Public Key Client Validation helps organizations in compliance-heavy industries meet strict security requirements, such as not relying on shared secrets, validating senders, and verifying message content. It is available with either Twilio Enterprise Edition or Twilio Security Edition.
For organizations under strict compliance requirements, relying on shared secrets may not meet required security protocols. With Public Key Client Validation enabled you'll be the only one who knows the Secret, which means the Auth Token — a shared secret — will be rendered invalid for REST requests.
By using Public Key Client Validation, you'll also be able to rotate your keys and stay in full control of your credentials.
When you send a request with Public Key Client Validation, Twilio validates:
The Public Key Client Validation Quickstart will provide you with additional details on how the feature works.
This feature is currently not supported by Flex, Studio and TaskRouter. If you use either of these products, Public Key Client Validation Quickstart can't be enforced.
If Public Key Client Validation sounds like a good fit for your organization, find out more about Twilio Editions or get in touch with Sales to start the enablement process.