Headers and cookies
Functions allow you to access and set headers and cookies on incoming requests as well as your responses, as set forth in this documentation. Any controls, management, and configuration related to your use of headers and cookies, including compliance with applicable laws, is your responsibility and outside of Twilio’s control. If you have questions about your legal obligations with respect to headers and cookies, please consult with your legal counsel.
For users of Runtime Handler 1.2.0
or later, Functions allow developers to access the HTTP Headers passed along with incoming requests. This will enable developers to take advantage of Cookies, CORS, and other features that headers enable.
What are headers?
HTTP headers are small pieces of metadata that can be passed between clients and servers as part of the request/response life-cycle. For example, a request might include headers that contain more information about the resource being fetched or the client making the request.
It is also common to pass authentication values and API Keys as headers. For example, Twilio validates its webhook requests by including the X-Twilio-Signature HTTP header in requests.
Using the following request as an example, we can see that it includes headers describing the request's metadata such as Host
, Content-Type
, and Content-Length
. In addition, there is an Authorization
header that contains an auth token for identifying the request's user.
GET /example HTTP/1.1
Host: test-4321.twil.io
Authorization: 123abc
Content-Type: application/json
Content-Length: 23
{
"body": "Ahoy!"
}
What are cookies?
Cookies are a special kind of header which are typically used to tell if requests are coming from the same client or browser. On the web, they are commonly used for tracking session management (your authentication token and/or shopping cart), enabling personalization (site theme and/or preferences), and tracking of your behavior when browsing a site.
Getting started
Header support is not available for Functions Classic. Please consider migrating to the current version of Functions if you are still using Classic.
To enable headers, you must set the @twilio/runtime-handler
Dependency version to 1.2.0
or later in the Functions Editor or your project's package.json
if using the Serverless Toolkit. Once you redeploy your Function, headers will be accessible in your Function code.
What's next?
Now that you have your Runtime Handler updated, you are ready to work with headers and cookies in your Functions! Explore these resources to learn more about how to work with them and what you can build.
- Learn how to access headers and cookies that are sent to your Functions
- Check out this guide on how to set and modify headers and cookies that your Functions respond with
- Make sure you understand the limitations on headers
- Learn how to protect access to your Function using Basic Authentication
- Validate the identity of users by leveraging JSON Web Token (JWT)
- Update your Function to enable CORS between it and a Flex Plugin
- Create a Function that integrates with SendGrid and validates incoming events
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.