Rate this page:

Prevent blocked numbers from calling your application

You may wish to block certain numbers from contacting or spamming your application's phone number. Creating a block list and using a Function that compares the incoming number to its contents will allow you to decide whether to Reject an incoming call, or Redirect it to your actual application.

The following examples will show a couple of approaches to this problem. To get started, use the following directions to create two new Functions that will form the base of this application: /filter-calls and /welcome.

Create and host a Function

In order to run any of the following examples, you will first need to create a Function into which you can paste the example code. You can create a Function using the Twilio Console or the Serverless Toolkit as explained below:

If you prefer a UI-driven approach, creating and deploying a Function can be done entirely using the Twilio Console and the following steps:

  1. Log in to the Twilio Console and navigate to the Functions tab. If you need an account, you can sign up for a free Twilio account here!
  2. Functions are contained within Services. Create a Service by clicking the Create Service button and providing a name such as test-function.
  3. Once you've been redirected to the new Service, click the Add + button and select Add Function from the dropdown.
  4. This will create a new Protected Function for you with the option to rename it. The name of the file will be path it is accessed from.
  5. Copy any one of the example code snippets from this page that you want to experiment with, and paste the code into your newly created Function. You can quickly switch examples by using the dropdown menu of the code rail.
  6. Click Save to save your Function's contents.
  7. Click Deploy All to build and deploy the Function. After a short delay, your Function will be accesible from:
    For example:

The Serverless Toolkit enables you with local development, project deployment, and other functionality via the Twilio CLI. To get up and running with these examples using Serverless Toolkit, follow this process:

  1. From the CLI, run twilio serverless:init <your-service-name> --empty to bootstrap your local environment.
  2. Navigate into your new project directory using cd <your-service-name>
  3. In the /functions directory, create a new JavaScript file that is named respective to the purpose of the Function. For example, sms-reply.protected.js for a Protected Function intended to handle incoming SMS.
  4. Populate the file using the code example of your choice and save.
    Note A Function can only export a single handler. You will want to create separate files if you want to run and/or deploy multiple examples at once.

Once your Function(s) code is written and saved, you can test it either by running it locally (and optionally tunneling requests to it via a tool like ngrok), or by deploying the Function and executing against the deployed url(s).

Run your Function in local development

Run twilio serverless:start from your CLI to start the project locally. The Function(s) in your project will be accesible from http://localhost:3000/sms-reply

  • If you want to test a Function as a Twilio webhook, run:
    twilio phone-numbers:update <your Twilio phone number> --sms-url "http://localhost:3000/sms-reply"​
    This will automatically generate an ngrok tunnel from Twilio to your locally running Function, so you can start sending texts to it. You can apply the same process but with the voice-url flag instead if you want to test with Twilio Voice.
  • If your code does not connect to Twilio Voice/Messages as a webhook, you can start your dev server and start an ngrok tunnel in the same command with the ngrok flag. For example: twilio serverless:start --ngrok=""

Deploy your Function

To deploy your Function and have access to live url(s), run twilio serverless:deploy from your CLI. This will deploy your Function(s) to Twilio under a development environment by default, where they can be accessed from:


For example:

Your Function is now ready to be invoked by HTTP requests, set as the webhook of a Twilio phone number, invoked by a Twilio Studio Run Function Widget, and more!

Block calls using a hard-coded list

To introduce the logic and TwiML involved without extra complications, this example code for /filter-calls includes a sample block list hard-coded into its body.

The Function compares the incoming phone number, provided as From when this Function is connected to your Twilio phone number as a webhook, to the contents of the block list. The resulting boolean is then used to determine whether the result should be a rejection, or a redirect to the /welcome Function.

The /welcome Function returns a welcome message to the user and primarily serves as an example of how you can still leverage Redirect verbs even within a Serverless project such as this. You're able to use the relative URL '/welcome' since the same Service contains both Functions.

To test this out, copy and paste both samples into their respective Functions, and add your personal phone number to the block list in E.164 format. Save and deploy your Service, and use the following directions to set /filter-calls as the A Call Comes In webhook handler for your Twilio phone number. The application will immediately reject your calls. If you remove your number from the block list and re-deploy, you will instead get the welcome message.

