O'Reilly logo

Twilio Best Practices by Tim Rogers

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Verifying that requests are from Twilio

If parties other than Twilio are able to make requests to your application, they can potentially change and corrupt data or access sensitive information.

Without authentication measures, if an attacker was able to guess the URLs of the endpoints on your application that Twilio hits with its webhooks, they could wreak havoc. For instance, they could spoof fake SMS messages so that they appear to come from users or they could access the private phones numbers of users they should only be able to call through a public line you provide.

There are two routes you can take to prevent this, ensuring with a reasonable degree of certainty that a request genuinely comes from Twilio:

  • Set up HTTP Basic Authentication
  • Verify ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required