Plivo uses Auth ID and Auth Token credentials to authenticate the account from which an API request is triggered:
- Auth ID acts as your username.
- Auth Token acts as your password.
If another user gets access to your Auth ID and Auth Token, they'll be able to use your Plivo API to make calls and send messages to any destination. Make sure to keep your Auth ID and Auth Token private at all times and don't share them with any third party.
Where can I find my Auth ID and Auth Token?
You can find your Auth ID and Auth Token at the top of the home page of the Plivo dashboard. Click on the eyecon next to the Auth Token to make it visible.
How can I change my Auth ID or Auth Token?
The Auth ID of any Plivo account cannot be changed. However, you can change the Auth Token by clicking to Account > Settings > Credentials and choosing either of the two options listed.
When you click Generate Auth Token, Plivo will generate a new Auth Token that you can use as a password to authenticate your API requests.
If you suspect your Plivo account has been compromised, or you see charges that don't reflect your usage, immediately change your Auth Token and your Plivo account password. On the Account Credentials page where you change your password you can also set up two-factor authentication for increased security.