Plivo uses the following credentials to determine the account from which an API request is triggered:
- AUTH ID: acts as your username
- AUTH Token: acts as your password
If another user gets access to your AUTH ID and AUTH Token, then he or she will be able to use your Plivo API. That means they can make calls or send messages to any destination. Make sure your Auth ID and Auth Token are kept private at all times and not shared with any third party.
Where can I find my Auth ID and Auth Token?
You can find your Auth ID and Auth Token under the account settings tab on the Plivo Dashboard
How do I change my Auth Token?
The Auth ID of any Plivo account cannot be changed. However, the Auth Token can be changed by clicking here and choosing either of the two options listed.
A new Auth Token will be generated that can be used as a password to authenticate your API requests.
If you suspect your Plivo account has been compromised, and see that there are charges that do not reflect your usage, immediately change your Auth Token as well as your Plivo account password. Set up Two Factor Authentication for increased security by clicking here. Learn more about our account services in the Plivo Document Library.