# 20102: Invalid Access Token header

Log Type: TWILIO

Log Level: ERROR

## Description

This error occurs when the header of the Access Token sent to a Twilio API does not meet Twilio's expected format/values for a JWT header.

Twilio Access Tokens are JWTs whose header must include the fields `typ`, `alg`, and `cty` with specific required values. If these are missing or incorrect, the token will be rejected.

### Possible causes

* The Access Token header does not contain the required `typ` field with value `JWT`.
* The Access Token header uses an unsupported signing algorithm (e.g., anything other than `HS256`) in the `alg` field.
* The Access Token header omits the `cty` field or sets it to a value other than `twilio-fpa;v=1`.

### Possible solutions

* Regenerate the Access Token using a Twilio SDK `AccessToken` helper to ensure the header is formed correctly, then serialize with `toJwt()`.
* Verify the header fields and values before issuing tokens:
  * Set `typ` to `JWT`.
  * Set `alg` to `HS256`.
  * Set `cty` to `twilio-fpa;v=1`.

#### Additional resources

* [Access Tokens](/docs/iam/access-tokens)
* [Issuing Sync Tokens](/docs/sync/identity-and-access-tokens)
* [Generate Twilio Access Tokens in Python](https://www.twilio.com/en-us/blog/twilio-access-tokens-python)