Prevent blocked numbers from calling your application
You may wish to block certain numbers from contacting or spamming your application's phone number. Creating a block list and using a Function that compares the incoming number to its contents will allow you to decide whether to Reject an incoming call, or Redirect it to your actual application.
The following examples will show a couple of approaches to this problem. To get started, use the following directions to create two new Functions that will form the base of this application: /filter-calls and /welcome.
Create and host a Function
In order to run any of the following examples, you will first need to create a Function into which you can paste the example code. You can create a Function using the Twilio Console or the Serverless Toolkit as explained below:
ConsoleServerless Toolkit
If you prefer a UI-driven approach, creating and deploying a Function can be done entirely using the Twilio Console and the following steps:
Log in to the Twilio Console and navigate to the
Functions tab
. If you need an account, you can sign up for a free Twilio account
here
!
Functions are contained within
Services
. Create a
Service
by clicking the
Create Service
button and providing a name such as
test-function
.
Once you've been redirected to the new Service, click the
Add +
button and select
Add Function
from the dropdown.
This will create a new
Protected
Function for you with the option to rename it. The name of the file will be path it is accessed from.
Copy any one of the example code snippets from this page that you want to experiment with, and paste the code into your newly created Function. You can quickly switch examples by using the dropdown menu of the code rail.
Click
Save
to save your Function's contents.
Click
Deploy All
to build and deploy the Function. After a short delay, your Function will be accessible from:
https://<service-name>-<random-characters>-<optional-domain-suffix>.twil.io/<function-path>
For example:
test-function-3548.twil.io/hello-world
.
The Serverless Toolkit enables you with local development, project deployment, and other functionality via the Twilio CLI. To get up and running with these examples using Serverless Toolkit, follow this process:
From the CLI, run
twilio serverless:init <your-service-name> --empty
to bootstrap your local environment.
Navigate into your new project directory using
cd <your-service-name>
In the
/functions
directory, create a new JavaScript file that is named respective to the purpose of the Function. For example,
sms-reply.protected.js
for a
Protected
Function intended to handle incoming SMS.
Populate the file using the code example of your choice and save.
Note
A Function can only export a single handler. You will want to create separate files if you want to run and/or deploy multiple examples at once.
Once your Function(s) code is written and saved, you can test it either by running it locally (and optionally tunneling requests to it via a tool like ngrok), or by deploying the Function and executing against the deployed url(s).
Run your Function in local development
Run twilio serverless:start from your CLI to start the project locally. The Function(s) in your project will be accessible from http://localhost:3000/sms-reply
If you want to test a Function as a
Twilio webhook
, run:
twilio phone-numbers:update <your Twilio phone number> --sms-url "http://localhost:3000/sms-reply"
This will automatically generate an ngrok tunnel from Twilio to your locally running Function, so you can start sending texts to it. You can apply the same process but with the
voice-url
flag instead if you want to test with
Twilio Voice
.
If your code does
not
connect to Twilio Voice/Messages as a webhook, you can start your dev server and start an ngrok tunnel in the same command with the
ngrok
flag. For example:
twilio serverless:start --ngrok=""
Deploy your Function
To deploy your Function and have access to live url(s), run twilio serverless:deploy from your CLI. This will deploy your Function(s) to Twilio under a development environment by default, where they can be accessed from:
For example: https://incoming-sms-examples-3421-dev.twil.io/sms-reply
Your Function is now ready to be invoked by HTTP requests, set as the webhook of a Twilio phone number, invoked by a Twilio Studio Run Function Widget, and more!
Block calls using a hard-coded list
To introduce the logic and TwiML involved without extra complications, this example code for /filter-calls includes a sample block list hard-coded into its body.
The Function compares the incoming phone number, provided as From when this Function is connected to your Twilio phone number as a webhook, to the contents of the block list. The resulting Boolean is then used to determine whether the result should be a rejection, or a redirect to the /welcome Function.
The /welcome Function returns a welcome message to the user and primarily serves as an example of how you can still leverage Redirect verbs even within a Serverless project such as this. You're able to use the relative URL '/welcome' since the same Service contains both Functions.
To test this out, copy and paste both samples into their respective Functions, and add your personal phone number to the block list in E.164 format. Save and deploy your Service, and use the following directions to set /filter-calls as the A Call Comes In webhook handler for your Twilio phone number. The application will immediately reject your calls. If you remove your number from the block list and re-deploy, you will instead get the welcome message.
