Twilio’s APIs (Application Programming Interfaces) power its platform for communications. Behind these APIs is a software layer connecting and optimizing communications networks around the world to allow your users to call and message anyone, globally.
API is short for ‘Application Programming Interface’ . An API is a set of rules that lets programs talk to each other, exposing data and functionality across the Internet in a consistent format.
REST stands for ‘Representational State Transfer’. This is an architectural pattern that describes how distributed systems can expose a consistent interface. When people use the term ‘REST API’, they are generally referring to an API accessed using the HTTP protocol at a predefined set of URLs.
These URLs represent various resources — any information or content accessed at that location, which can be returned as JSON, HTML, audio files, or images. Often resources have one or more methods that can be performed on them over HTTP, like
DELETE. The action represented by the first and last of these is clear, but
PUT have specific meanings. How they are defined is confusing, but the general rule is: use
POST to create resources, and
PUT to update resources.
Twilio, for example, provides many separate REST APIs for sending text messages, making phone calls, looking up phone numbers, managing your accounts, and a whole lot more. In Twilio’s ecosystem, each product is its own API, but you will work with each of them in roughly the same way, whether directly over HTTP or using Twilio’s helper libraries for several different programming languages.
Twilio supports HTTP Basic authentication. This allows you to protect the URLs on your web server so that only you and Twilio can access them. In order to authenticate with HTTP, you may provide a username and password with the following URL format:
For HTTP Basic authentication, you will use your Twilio account SID as your username and your auth token as your password:
curl -G https://api.twilio.com/2010-04-01/Accounts \ -u '<YOUR_ACCOUNT_SID>:<YOUR_AUTH_TOKEN>'
If you want to use API keys to authenticate instead of your Twilio account SID and auth token, then use the API key as your username and your API key’s Secret as your password:
curl -G https://api.twilio.com/2010-04-01/Accounts \ -u '<YOUR_API_KEY>:<YOUR_API_KEY_SECRET>'
The API key type has to be created as
Main for the above command to access your accounts. Keys of type
Standard can only be used on commands where you also provide the Account SID as part of the API. For example:
curl -X GET 'https://api.twilio.com/2010-04-01/Accounts/\ '<YOUR_ACCOUNT_SID>/Applications.json' \ -u $'<YOUR_API_KEY>:<YOUR_API_KEY_SECRET>'
Twilio will authenticate to your web server using the provided username and password and will remain logged in for the duration of the action.
You can learn more about how Twilio handles authentication in our security documentation.
Twilio's APIs expect the content type of API requests to be either
multipart/form-data. It is important to note that although Twilio returns responses in JSON format, the API requests themselves should be formatted as either www-urlencoded or multiparty form data.
Please ensure that your API requests are formatted correctly using the appropriate content type to ensure successful communication with the Twilio APIs. Using the wrong content type may result in unexpected behavior or errors.
At this time, Twilio offers officially supported server-side libraries in the following languages:
All of these helper libraries come with a
Utilities class that facilitates request validation by passing your Account SID and Auth Token (found in the Console) to the library.
You should always use environment variables to keep your Account SID and Auth Token secret before sharing any code or deploying to production. Check out our guidance for setting environment variables to learn more.
Webhooks are user-defined HTTP callbacks triggered by an event in a web application. Twilio uses webhooks to let your application know when events happen, like getting an incoming call or receiving an SMS message. Webhooks are triggered asynchronously.
When the webhook event occurs, Twilio makes an HTTP request (usually
GET) to the URL you have configured for your webhook. Twilio’s request to your application includes details of the event like the body of an incoming message or the incoming phone number. Your application can then perform whatever logic is necessary, then reply to Twilio with a response containing the instructions you’d like Twilio to perform.
To handle a webhook when you use Twilio, you need to build a small web application that can accept HTTP requests. Check out our officially supported helper libraries to get up and running quickly.
For a complete step-by-step guide to sending and receiving messages with Twilio, check out our Quickstarts for Programmable SMS. Just select your server-side programming language of choice and dive in:
Twilio has a number of REST APIs that can help you build powerful communications into your applications, including Programmable Voice, Programmable Video, Super SIM, and Verify for two-factor authentication and passwordless login.
We can’t wait to see what you build!