Prevent blocked numbers from calling your application
You may wish to block certain numbers from contacting or spamming your application's phone number. Creating a block list and using a Function that compares the incoming number to its contents will allow you to decide whether to Reject an incoming call, or Redirect it to your actual application.
The following examples will show a couple of approaches to this problem. To get started, use the following directions to create two new Functions that will form the base of this application: /filter-calls and /welcome.
Create and host a Function
In order to run any of the following examples, you will first need to create a Function into which you can paste the example code. You can create a Function using the Twilio Console or the Serverless Toolkit as explained below:
If you prefer a UI-driven approach, creating and deploying a Function can be done entirely using the Twilio Console and the following steps:
- Log in to the Twilio Console and navigate to the Functions tab. If you need an account, you can sign up for a free Twilio account here!
- Functions are contained within Services. Create a Service by clicking the Create Service button and providing a name such as test-function.
- Once you've been redirected to the new Service, click the Add + button and select Add Function from the dropdown.
- This will create a new Protected Function for you with the option to rename it. The name of the file will be path it is accessed from.
- Copy any one of the example code snippets from this page that you want to experiment with, and paste the code into your newly created Function. You can quickly switch examples by using the dropdown menu of the code rail.
- Click Save to save your Function's contents.
- Click Deploy All to build and deploy the Function. After a short delay, your Function will be accesible from:
https://<service-name>-<random-characters>-<optional-domain-suffix>.twil.io/<function-path>
For example:test-function-3548.twil.io/hello-world.
The Serverless Toolkit enables you with local development, project deployment, and other functionality via the Twilio CLI. To get up and running with these examples using Serverless Toolkit, follow this process:
- From the CLI, run
twilio serverless:init <your-service-name> --emptyto bootstrap your local environment. - Navigate into your new project directory using
cd <your-service-name> - In the
/functionsdirectory, create a new JavaScript file that is named respective to the purpose of the Function. For example,sms-reply.protected.jsfor a Protected Function intended to handle incoming SMS. - Populate the file using the code example of your choice and save.
Note A Function can only export a single handler. You will want to create separate files if you want to run and/or deploy multiple examples at once.
Once your Function(s) code is written and saved, you can test it either by running it locally (and optionally tunneling requests to it via a tool like ngrok), or by deploying the Function and executing against the deployed url(s).
Run your Function in local development
Run twilio serverless:start from your CLI to start the project locally. The Function(s) in your project will be accesible from http://localhost:3000/sms-reply
- If you want to test a Function as a Twilio webhook, run:
twilio phone-numbers:update <your Twilio phone number> --sms-url "http://localhost:3000/sms-reply"
This will automatically generate an ngrok tunnel from Twilio to your locally running Function, so you can start sending texts to it. You can apply the same process but with thevoice-urlflag instead if you want to test with Twilio Voice. - If your code does not connect to Twilio Voice/Messages as a webhook, you can start your dev server and start an ngrok tunnel in the same command with the
ngrokflag. For example:twilio serverless:start --ngrok=""
Deploy your Function
To deploy your Function and have access to live url(s), run twilio serverless:deploy from your CLI. This will deploy your Function(s) to Twilio under a development environment by default, where they can be accessed from:
https://<service-name>-<random-characters>-dev.twil.io/<function-path>
For example: https://incoming-sms-examples-3421-dev.twil.io/sms-reply
Your Function is now ready to be invoked by HTTP requests, set as the webhook of a Twilio phone number, invoked by a Twilio Studio Run Function Widget, and more!
Block calls using a hard-coded list
To introduce the logic and TwiML involved without extra complications, this example code for /filter-calls includes a sample block list hard-coded into its body.
The Function compares the incoming phone number, provided as From when this Function is connected to your Twilio phone number as a webhook, to the contents of the block list. The resulting boolean is then used to determine whether the result should be a rejection, or a redirect to the /welcome Function.
The /welcome Function returns a welcome message to the user and primarily serves as an example of how you can still leverage Redirect verbs even within a Serverless project such as this. You're able to use the relative URL '/welcome' since the same Service contains both Functions.
