Skip to contentSkip to navigationSkip to topbar
On this page

Create Access Tokens for Programmable Chat


(error)

Danger

Programmable Chat has been deprecated and is no longer supported. Instead, we'll be focusing on the next generation of chat: Twilio Conversations. Find out more about the EOL process here(link takes you to an external page).

If you're starting a new project, please visit the Conversations Docs to begin. If you've already built on Programmable Chat, please visit our Migration Guide to learn about how to switch.

In the last guide, we covered SDK client initialization mechanics and the need for a generated Access Token. This Access Token is the credential your SDK client endpoints must use to identify and authenticate themselves with the Chat Service.

This Token is generated on your server or backend as you authenticate your user and is then utilized by the Chat SDK client to authorize with the Chat Service.


Create an Access Token

create-an-access-token page anchor

On your server, we must decide, based on the token request that was sent to us, who the user is and what they should be allowed to do.

To figure out who the user is (their identity), you might use your existing login system, using session cookies, an API token, or whatever mechanism you use to secure API requests or pages today. Who the user is and how you authorize their use will vary from app to app.

If you determine that the user should indeed be allowed to access your Chat application, you will grant your user access to Chat by generating an Access Token as part of your authentication flow. You will then return the token to the user client for use in the Chat SDK.

When creating an Access Token for Programmable Chat, the following information is needed:

Twilio Account Sid

This is the Account Sid of your Twilio account and must be the account in which you have created your Programmable Chat Service. Manage your Chat Services.

Programmable Chat Service Sid

This is the Chat Service Sid where your Users, Channels, Messages and other chat related data resides. This is the Chat Service you grant the SDK client access to.

Twilio API Key Sid

This is the Sid of an API created for your Twilio Account, which is used to sign the Access Token cryptographically. You can create these API keys here.

Twilio API Secret

This is the secret part of the API Key above, also managed here.

Identity

The identity of your User. For example, user@some.domain.com. For more details around Programmable Chat use of identity, please refer to User Identity & Access Tokens section.

We recommend following the standard URI specification and avoid the following reserved characters ! * ' ( ) ; : @ & = + $ , / ? % # [ ] for values such as identity and friendly name.

Creating an Access Token (Chat)Link to code sample: Creating an Access Token (Chat)
1
const AccessToken = require('twilio').jwt.AccessToken;
2
const ChatGrant = AccessToken.ChatGrant;
3
4
// Used when generating any kind of tokens
5
// To set up environmental variables, see http://twil.io/secure
6
const twilioAccountSid = process.env.TWILIO_ACCOUNT_SID;
7
const twilioApiKey = process.env.TWILIO_API_KEY;
8
const twilioApiSecret = process.env.TWILIO_API_SECRET;
9
10
// Used specifically for creating Chat tokens
11
const serviceSid = process.env.TWILIO_CHAT_SERVICE_SID;
12
const identity = 'user@example.com';
13
14
// Create a "grant" which enables a client to use Chat as a given user,
15
// on a given device
16
const chatGrant = new ChatGrant({
17
serviceSid: serviceSid,
18
});
19
20
// Create an access token which we will sign and return to the client,
21
// containing the grant we just created
22
const token = new AccessToken(
23
twilioAccountSid,
24
twilioApiKey,
25
twilioApiSecret,
26
{identity: identity}
27
);
28
29
token.addGrant(chatGrant);
30
31
// Serialize the token to a JWT string
32
console.log(token.toJwt());

Optional: TTL (Time To Live) Access Tokens are only valid for a period of time, in seconds. The default is 3600 seconds (1 hour), but you can adjust this to your needs up to a maximum of 24 hours.

Once your client receives an Access Token from your server, you can initialize the Twilio Chat SDK and start sending and receiving messages, as covered in the previous guide.

Next: Access Token Lifecycle

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.