twiliotwilio-apitwilio-node

What is difference between creating twilio client using authentication token and combination of API key and API Secret with Account sid?


I came across many twilio apis using account sid and authentication token to create twilio client (Refer 1 code) but I had even seen some twilio apis which uses account sid and api key with api secret to create twilio client (Refer 2 code). Wondering, what is difference between these?

Code 1 : Creating Twilio client using account sid and authenication token

     const client = require('twilio')(accountSid, authToken);

Code 2 : Creating Twilio client using account sid and api key with api secret

     const Twilio = require("twilio");
     const client = new Twilio(API_KEY_SID, API_KEY_SECRET, {accountSid: ACCOUNT_SID}); 

Can anybody help me to understand the difference between these two different types of creating twilio client?


Solution

  • The documentation below provides the benefits of using API Keys rather than the Auth Token on the Account SID.

    REST API: API Keys

    "API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API."

    If an account auth token is compromised, the process to change the auth token is via the console.

    Auth Tokens and How to Change Them (rotate credentials)