OAuth apps FAQs

We currently support this feature only in the US1 region.

OAuth apps are available to all customer accounts. During the Public Beta, OAuth apps are available as a free trial. Free trials may be limited by time, features and usage caps, and are subject to change without notice.

Users with the Owner, Administrator or Developer role will be able to access this feature.

By default, the expiration time of access tokens is 1 hour. This is returned as the expires_in parameter in the API response after calling the token endpoint. The value is provided in seconds, currently defaulted to 3600 seconds (1 hour).

Yes. If a new access token is generated, the previous access token will continue to work until it expires.

There will be no impact on the OAuth app and the credentials will still work.

It is recommended that you immediately delete the OAuth app. This will make the credentials and access tokens as invalid.

Yes, users can rotate client secret from within the Twilio Console. On rotation, the old secret will remain valid for 1 day before it becomes inactive. The expiration of the previous secret is not currently configurable.

Only two client secrets can remain active at any time. If a user rotates a secret before an existing secret expires, a new secret is generated and the oldest active secret becomes invalid.

Yes this feature is available for subaccounts as well. The account OAuth app will not work for subaccounts under it and users will have to create separate OAuth apps for the subaccount.

Mapping of the scopes (permissions) to the APIs can be found in the OAuth apps Overview guide. The same mapping applies to the Restricted API keys product.