Skip to content
BlurFirst

How to Blur the Twilio Console During Screen Sharing (Hide Account SID, Auth Token & Numbers)

7 min read

Demoing Twilio on a call? Here's how to hide the Account SID and Auth Token, your purchased phone numbers, API keys, message and call logs with recipient numbers, verified caller IDs and billing before you share your screen.

To hide credentials and customer data in the Twilio console on a screen share, blur the items in the page before you present — the Account SID and Auth Token on the dashboard, your purchased phone numbers, API keys, and the recipient numbers and message bodies in your logs. BlurFirst paints each blur into the page as real pixels, so it survives Zoom, Google Meet, Microsoft Teams, Loom, OBS and a screenshot of the shared feed.

The console is a single-page app that re-renders as you move between the dashboard, Phone Numbers and the log Monitor, so use anchored region blurs for the fixed account credentials card on the dashboard and element blur or Scan for values in tables. Start blurring with Ctrl/⌘ ⇧ Y and keep the panic hotkey Ctrl/⌘ ⇧ H ready for anything that appears mid-demo.

What the Twilio console reveals when you present it

  • Account SID and Auth Token — the console dashboard shows your Account SID (AC…) and a click-to-reveal Auth Token. Together they are full API credentials: anyone who reads them can send messages and place calls billed to you.
  • Purchased phone numbers — your active numbers and their friendly names under Phone Numbers > Manage > Active numbers.
  • API keys — Standard and Main API keys (SID SK… plus a one-time secret) under Account > API keys & tokens.
  • Messaging and Voice logsMonitor > Logs > Messaging and Calls list recipient phone numbers, SMS message bodies and call metadata — real customer PII.
  • Verified caller IDs — the outbound numbers you've verified under Phone Numbers > Verified Caller IDs.
  • Billing — account balance, usage and spend figures on the Billing pages that disclose your volume.

How to blur the Twilio console before you share

  1. 1

    Open the page you'll present

    Navigate to the dashboard, Active Numbers or the log you plan to show, and note which project or account is selected in the top-left switcher.

  2. 2

    Box-blur the credentials card

    Drag a BlurFirst box over the dashboard panel that holds the Account SID and Auth Token. As an anchored region blur, it keeps covering that card even after the single-page app re-renders.

  3. 3

    Element-blur numbers and log rows

    Click a phone number, a recipient cell or a message body in a log to frost just that element while the surrounding columns stay readable. Click again to reveal one if you need to point at it.

  4. 4

    Run Scan for numbers, keys and emails

    One click runs Scan (Pro), which detects phone numbers, API-key patterns and email addresses locally and blurs them across the visible page. Free-text message bodies aren't patterns, so cover those with an element or box blur yourself.

  5. 5

    Keep panic ready before you reveal the token

    If you must reveal the Auth Token, blur the value first or avoid clicking the reveal control on camera. If it flashes into frame, press Ctrl/⌘ ⇧ H to blur the whole page instantly.

Sensitive itemWhere it appearsBest gesture
Account SID + Auth TokenConsole dashboardBox-blur the credentials card
Purchased phone numbersPhone Numbers > Active numbersElement blur, or Scan
API keys (SK…)Account > API keys & tokensElement blur before revealing
Recipient numbers + message bodiesMonitor > Logs (Messaging/Calls)Element blur per row, or Scan
Verified caller IDsPhone Numbers > Verified Caller IDsElement blur
Balance + billing figuresBilling pagesBox-blur the totals
What to hide in the Twilio console, and the gesture that fits.

Why revealing the Auth Token once is the whole risk

Twilio keeps the Auth Token masked until you click to reveal it, and scopes it to your account — but that's access control, not presentation control. The instant you reveal it to copy it into a code snippet on a call, the full credential is in frame and in the recording, and anyone who reads it can send SMS and place calls on your account until you rotate it. The masking gates who can view the token inside the console; it doesn't manage what a viewer watching your screen reads. In-page blurring works at the presentation layer: it controls what the viewer sees, no matter what your own access is.

Set your Twilio blurs once and reuse them

If you demo or support from the console often, set the structural blurs once. BlurFirst Pro's per-site auto-apply re-applies your saved boxes — the credentials card on the dashboard — automatically each time you open console.twilio.com, and they survive the single-page-app re-render as you switch sections. The profile stores only a CSS selector for each region, never the SID, token or phone number inside it, so nothing sensitive is written to disk or uploaded.

Frequently asked questions

Can I blur the Account SID and Auth Token but still show the console?

Yes. Box-blur the credentials card on the dashboard, or element-blur the SID and token individually. The rest of the console stays readable for your walkthrough, and you can reveal an element again with a click.

Does Scan catch the phone numbers in my messaging and call logs?

Scan detects phone-number patterns, API-key patterns and email addresses locally and blurs them in one click. SMS message bodies are free text rather than patterns, so cover those with a box or element blur yourself.

What if I already revealed the Auth Token on a call?

Rotate it in the Twilio console right away and update your apps. Blurring hides the token on future calls, but it can't un-expose a credential that was already shown, so treat a revealed token as compromised.

Will the blurs survive navigating between Twilio pages?

Region blurs are anchored to a screen area, so they keep covering the credentials card as the console re-renders. Per-site auto-apply (Pro) brings your structural blurs back automatically each time the page reloads.

Does anything I blur leave the browser?

No. BlurFirst runs entirely in your browser and its only network request is a license check. Nothing you blur leaves the page, and Scan runs locally, so your account data and customer numbers never go anywhere.

Blur it before you share it.

Hide any field, region or message on a page before your next call. Nothing you blur leaves your browser.

Add to Chrome