Menu

Expand
Rate this page:

Understanding Visibility of Functions and Assets: Public, Protected and Private

Twilio Functions and Assets can be: public, protected, or private.

Here are the differences between each of the three levels of visibility for Functions and Assets:

Public

A public Function or Asset is publicly accessible on the internet at a specific URL once deployed. For example, if you create a Function with the path /send/sms and deploy to an environment example-1234.twil.io, then your function will be publicly accessible at https://example-1234.twil.io/send/sms.

Similarly, a public Asset called ahoy.mp3 in the same Service would be accessible by anyone from https://example-1234.twil.io/ahoy.mp3.

Protected

A protected Function or Asset can be referenced via a URL as well, but requires a valid Twilio X-Twilio-Signature header in the request in order to be accessed. This empowers you to limit your Functions and Assets to only be accessible by Twilio webhooks such as an incoming call or SMS message, by Twilio Studio widgets such as the Run Function Widget or the Say/Play Widget, or by your own Functions.

This extra layer of protection makes Protected Assets particularly useful for storing sensitive information that needs to be referenced by your code or in a Studio Flow, for example, but not accessible by the public.

Private

Private Functions and Assets are library files intended only for access via other Functions. For example, you may have a set of private library Functions that enable functionality that is called from a single protected Function. Similarly, if your Function relies on a JSON file of data to read from, you can deploy that JSON file as a private asset and read it from the Function.

How to set Visibility

You can specify a Function's or Asset's visibility in the Functions Editor using the visibility dropdown.

add function.gif

If you're developing your app using the Serverless Toolkit instead of the Functions Editor, you can specify a Function's or Asset's visibility by prepending either protected or private in front of the file extension, for example: myfunction.private.js, names.protected.json, or rickroll.mp3.

Rate this page:

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Community Forums or browsing the Twilio tag on Stack Overflow.

        
        
        

        Thank you for your feedback!

        We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!

        Refer us and get $10 in 3 simple steps!

        Step 1

        Get link

        Get a free personal referral link here

        Step 2

        Give $10

        Your user signs up and upgrade using link

        Step 3

        Get $10

        1,250 free SMSes
        OR 1,000 free voice mins
        OR 12,000 chats
        OR more