Who do these Twilio credentials belong to?
This post's featured URL for sharing metadata is https://www.jvt.me/img/profile.jpg.
Let's say you've found some Twilio credentials, and want to work out whether they're still active.
Twilio has two types of credentials - "auth tokens" and API Keys. The "auth tokens" are bound to an account or a user, whereas API keys are more of a machine-user credential and have two types -
I ended up writing a tool for this as it makes interacting with the Twilio API a little easier, but the same underlying API calls can be conducted through
curl or similar.
From the README of the project:
With an Auth Token
An auth token may be found in the Twilio console for a given Account SID.
env TWILIO_ACCOUNT_SID=... \ TWILIO_AUTH_TOKEN=... \ twilio-who-credentials
The command will return a non-zero status code if the auth token could be used. If valid, information about the account will be printed out, such as the account name.
With an API Key
An API key may be issued from the Twilio console, and may be either a
Main or a
Standard token. This tool detects, as best as it can, the type of token in use.
env TWILIO_ACCOUNT_SID=... \ TWILIO_API_KEY=... \ TWILIO_API_SECRET=... \ twilio-who-credentials
The command will return a non-zero status code if the API key could be used. If valid, information will be returned as to whether it's a
Standard API key.
Main API key, information about the account will be printed out, such as the account name.