Loading Code Sample...
        Sample code for /filter-calls

        Call filter logic

        Sample code for /filter-calls
        Loading Code Sample...
              Sample code for /welcome

              Welcome message

              Sample code for /welcome

              Set a Function as a webhook

              In order for your Function to react to incoming SMS and/or voice calls, it must be set as a webhook for your Twilio number. There are a variety of methods to set a Function as a webhook, as detailed below:

              You can use the Twilio Console UI as a straigforward way of connecting your Function as a webhook:

              1. Log in to the Twilio Console's Phone Numbers page.
              2. Click on the phone number you'd like to have connected to your Function.
              3. If you want the Function to respond to incoming SMS, find the A Message Comes In option under Messaging. If you want the Function to respond to Voice, find the A Call Comes In option under Voice & Fax.
              4. Select Function from the A Message Comes In or A Call Comes In dropdown.
              5. Select the Service that you are using, then the Environment (this will default to ui unless you have created custom domains), and finally Function Path of your Function from the respective dropdown menus.
                Connect a Function as a Messaging webhook using the Function dropdowns
                • Alternatively, you could select Webhook instead of Function, and directly paste in the full URL of the Function.
                  Setting a Function as a Messaging webhook using the webhook dropdown option
              6. Click the Save button.

              You can also use the Twilio CLI to assign the Function as the webhook of you phone number. You will need a few prerequisites:

              • Twilio CLI installed and executable from your terminal.
              • Either the E.164 formatted value of your Twilio phone number (+1234567890), or its SID (PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX).
              • The full URL of your Function (

              Once you have the CLI installed and the necessary information, run the following to connect the Function to respond to incoming SMS:

              twilio phone-numbers:update +1234567890 \

              If you prefer to have the Function respond to incoming calls instead, run:

              twilio phone-numbers:update +1234567890 \

              You may also use the SID of your Twilio phone number instead of the E.164 formatted phone number:

              twilio phone-numbers:update PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \

              You can also use any of the avilable Twilio SDKs to assign the Function as the webhook of you phone number. You will need a few prerequisites:

              • A local development environment for your language of choice and the associated Twilio SDK installed.
              • The SID (PNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) of your Twilio phone number.
              • The full URL of your Function (

              In JavaScript for example, you could execute the following code to assign the SMS webhook of your Twilio phone number. The same logic would apply for assigining to a voice webhook, except that the modified property instead would be voiceUrl:

              // Download the helper library from
              // Find your Account SID and Auth Token at
              // and set the environment variables. See
              const accountSid = process.env.TWILIO_ACCOUNT_SID;
              const authToken = process.env.TWILIO_AUTH_TOKEN;
              const client = require('twilio')(accountSid, authToken);
                .update({ smsUrl: '' })
                .then((phoneNumber) => console.log(phoneNumber.smsUrl));

              Store the block list as a private Asset

              To keep your block list separate from and independent of your Function's code, one recommendation is to store the list as JSON in a private Asset. Your Function will read and parse the contents of this file using methods provided by the Runtime Client, and achieve the same functionality with more separation of concerns.

              First, create a new private Asset named blocklist.json, populate it with the sample contents (and your personal number like before, to verify the blocking works), and save the Asset. Ensure that this Asset is private in order to protect its contents and to enable helper methods such as Runtime.getAssets, which can only retrieve private Assets.

              Next, update the existing /filter-calls Function with the highlighted changes. This new code replaces the hard-coded block list array with a synchronous read of blocklist.json, and a quick JSON.parse to convert the file contents to a usable array.

              Save your changes to the Function, and deploy your updated Service. Subsequent calls to your Twilio phone number will behave exactly as before!

              Loading Code Sample...
                    Save as blocklist.json

                    Block list private Asset

                    Save as blocklist.json
                    Loading Code Sample...
                          Updates to /filter-calls

                          Block incoming calls using a private Asset

                          Updates to /filter-calls

                          Ensure that you write the Asset name as '/blocklist.json' and not 'blocklist.json'; the leading slash is necessary, as described in the Runtime.getAssets documentation.

                          Rate this page:

                          Need some help?

                          We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

                          Loading Code Sample...

                                Thank you for your feedback!

                                Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

                                Sending your feedback...
                                🎉 Thank you for your feedback!
                                Something went wrong. Please try again.

                                Thanks for your feedback!