# 20101: Invalid Access Token

Log Type: TWILIO

Log Level: ERROR

## Description

The Access Token provided to the Twilio API was invalid.

Twilio Access Tokens are short-lived `JWT` credentials used to authenticate client-side SDKs for Voice, Conversations, Sync, and Video, with a maximum configurable lifetime of up to 24 hours.

### Possible causes

* The value supplied is not a valid Twilio Access Token (for example, it is not a `JWT` with the required header and payload structure expected by Twilio Access Tokens).

### Possible solutions

* Regenerate a fresh Access Token on your server using your Account SID and an API Key/Secret, following the Access Token creation guide.
* Ensure the token header contains `typ`=`"JWT"`, `alg`=`"HS256"`, and `cty`=`"twilio-fpa;v=1"`.
* Verify the payload fields: `iss` must be the API Key SID used to sign the token and `sub` must be the Twilio Account SID the token is scoped to; include standard claims like `jti`, `iat`, and set `exp` within the allowed window.
* Keep tokens short-lived (maximum 24 hours) and generate them per-session as recommended.
* Include the product-specific grants required by your SDK. For example, Video requires an `identity` grant and a `VideoGrant`.
* Use the Twilio Console Debugger and Error Logs to inspect failing requests and review error details during troubleshooting.

#### Additional resources

* [Access Tokens](/docs/iam/access-tokens)
* [Debugging Your Twilio Application](/docs/usage/troubleshooting/debugging-your-application)
* [Debugging Tools](/docs/messaging/guides/debugging-tools)