# 20003: Permission Denied

Log Type: APPLICATION

Log Level: ERROR

## Description

#### Authenticating requests to the Twilio API

All requests to sensitive areas of the Twilio API must use [HTTP Basic Authentication](http://en.wikipedia.org/wiki/Basic_access_authentication). Authenticate using your Account SID as the username, and your Auth Token as the password. Both can be found in the [Twilio Console](/console/account/settings).

You can also generate revocable [API Keys](/docs/iam/api-keys/key-resource-v2010) to authenticate.

You can also use [OAuth Access token](/docs/iam/oauth-apps/overview) to authenticate.

You may want to consider using a [Twilio helper library](/docs/libraries) (available in PHP, .NET, Java, Ruby, Python and Node.js) as they will take care of authentication for you.

### Possible causes

* Using the wrong combination of Account SID and Auth Token
* Using Test Credentials to access your Live Account
* Using subaccount credentials to access master account
* Previous Auth Token has been deleted
* Attempted API Key has been deleted
* Account is suspended or closed
* Extra characters or spaces in the supplied credentials
* Web proxy is stripping out credentials before forwarding to Twilio
* Using JWT with Auth Token rather than API Key
* Attempted API Key is for the incorrect Twilio Region
* OAuth access token is incorrect or expired

### Possible solutions

* Verify the Account SID and Auth Token are correct
* Verify the correct Account is being accessed
* Ensure the Account is active, not suspended or closed
* Ensure no extra characters or spaces are being included
* Ensure JWT is only used with API Key
* Ensure the API Key's Twilio Region matches the request's specified Twilio Region
* Generate new OAuth access token and try again