To test this out, copy and paste both samples into their respective Functions, and add your personal phone number to the block list in E.164 format. Save and deploy your Service, and use the following directions to set /filter-calls as the A Call Comes In webhook handler for your Twilio phone number. The application will immediately reject your calls. If you remove your number from the block list and re-deploy, you will instead get the welcome message.
Set a Function as a webhook
In order for your Function to react to incoming SMS and/or voice calls, it must be set as a webhook for your Twilio number. There are a variety of methods to set a Function as a webhook, as detailed below:
You can use the Twilio Console UI as a straigforward way of connecting your Function as a webhook:
- Log in to the Twilio Console's Phone Numbers page.
- Click on the phone number you'd like to have connected to your Function.
- If you want the Function to respond to incoming SMS, find the A Message Comes In option under Messaging. If you want the Function to respond to Voice, find the A Call Comes In option under Voice & Fax.
- Select Function from the A Message Comes In or A Call Comes In dropdown.
- Select the Service that you are using, then the Environment (this will default to
uiunless you have created custom domains), and finally Function Path of your Function from the respective dropdown menus.
- Alternatively, you could select Webhook instead of Function, and directly paste in the full URL of the Function.
- Alternatively, you could select Webhook instead of Function, and directly paste in the full URL of the Function.
- Click the Save button.
You can also use the Twilio CLI to assign the Function as the webhook of you phone number. You will need a few prerequisites:
- Twilio CLI installed and executable from your terminal.
- Either the E.164 formatted value of your Twilio phone number (
+1234567890), or its SID (PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX). - The full URL of your Function (
https://test-1337.twil.io/my-test-function)
Once you have the CLI installed and the necessary information, run the following to connect the Function to respond to incoming SMS:
twilio phone-numbers:update +1234567890 \
--sms-url https://test-1337.twil.io/my-test-functionIf you prefer to have the Function respond to incoming calls instead, run:
twilio phone-numbers:update +1234567890 \
--voice-url https://test-1337.twil.io/my-test-functionYou may also use the SID of your Twilio phone number instead of the E.164 formatted phone number:
twilio phone-numbers:update PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \
--sms-url https://test-1337.twil.io/my-test-functionYou can also use any of the avilable Twilio SDKs to assign the Function as the webhook of you phone number. You will need a few prerequisites:
- A local development environment for your language of choice and the associated Twilio SDK installed.
- The SID (
PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) of your Twilio phone number. - The full URL of your Function (
https://test-1337.twil.io/my-test-function).
In JavaScript for example, you could execute the following code to assign the SMS webhook of your Twilio phone number. The same logic would apply for assigining to a voice webhook, except that the modified property instead would be voiceUrl:
// Download the helper library from https://www.twilio.com/docs/node/install
// Find your Account SID and Auth Token at twilio.com/console
// and set the environment variables. See http://twil.io/secure
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken);
client
.incomingPhoneNumbers('PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
.update({ smsUrl: 'https://test-1337.twil.io/my-test-function' })
.then((phoneNumber) => console.log(phoneNumber.smsUrl));
Store the block list as a private Asset
To keep your block list separate from and independent of your Function's code, one recommendation is to store the list as JSON in a private Asset. Your Function will read and parse the contents of this file using methods provided by the Runtime Client, and achieve the same functionality with more separation of concerns.
First, create a new private Asset named blocklist.json, populate it with the sample contents (and your personal number like before, to verify the blocking works), and save the Asset. Ensure that this Asset is private in order to protect its contents and to enable helper methods such as Runtime.getAssets, which can only retrieve private Assets.
Next, update the existing /filter-calls Function with the highlighted changes. This new code replaces the hard-coded block list array with a synchronous read of blocklist.json, and a quick JSON.parse to convert the file contents to a usable array.
Save your changes to the Function, and deploy your updated Service. Subsequent calls to your Twilio phone number will behave exactly as before!
Ensure that you write the Asset name as '/blocklist.json' and not 'blocklist.json'; the leading slash is necessary, as described in the Runtime.getAssets documentation.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.
