Understanding Visibility: Public, Protected and Private Functions and Assets

When you create Functions or Assets, you must specify their Visibility. There are three options:

Public

A public Function or Asset is publically accessible on the internet at a specific URL once deployed. For example, if you create a Function with the path /send/sms and deploy to an environment ui-1234-example.twil.io then your function will be publically accessible at https://ui-1234-example.twil.io/send/sms.

Protected

A protected Function or Asset requires a valid Twilio request signature to be accessed. This means that the Function or Asset is only accessible if the request to access it contains the X-Twilio-Signature header and the signature is valid. This means you can limit your Functions and Assets only to be accessible to Twilio webhooks, such as on an incoming call or SMS message. Configure a phone number on the Twilio console to set a Function as the response to a webhook.

Private

Private Functions and Assets are library files intended only for access via other Functions. For example, you may have a set of private library Functions that enable functionality that is called from a single protected Function. Or if your Function relied on a JSON file of data to read from, you can deploy that JSON file as a private asset and read it from the Function.

Example: Including a private Function in another function.

exports.handler = function(context, event, callback) {
	
	// First, get the path for the Function
	let path = Runtime.getFunctions()['function-path'].path;
	
	// Next, simply use the standard require() to bring the library into scope
	let zoltar = require(path);
	
	// Finally, use the module as you would any other 
	console.log('The answer to your riddle is: ' + zoltar.ask());
	
	callback();
}