Twilio’s APIs (Application Programming Interfaces) power its platform for communications. Behind these APIs is a software layer connecting and optimizing communications networks around the world to allow your users to call and message anyone, globally.
An API is an application programming interface - in short, it’s a set of rules that lets programs talk to each other, exposing data and functionality across the internet in a consistent format.
REST stands for Representational State Transfer. This is an architectural pattern that describes how distributed systems can expose a consistent interface. When people use the term ‘REST API,’ they are generally referring to an API accessed via HTTP protocol at a predefined set of URLs.
These URLs represent various resources - any information or content accessed at that location, which can be returned as JSON, HTML, audio files, or images. Often, resources have one or more methods that can be performed on them over HTTP, like GET, POST, PUT and DELETE.
Twilio, for example, provides many separate REST APIs for sending text messages, making phone calls, looking up phone numbers, managing your accounts, and a whole lot more. In Twilio’s ecosystem, each product is its own API, but you will work with each of them in roughly the same way, whether over HTTP or using Twilio’s helper libraries for several different programming languages.
Twilio supports HTTP Basic authentication. This allows you to protect the URLs on your web server so that only you and Twilio can access them. In order to authenticate with HTTP, you may provide a username and password with the following URL format:
For HTTP Basic authentication, you will use your Twilio account SID as your username and your auth token as your password:
curl -G https://api.twilio.com/2010-04-01/Accounts \ -u '[YOUR ACCOUNT SID]:[YOUR AUTH TOKEN]'
Twilio will authenticate to your web server using the provided name and password and will remain logged in for the duration of the action.
You can learn more about how Twilio handles authentication in our security documentation.
At this time, Twilio offers six officially supported server-side libraries:
All of these helper libraries come with a Utilities class that facilitates request validation: you simply need to pass your account SID and auth token (found in the Twilio Console) to Twilio’s Client.
Please note: you should always use environment variables to keep your account sid and auth token secret before sharing any code or deploying to production. Check out our guidance for setting environment variables to learn more.
Webhooks are user-defined HTTP callbacks triggered by an event in a web application. Twilio uses webhooks to asynchronously let your application know when events happen, like getting an incoming call or receiving an SMS message.
When the webhook event occurs, Twilio makes an HTTP request (usually POST or GET) to the URL you have configured for your webhook. Twilio’s request to your application includes details of the event like the body of an incoming message or the incoming phone number. Your application can then perform whatever logic is necessary, then reply to Twilio with a response containing the instructions you’d like Twilio to perform.
To handle a webhook when you use Twilio, you need to build a small web application that can accept HTTP requests. Check out our officially supported helper libraries to get up and running quickly.
For a complete step-by-step guide to sending and receiving messages with Twilio, check out our Quickstarts for Programmable SMS. Just select your server-side programming language of choice and dive in:
Twilio has a number of REST APIs that can help you build powerful communications into your applications, including Programmable Voice, Programmable Video, Wireless, and Authy for two-factor authentication and passwordless login.
We can’t wait to see what you build!