
Description#
General- Documentation: https://www.twilio.com/docs/usage/api
- Summary: Twilio is a cloud communications company that allows software developers to send and receive text messages and phone calls. Twilio exposes a variety of APIs to allow developers to programmatically interact with the service. Twilio provides two ways of authenticating : master credentials, or API keys that can be quickly created and revoked and are typically safer to use. This detector focuses on detecting the master credentials of the account. Gitguardian's engine also detects Twilio' API keys
- IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
- Scopes: Twilio provides the user with both test and live master credentials.
#
Revoke the secretTo rotate credentials, the user can ask for a secondary auth token, and then promote it to primary (see the corresponding documentation here).
#
Check for suspicious activityIn the enterprise mode, Twilio offers an audit events tab to monitor various events such as credentials usage as well as API calls to monitor events (see here).
Twilio basic auth
#
Details for Family: Api
Category: Messaging system
Company: Twilio
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 6.08
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - ac[0-9a-f]{32}
#
Examples- text: | from twilio.rest import Client account_sid = "AC598fdd1a56846658f660652ed4810395" auth_token = "ce2337ad21d390367e018828cef2b0ef" client = Client(account_sid, auth_token) client_id: AC598fdd1a56846658f660652ed4810395 client_secret: ce2337ad21d390367e018828cef2b0ef