Twilio API Key
Detects Twilio API key SIDs (SK prefix followed by 32 hex characters). Paired with its secret, a leaked Twilio API key allows sending SMS/voice and accessing account data and call logs.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence when corroborated: the SK prefix plus 32 hex chars matches the Twilio API key SID structure; Twilio context keywords distinguish it from other SK-prefixed ids.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- wide
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9])SK[a-f0-9]{32}(?![A-Za-z0-9])Corroborative evidence keywords
twilio, twilio.com, api key, account sid, TWILIO_API_KEY, auth token, messaging
Proximity: 300 characters
Should match
SKabcdef0123456789abcdef0123456789— Twilio API key SID, SK prefix + 32 hexTWILIO_API_KEY=SK0123456789abcdef0123456789abcdef— Labelled Twilio API key in an env assignmentSKfedcba9876543210fedcba9876543210— Another Twilio API key body
Should not match
SKabcdef0123456789— Too short to be a valid Twilio API key (16 hex not 32)ACabcdef0123456789abcdef0123456789— Twilio Account SID prefix (AC), not an API key (SK)store the twilio api key alongside the account sid securely— Prose mention without a token value
Known false positives
- Other SK-prefixed 32-hex identifiers in unrelated systems. Mitigation: Require corroborative Twilio keywords within proximity before alerting.
- Documentation or examples showing placeholder SK strings. Mitigation: Check for placeholder markers (example, xxxx) and require Twilio context.