Check out the Twilio whitepaper to get details on our security processes for people, product, cloud & network, monitoring & incident response, physical spaces, disaster recovery, and third-parties.
We highly recommend that you use HTTP Authentication in conjunction with encryption. This way, you can protect communications between your application and Twilio. As an added measure, we suggest adding a validation step to make sure requests are indeed coming from Twilio and not a malicious third party.
We’ve built, and continue to improve, our internal systems to detect fraudulent traffic on your account. We ask that you implement best practices to prevent hackers from compromising your app. Some of these steps are to lock down your account and some are dependent on the mode of communication you’re using.
We suggest enabling Enterprise Editions for added security on your Twilio account. The plan includes capabilities such as Audit Events for change control, Role-Based Access Control (RBAC), and Single Sign-On (SSO) for access management.
The Twilio disclosure program is managed through Bugcrowd and you’re welcome to sign up as a tester. Your help with identifying potential issues and ways to improve our service is always appreciated. If you have identified a vulnerability, please report it via Bugcrowd to be eligible for a reward.
The Twilio advantage
Experience a 99.95% uptime SLA made possible with automated failover and zero maintenance windows.
Extend the same app you write once to new markets with configurable features for localization and compliance.
Use the same platform you know for voice, SMS, video, chat, two-factor authentication, and more.
Get to market faster with pay-as-you-go pricing, free support, and the freedom to scale up or down without contracts.