Twilio REST API uses AccountSid and Auth Token to authenticate API requests.
There is only one Auth Token by default, and it must be kept private to avoid the risk of being compromised. However, if your Auth Token is compromised for some reason, rotate it by creating a secondary Auth Token so that the leaked token becomes useless.
Then, you can promote the secondary Auth Token to primary token. This will remove the old primary token and render it useless.
To create a secondary Auth Token, make a request to the Create secondary Auth Token endpoint.
To promote your secondary Auth Token to primary, make a request to the Promote Secondary Auth Token endpoint.