'Issues authenticating to Twilio to send message from sub-account or using API Keys
I'm having some issues sending SMS messages via a Twilio messaging service.
I have parent account and sub-account configuration.
cURL statement is as follows:
curl --location --request POST 'https://api.twilio.com/2010-04-01/Accounts/{{account-sid}}/Messages.json' \
--header 'Authorization: Basic {{auth}}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'Body=test' \
--data-urlencode 'MessagingServiceSid={{messaging-service-SID}}' \
--data-urlencode 'To=REDACTED'
I can get it working for some combinations of account-sid and auth header, but not all is working as expected.
e.g. here is a table that describes what works and what doesn't.
| Number | account-sid in URL path | username in auth header | password in auth header | Works? | Expected Result? |
|---|---|---|---|---|---|
| #1 | Parent Account SID | Parent Account SID | Parent Account Auth Token | NO - HTTP 404 | YES |
| #2 | Parent Account SID | Parent Account API Key | Parent Account API Secret | NO - HTTP 401 | NO - should return HTTP 404 |
| #3 | Parent Account SID | Sub Account SID | Sub Account Auth Token | NO - HTTP 401 | NO - should return HTTP 404 |
| #4 | Parent Account SID | Sub Account API Key | Sub Account API Secret | NO - HTTP 401 | NO - should return HTTP 404 |
| #5 | Sub Account SID | Sub Account SID | Sub Account Auth Token | NO - HTTP 401 | NO |
| #6 | Sub Account SID | Sub Account API Key | Sub Account API Secret | NO - HTTP 401 | NO |
| #7 | Sub Account SID | Parent Account SID | Parent Account Auth Token | YES | YES |
| #8 | Sub Account SID | Parent Account API Key | Parent Account API Secret | NO - HTTP 401 | NO |
Any ideas as to why some of these (specifically the ones where the expected result in the table above is 'NO') aren't working? FYI., the basic auth is calculated by Postman as shown below, so there shouldn't be any issues with this. Note: I've been changing the variables appropriately and even hard coded the usernames/passwords...
FWIW I didn't expect any of the ones with the parent account SID in the URL path to work, but just added them for completeness... the one I really want to get working is #6 as I want to generate separate API keys for individual subsystems to mitigate risk/impact if one of the API keys gets compromised. Any ideas why this might not be working...
Solution 1:[1]
I managed to narrow this down to being an issue with the API Key/secret. Multiple Twilio staff had given me examples that they claimed worked, which were exactly the same as what I had, but weren't working for me... I tried creating an API Key/secret in a different region and it worked. Seems that only API Keys in the AU1 region have this issue. When I tried with an API Key in the US1 region it worked!
Suspect it's not fully available in the AU region at the time of this writing - see https://www.twilio.com/docs/global-infrastructure/regional-product-and-feature-availability#australia-au1-region
Solution 2:[2]
The behavior varies based on the host portion of the API you are calling.
Only api.twilio.com supports calling the sub-accounts using the main accounts Account SID and Auth Token. This is done using the construct defined here (Node.js example):
const client = require('twilio')(accountSid, authToken, { accountSid: subaccountSid });
Source: https://www.twilio.com/docs/iam/api/subaccounts
When performing CRUD operations within a subaccount, use the subaccount SID and auth token. Alternatively, you can generate API Keys at the subaccount level for authentication.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Ryan.Bartsch |
| Solution 2 | Alan |