Rate this page:

Validate Webhook requests from SendGrid

This example uses headers and cookies, which are only accessible when your Function is running @twilio/runtime-handler version 1.2.0 or later. Consult the Runtime Handler guide to learn more about the latest version and how to update.

Protecting your Twilio Functions from non-Twilio requests is usually just a matter of setting a Function's visibility to Protected. However, if you'd like to create a Function that's intended to only handle incoming Webhook requests from a product such as SendGrid, validation will require some manual inspection of headers, which are now accessible!

In this example, we'll create a Function which will serve as the Event Webhook for your SendGrid account. The Function will validate if the incoming request came from SendGrid, and send a text message to a designated phone number if an email has been opened.

Create and host a Function

In order to run any of the following examples, you will first need to create a Function into which you can paste the example code. You can create a Function using the Twilio Console or the Serverless Toolkit as explained below:

If you prefer a UI-driven approach, creating and deploying a Function can be done entirely using the Twilio Console and the following steps:

  1. Log in to the Twilio Console and navigate to the Functions tab. If you need an account, you can sign up for a free Twilio account here!
  2. Functions are contained within Services. Create a Service by clicking the Create Service button and providing a name such as test-function.
  3. Once you've been redirected to the new Service, click the Add + button and select Add Function from the dropdown.
  4. This will create a new Protected Function for you with the option to rename it. The name of the file will be path it is accessed from.
  5. Copy any one of the example code snippets from this page that you want to experiment with, and paste the code into your newly created Function. You can quickly switch examples by using the dropdown menu of the code rail.
  6. Click Save to save your Function's contents.
  7. Click Deploy All to build and deploy the Function. After a short delay, your Function will be accesible from:
    For example:

The Serverless Toolkit enables you with local development, project deployment, and other functionality via the Twilio CLI. To get up and running with these examples using Serverless Toolkit, follow this process:

  1. From the CLI, run twilio serverless:init <your-service-name> --empty to bootstrap your local environment.
  2. Navigate into your new project directory using cd <your-service-name>
  3. In the /functions directory, create a new JavaScript file that is named respective to the purpose of the Function. For example, sms-reply.protected.js for a Protected Function intended to handle incoming SMS.
  4. Populate the file using the code example of your choice and save.
    Note A Function can only export a single handler. You will want to create separate files if you want to run and/or deploy multiple examples at once.

Once your Function(s) code is written and saved, you can test it either by running it locally (and optionally tunneling requests to it via a tool like ngrok), or by deploying the Function and executing against the deployed url(s).

Run your Function in local development

Run twilio serverless:start from your CLI to start the project locally. The Function(s) in your project will be accesible from http://localhost:3000/sms-reply

  • If you want to test a Function as a Twilio webhook, run:
    twilio phone-numbers:update <your Twilio phone number> --sms-url "http://localhost:3000/sms-reply"​
    This will automatically generate an ngrok tunnel from Twilio to your locally running Function, so you can start sending texts to it. You can apply the same process but with the voice-url flag instead if you want to test with Twilio Voice.
  • If your code does not connect to Twilio Voice/Messages as a webhook, you can start your dev server and start an ngrok tunnel in the same command with the ngrok flag. For example: twilio serverless:start --ngrok=""

Deploy your Function

To deploy your Function and have access to live url(s), run twilio serverless:deploy from your CLI. This will deploy your Function(s) to Twilio under a development environment by default, where they can be accessed from:


For example:

Your Function is now ready to be invoked by HTTP requests, set as the webhook of a Twilio phone number, invoked by a Twilio Studio Run Function Widget, and more!

Loading Code Sample...

        Validate Webhook requests from SendGrid

        Create your Function and connect it to SendGrid

        1. First, create a new sendgrid-email Service and add a Public /events/email Function. Delete the default contents of the Function, and paste in the code snippet provided on this page.
        2. Create a free SendGrid account.
        3. Follow the instructions here to set up a SendGrid Event Webhook. Paste the URL of your newly created Function as the unique URL for the Event Webhook. (it will look like
          sendgrid event webhook url.png
        4. Follow these steps to enable the Signed Event Webhook Requests. This will add signed SendGrid headers to incoming webhook requests, which we can then use to validate requests!
          Enable SendGrid Signed Event Webhook Requests
        5. Copy the generated Verification Key from the last step, and save it as an Environment variable in Runtime as SENDGRID_WEBHOOK_PUBLIC_KEY. While here, also save your TWILIO_PHONE_NUMBER (from the Twilio console) and a NOTIFY_PHONE_NUMBER (this could be your personal phone number for now)
          Set SendGrid verification key as an environment variable
        6. Add the @sendgrid/eventwebhook dependency as *, and ensure that the @twilio/runtime-handler dependency is set to version 1.3.0 or later to enable headers.
          sendgrid webhook dependency.png
        7. Save your Function and deploy it by clicking on Deploy All.
          sendgrid email deploy all.png

        Validate your code

        Now that you've deployed your Function, it's time to validate that your code and its integration with SendGrid is working properly. In order to do so, you'll need to generate some email events. This will be accomplished with a short script written in JavaScript and using the @sendgrid/mail library.

        Setup environment variables

        First, grab your SendGrid API Key (or create one!). For security, we'll be setting it as an environment variable and using it in our code instead of directly hard-coding it. You can do so by performing the following commands in your terminal, making sure to replace the YOUR_API_KEY placeholder with your own key.

        echo "export SENDGRID_API_KEY='YOUR_API_KEY'" > sendgrid.env
        echo "sendgrid.env" >> .gitignore
        source ./sendgrid.env

        Install the helper library

        Next, use npm or yarn to install the Node.js SendGrid helper library which will enable you to send emails using JavaScript. If you already have Node.js installed, it's very likely you already have npm available and ready to use.

        npm install --save @sendgrid/mail

        If you prefer yarn instead:

        yarn add @sendgrid/mail

        Add and verify a Sender Identity

        Before you can successfully send an email, you'll need to verify an email address or domain in the Sender Authentication tab. Without this you will receive a 403 Forbidden response when attempting to send mail.

        Send a test email

        Once you have prepared your environment variables, installed the SendGrid helper library, and your email has been validated, you're ready to send some emails and create some events.

        Create a new file such as send-email.js, and paste in the following snippet. Be sure to replace the from variable with your verified email address from earlier, as well as the to variable (in this case, you can use your verified email address here as well). Save the file.

        // Using Twilio SendGrid's v3 Node.js Library
        const sgMail = require('@sendgrid/mail');
            from: '', // Change to your verified sender
            to: '', // Change to your recipient
            subject: 'Sending with Twilio SendGrid is Fun',
            text: 'and easy to do anywhere, even with Node.js',
            html: '<strong>and easy to do anywhere, even with Node.js</strong>',
          .then(() => {
            console.log('Email sent');
          .catch((error) => {

        Once the script is saved, you can send your test email by executing the script with Node.js:

        node send-email.js

        Check your texts

        Once you've received your email and opened it, you should receive a text message from your Function a short time later!

        If you would like to expedite this process a bit and not wait for the open event itself, you could modify line 95 of the Function body to instead check for delivered events instead. A delivered event will be emitted and processed by your Function almost immediately after executing the send-email script.

        Rate this page:

        Need some help?

        We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.

        Loading Code Sample...

              Thank you for your feedback!

              Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

              Sending your feedback...
              🎉 Thank you for your feedback!
              Something went wrong. Please try again.

              Thanks for your feedback!