Twilio API Key
Service Name: Twilio
Service Description: Twilio is a cloud communications platform that enables developers to build, scale, and operate customer engagement within their software applications via simple and powerful APIs for voice, messaging, video, and email.
Service Address: https://www.twilio.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Twilio's IP Access Management feature.
Secret Access Scope: Grants programmatic access to Twilio services including SMS, voice calls, WhatsApp messaging, verification services, and other communication APIs.
Secret Revokement URL: https://www.twilio.com/console/project/api-keys
Secret Example: SK2a0747ed6f9a4eb49e34bbff94eb25df
Suspicious Activity Investigation Instructions:
- Review Twilio Console logs for unusual API calls or resource access.
- Check the Twilio Monitor logs for unexpected activity.
- Review usage patterns for abnormal spikes in messaging or calling volume.
- Examine API request logs for unauthorized endpoints or unusual geographic origins.
- Verify if there are any unexpected changes to your Twilio configuration.
- Check for unauthorized phone numbers or messaging services added to your account.
Mitigation Instructions:
- Log in to the Twilio Console at https://www.twilio.com/console.
- Navigate to Settings > API Keys.
- Locate the compromised API key.
- Click on the API key and select "Delete" to revoke it.
- Create a new API key with appropriate permissions.
- Update your applications with the new API key.
- Consider implementing additional security measures like IP restrictions.
- Review and update your security policies for handling API credentials.
- Enable two-factor authentication for your Twilio account if not already enabled.