Validate Webhook requests from SendGrid
This example uses headers and cookies, which are only accessible when your Function is running @twilio/runtime-handler
version 1.2.0
or later. Consult the Runtime Handler guide to learn more about the latest version and how to update.
Protecting your Twilio Functions from non-Twilio requests is usually just a matter of setting a Function's visibility to Protected
. However, if you'd like to create a Function that's intended to only handle incoming Webhook requests from a product such as SendGrid, validation will require some manual inspection of headers, which are now accessible!
In this example, we'll create a Function which will serve as the Event Webhook for your SendGrid account. The Function will validate if the incoming request came from SendGrid, and send a text message to a designated phone number if an email has been opened.
Create and host a Function
In order to run any of the following examples, you will first need to create a Function into which you can paste the example code. You can create a Function using the Twilio Console or the Serverless Toolkit as explained below:
If you prefer a UI-driven approach, creating and deploying a Function can be done entirely using the Twilio Console and the following steps:
- Log in to the Twilio Console and navigate to the Functions tab. If you need an account, you can sign up for a free Twilio account here!
- Functions are contained within Services. Create a Service by clicking the Create Service button and providing a name such as test-function.
- Once you've been redirected to the new Service, click the Add + button and select Add Function from the dropdown.
- This will create a new Protected Function for you with the option to rename it. The name of the file will be path it is accessed from.
- Copy any one of the example code snippets from this page that you want to experiment with, and paste the code into your newly created Function. You can quickly switch examples by using the dropdown menu of the code rail.
- Click Save to save your Function's contents.
- Click Deploy All to build and deploy the Function. After a short delay, your Function will be accesible from:
https://<service-name>-<random-characters>-<optional-domain-suffix>.twil.io/<function-path>
For example:test-function-3548.twil.io/hello-world
.
The Serverless Toolkit enables you with local development, project deployment, and other functionality via the Twilio CLI. To get up and running with these examples using Serverless Toolkit, follow this process:
- From the CLI, run
twilio serverless:init <your-service-name> --empty
to bootstrap your local environment. - Navigate into your new project directory using
cd <your-service-name>
- In the
/functions
directory, create a new JavaScript file that is named respective to the purpose of the Function. For example,sms-reply.protected.js
for a Protected Function intended to handle incoming SMS. - Populate the file using the code example of your choice and save.
Note A Function can only export a single handler. You will want to create separate files if you want to run and/or deploy multiple examples at once.
Once your Function(s) code is written and saved, you can test it either by running it locally (and optionally tunneling requests to it via a tool like ngrok), or by deploying the Function and executing against the deployed url(s).
Run your Function in local development
Run twilio serverless:start
from your CLI to start the project locally. The Function(s) in your project will be accesible from http://localhost:3000/sms-reply
- If you want to test a Function as a Twilio webhook, run:
twilio phone-numbers:update <your Twilio phone number> --sms-url "http://localhost:3000/sms-reply"
This will automatically generate an ngrok tunnel from Twilio to your locally running Function, so you can start sending texts to it. You can apply the same process but with thevoice-url
flag instead if you want to test with Twilio Voice. - If your code does not connect to Twilio Voice/Messages as a webhook, you can start your dev server and start an ngrok tunnel in the same command with the
ngrok
flag. For example:twilio serverless:start --ngrok=""
Deploy your Function
To deploy your Function and have access to live url(s), run twilio serverless:deploy
from your CLI. This will deploy your Function(s) to Twilio under a development environment by default, where they can be accessed from:
https://<service-name>-<random-characters>-dev.twil.io/<function-path>
For example: https://incoming-sms-examples-3421-dev.twil.io/sms-reply
Your Function is now ready to be invoked by HTTP requests, set as the webhook of a Twilio phone number, invoked by a Twilio Studio Run Function Widget, and more!
Create your Function and connect it to SendGrid
- First, create a new
sendgrid-email
Service and add a Public/events/email
Function. Delete the default contents of the Function, and paste in the code snippet provided on this page. - Create a free SendGrid account.
- Follow the instructions here to set up a SendGrid Event Webhook. Paste the URL of your newly created Function as the unique URL for the Event Webhook. (it will look like
https://sendgrid-email-5877.twil.io/events/email
) - Follow these steps to enable the Signed Event Webhook Requests. This will add signed SendGrid headers to incoming webhook requests, which we can then use to validate requests!
- Copy the generated Verification Key from the last step, and save it as an Environment variable in Runtime as
SENDGRID_WEBHOOK_PUBLIC_KEY
. While here, also save yourTWILIO_PHONE_NUMBER
(from the Twilio console) and aNOTIFY_PHONE_NUMBER
(this could be your personal phone number for now) - Add the
@sendgrid/eventwebhook
dependency as*
, and ensure that the@twilio/runtime-handler
dependency is set to version1.3.0
or later to enable headers. - Save your Function and deploy it by clicking on Deploy All.
Validate your code
Now that you've deployed your Function, it's time to validate that your code and its integration with SendGrid is working properly. In order to do so, you'll need to generate some email events. This will be accomplished with a short script written in JavaScript and using the @sendgrid/mail
library.
Setup environment variables
First, grab your SendGrid API Key (or create one!). For security, we'll be setting it as an environment variable and using it in our code instead of directly hard-coding it. You can do so by performing the following commands in your terminal, making sure to replace the YOUR_API_KEY
placeholder with your own key.
echo "export SENDGRID_API_KEY='YOUR_API_KEY'" > sendgrid.env
echo "sendgrid.env" >> .gitignore
source ./sendgrid.env
Install the helper library
Next, use npm or yarn to install the Node.js SendGrid helper library which will enable you to send emails using JavaScript. If you already have Node.js installed, it's very likely you already have npm available and ready to use.
Add and verify a Sender Identity
Before you can successfully send an email, you'll need to verify an email address or domain in the Sender Authentication tab. Without this you will receive a 403 Forbidden
response when attempting to send mail.
Send a test email
Once you have prepared your environment variables, installed the SendGrid helper library, and your email has been validated, you're ready to send some emails and create some events.
Create a new file such as send-email.js
, and paste in the following snippet. Be sure to replace the from
variable with your verified email address from earlier, as well as the to
variable (in this case, you can use your verified email address here as well). Save the file.
// Using Twilio SendGrid's v3 Node.js Library
// https://github.com/sendgrid/sendgrid-nodejs
const sgMail = require('@sendgrid/mail');
sgMail.setApiKey(process.env.SENDGRID_API_KEY);
sgMail
.send({
from: 'test@example.com', // Change to your verified sender
to: 'test@example.com', // Change to your recipient
subject: 'Sending with Twilio SendGrid is Fun',
text: 'and easy to do anywhere, even with Node.js',
html: '<strong>and easy to do anywhere, even with Node.js</strong>',
})
.then(() => {
console.log('Email sent');
})
.catch((error) => {
console.error(error);
});
Once the script is saved, you can send your test email by executing the script with Node.js:
node send-email.js
Check your texts
Once you've received your email and opened it, you should receive a text message from your Function a short time later!
If you would like to expedite this process a bit and not wait for the open
event itself, you could modify line 95 of the Function body to instead check for delivered
events instead. A delivered
event will be emitted and processed by your Function almost immediately after executing the send-email
script.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.