I came across many twilio apis using account sid and authentication token to create twilio client (Refer 1 code) but I had even seen some twilio apis which uses account sid and api key with api secret to create twilio client (Refer 2 code). Wondering, what is difference between these?
Code 1 : Creating Twilio client using account sid and authenication token
const client = require('twilio')(accountSid, authToken);
Code 2 : Creating Twilio client using account sid and api key with api secret
const Twilio = require("twilio");
const client = new Twilio(API_KEY_SID, API_KEY_SECRET, {accountSid: ACCOUNT_SID});
Can anybody help me to understand the difference between these two different types of creating twilio client?
The documentation below provides the benefits of using API Keys rather than the Auth Token on the Account SID.
"API Keys can be provisioned and revoked through the REST API or the Twilio Console. This provides a powerful and flexible primitive for managing access to the Twilio API."
If an account auth token is compromised, the process to change the auth token is via the console.