Twilio Trust & Security
Security is both important and complex. That’s why we sweat the details.
Check out the Twilio whitepaper to get details on our security processes for people, product, cloud & network, monitoring & incident response, physical spaces, disaster recovery, and third-parties.
- White paperTwilio SecurityManaging secure cloud communications
API security features
We highly recommend that you use HTTP Authentication in conjunction with encryption. This way, you can protect communications between your application and Twilio. As an added measure, we suggest adding a validation step to make sure requests are indeed coming from Twilio and not a malicious third party.
We’ve built, and continue to improve, our internal systems to detect fraudulent traffic on your account. We ask that you implement best practices to prevent hackers from compromising your app. Some of these steps are to lock down your account and some are dependent on the mode of communication you’re using.
Enterprise Edition security features
We suggest enabling Enterprise Editions for added security on your Twilio account. The plan includes capabilities such as Audit Events for change control, Role-Based Access Control (RBAC), and Single Sign-On (SSO) for access management.
The Twilio disclosure program is managed through Bugcrowd and you’re welcome to sign up as a tester. Your help with identifying potential issues and ways to improve our service is always appreciated. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.