Call filter logic
Sample code for /filter-calls
1
exports.handler=(context,event,callback)=>{
2
// Prepare a new Voice TwiML object that will control Twilio's response
3
// to the incoming call
4
consttwiml= newTwilio.twiml.VoiceResponse();
5
// The incoming phone number is provided by Twilio as the `From` property
6
constincomingNumber=event.From;
7
8
// This is an example of a blocklist hard-coded into the Function
// If the number is not blocked, redirect call to the webhook that
17
// handles allowed callers
18
twiml.redirect('/welcome');
19
}
20
21
returncallback(null, twiml);
22
};
Welcome message
Sample code for /welcome
1
exports.handler=(context,event,callback)=>{
2
consttwiml= newTwilio.twiml.VoiceResponse();
3
twiml.say("Hello, congratulations! You aren't blocked!");
4
returncallback(null, twiml);
5
};
Set a Function as a webhook
In order for your Function to react to incoming SMS and/or voice calls, it must be set as a webhook for your Twilio number. There are a variety of methods to set a Function as a webhook, as detailed below:
Twilio ConsoleTwilio CLITwilio SDKs
You can use the Twilio Console UI as a straightforward way of connecting your Function as a webhook:
Click on the phone number you'd like to have connected to your Function.
If you want the Function to respond to incoming SMS, find the
A Message Comes In
option under
Messaging
. If you want the Function to respond to Voice, find the
A Call Comes In
option under
Voice & Fax
.
Select
Function
from the
A Message Comes In
or
A Call Comes In
dropdown.
Select the
Service
that you are using, then the
Environment
(this will default to
ui
unless you have created
custom domains
), and finally
Function Path
of your Function from the respective dropdown menus.
Alternatively, you could select
Webhook
instead of Function, and directly paste in the full URL of the Function.
Click the
Save
button.
You can also use the Twilio CLI to assign the Function as the webhook of you phone number. You will need a few prerequisites:
Twilio CLI installed and executable from your terminal.
Either the
E.164
formatted value of your Twilio phone number (
+1234567890
), or its SID (
PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
).
The full URL of your Function (
https://test-1337.twil.io/my-test-function
)
Once you have the CLI installed and the necessary information, run the following to connect the Function to respond to incoming SMS:
You can also use any of the available Twilio SDKs to assign the Function as the webhook of you phone number. You will need a few prerequisites:
A local development environment for your language of choice and the associated Twilio SDK installed.
The SID (
PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
) of your Twilio phone number.
The full URL of your Function (
https://test-1337.twil.io/my-test-function
).
In JavaScript for example, you could execute the following code to assign the SMS webhook of your Twilio phone number. The same logic would apply for assigning to a voice webhook, except that the modified property instead would be voiceUrl:
1
// Download the helper library from https://www.twilio.com/docs/node/install
2
// Find your Account SID and Auth Token at twilio.com/console
3
// and set the environment variables. See http://twil.io/secure
To keep your block list separate from and independent of your Function's code, one recommendation is to store the list as JSON in a privateAsset. Your Function will read and parse the contents of this file using methods provided by the Runtime Client, and achieve the same functionality with more separation of concerns.
First, create a new private Asset named blocklist.json, populate it with the sample contents (and your personal number like before, to verify the blocking works), and save the Asset. Ensure that this Asset is private in order to protect its contents and to enable helper methods such as Runtime.getAssets, which can only retrieve private Assets.
Next, update the existing /filter-calls Function with the highlighted changes. This new code replaces the hard-coded block list array with a synchronous read of blocklist.json, and a quick JSON.parse to convert the file contents to a usable array.
Save your changes to the Function, and deploy your updated Service. Subsequent calls to your Twilio phone number will behave exactly as before!
Block list private Asset
Save as blocklist.json
["+14075550100","+18025550100"]
Block incoming calls using a private Asset
Updates to /filter-calls
1
exports.handler=(context,event,callback)=>{
2
// Prepare a new Voice TwiML object that will control Twilio's response
3
// to the incoming call
4
consttwiml= newTwilio.twiml.VoiceResponse();
5
// The incoming phone number is provided by Twilio as the `From` property
6
constincomingNumber=event.From;
7
8
// Open the contents of the private Asset containing the blocklist
// If the number is not blocked, redirect call to the webhook that
19
// handles allowed callers
20
twiml.redirect('/welcome');
21
}
22
23
returncallback(null, twiml);
24
};
(warning)
Warning
Ensure that you write the Asset name as '/blocklist.json' and not 'blocklist.json'; the leading slash is necessary, as described in the Runtime.getAssets documentation.