How to use Twilio API keys (not auth tokens) for passwordless SMS?

I know I can setup Auth0 passwordless SMS using a Twilio auth token, but using a Twilio API key would be more secure. I don’t see a way to do this through the management UI. Can this be done in some other way?


Hi, krazzy. I assume you’ve found something for your use case by now, but in case anyone else comes looking I thought I’d drop this in here. I needed this urgently and couldn’t find an answer, but fortunately it wasn’t too difficult a fix. My solution was to switch to a custom action instead of the built-in Twilio integration and use the API credentials in there. I needed to add it to the flow and select that option in the Security settings, too. The actual action needed the Twilio library adding, as well as a couple of secrets. The code I used is as follows, and your own will likely be very similar.

exports.onExecuteSendPhoneMessage = async (event, api) => {
  const accountSid = event.secrets.TWILIO_ACCOUNT_SID;
  const apiKey = event.secrets.TWILIO_API_KEY;
  const apiSecret = event.secrets.TWILIO_API_SECRET;
  const twilioSmsNumber = event.secrets.TWILIO_SMS_NUMBER;
  const message = event.message_options.text;
  const phoneNumber = event.message_options.recipient;

  const client = require('twilio')(apiKey, apiSecret, { accountSid: accountSid });
  const response = await client.messages.create({
    body: message,
    from: twilioSmsNumber,
    to: phoneNumber,
  return response;

Hope this helps someone!