Retrieving sub-account phone numbers once connected through connect api

Hello,

We are building an integration with our app that will require us to update each customer's individual Twilio account's phone number to use our webhook url. Following a similar concept of Stripe's connect api, we planned on having each customer "connect" their account to our master account so we can use their accountSID to fetch their phone numbers and update the selected one with our webhook url.

The problem we are facing is once an account is connected through the REST Api and added to our master account as a sub-account - we don't have access to their phone numbers. It appears through the docs that we need to port their number over to their sub-account. If this is true then it would defeat the purpose of the connect flow since we would need their accessToken to even query their numbers to be ported over.

Maybe we are missing something or thinking about the connect api concept wrong but any help on direction would be appreciated. Our backup solution is just to request the customer's accountSID and accessToken and just use the REST Api on their behalf directly instead of going through the connect api.

Tagged:

Answers

  • The Twilio Connect limitations listed here say that Connect apps are not able to manage phone numbers for the main account. What happens is that when a user connects to your Connect application and you ask for "charge account for usage" permissions, a subaccount is setup for their Twilio account and your Connect app can manage resources within that subaccount.

    I think you may have to use the workaround you have already suggested, though I'd advise that you ask the user to set up an API Key and Secret and share with you their Account SID, API Key and Secret instead of their Auth Token.

    An account can only have one Auth Token at a time (and they can generate a secondary if they need to replace it), however an account generate and use multiple sets of API keys. And, importantly, API Keys can be deleted to revoke their permissions. API keys are much better to use in this case.