Rate this page:

Securing your Backend Service

What is a Callback?

A callback is a function that will be executed only after the current function has finished executing. You subscribe to a callback by configuring a url which will process an incoming request and respond back in a certain format.

Validating Callbacks from Twilio Frontline

Your backend service should verify that Twilio is the service that sent a callback before responding to that request. This is important for securing sensitive data, and to protect your application and servers from abuse.

Twilio will sign all inbound requests to your application with an X-Twilio-Signature HTTP header. Twilio uses the parameters sent in the webhook (either GET or POST) and the exact URL your application supplied to Twilio to create this signature. The signature uses the HMAC-SHA1 hashing algorithm with your Twilio account's auth token as the secret key.

Your Frontline Integration Service can verify that this signature is correct using the server side Twilio SDKs (see examples below). You will need your account's auth token, the value of the X-Twilio-Signature HTTP header Twilio passed to you, the URL Twilio sent the webhook to and all of the parameters sent by Twilio.


        Validate Signature of Request

        Tutorials for Validating Incoming Twilio Requests

        You can follow one of our handy tutorials for your chosen language and web application framework. Use something we don't have on this list? Let us know, and we'll try and point you in the right direction.

        Rate this page:

        Need some help?

        We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

        Thank you for your feedback!

        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!