Twilio Integration

Home Integrations Twilio Integration

Overview

Twilio is the leading cloud communications platform, providing APIs for SMS, voice calls, WhatsApp messaging, email (via SendGrid), video, and the programmable communication infrastructure that business applications use to communicate with customers and internal teams. For applications that need to send SMS notifications, make or receive phone calls, send WhatsApp messages, implement two-factor authentication, or build any form of programmatic communication, Twilio provides the API infrastructure that handles carrier connectivity, message delivery, number management, and the compliance requirements that communication at scale requires.

Twilio integration is relevant across a wide range of business application scenarios. The e-commerce platform that sends SMS order confirmations and delivery notifications. The trading system that sends SMS alerts when risk thresholds are breached. The SaaS application that sends two-factor authentication codes via SMS. The customer support platform that routes incoming calls to the appropriate agent. The operations tool that sends WhatsApp messages to field teams. The logistics system that sends automated delivery status updates to recipients. In each case, Twilio provides the communication channel and the API that the application uses to send or receive messages.

Twilio's product line covers more than basic SMS. Programmable SMS for sending and receiving text messages. Programmable Voice for making and receiving phone calls with programmable call flows. Twilio Messaging for WhatsApp Business API integration. Twilio Verify for pre-built two-factor authentication and phone number verification. Twilio Studio for visual no-code communication flow building. Twilio SendGrid for transactional and marketing email. The combination of these products covers the full range of customer communication channels that business applications require.

We build Twilio integrations for businesses that need to connect their custom applications to SMS, voice, WhatsApp, and other communication channels — covering the programmatic use cases that Twilio's APIs enable for custom software.

What Twilio Integration Covers

Twilio account and authentication. Twilio uses Account SID and Auth Token for API authentication.

Account credentials: the Twilio Account SID (a string starting with AC) and the Auth Token found in the Twilio Console. The credentials used for HTTP Basic authentication — Account SID as the username, Auth Token as the password — for all Twilio API requests. The Authorization: Basic {base64(accountSid:authToken)} header.

API keys: Twilio API keys as an alternative to the main Auth Token for authentication. The POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys.json endpoint for creating API keys. The API key SID and secret used instead of the Account SID and Auth Token — the practice of using API keys rather than the master Auth Token for application credentials, limiting exposure if credentials are compromised.

Subaccounts: Twilio subaccounts for isolating resources, billing, and credentials across multiple applications or clients. The subaccount SID and Auth Token for accessing subaccount resources.

Test credentials: the Twilio test credentials (separate from live credentials) that allow testing SMS and voice flows without actually sending messages or incurring charges. The test account SID (AC...) and test auth token that use Twilio's magic test numbers for predictable test outcomes.

Programmable SMS. The Twilio SMS API for sending and receiving text messages.

Sending SMS: the POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Messages.json endpoint for sending an SMS message. The request body with From (the Twilio phone number or messaging service SID), To (the recipient's phone number in E.164 format — +31612345678), and Body (the message text up to 1600 characters). The response with the message SID, status (queued, sending, sent, delivered, undelivered, failed), and date_sent.

Messaging Services: the Twilio Messaging Service SID (starts with MG) as the From value — a pool of phone numbers with automatic number selection for optimal deliverability, sticky sender support (the same number used for subsequent messages to the same recipient), and the geographic routing that selects the best number for each destination. The Messaging Service for high-volume SMS that needs intelligent number management.

Long codes vs short codes: Twilio long code numbers (standard phone numbers) for low-to-medium volume SMS with two-way communication. Twilio short codes (5-6 digit numbers) for high-volume one-way notifications with higher throughput and carrier guarantees. The number type selection based on volume, use case, and required deliverability.

SMS character limits and encoding: the 160-character limit for a single SMS segment in GSM-7 encoding. Messages longer than 160 characters are split into multi-part messages and reassembled by the recipient's device. Unicode characters (emoji, non-Latin characters) reduce the segment size to 70 characters per segment. The character count and encoding awareness that prevents unexpected segment multiplication for messages with special characters.

Receiving SMS: configuring the Twilio phone number's SMS webhook URL in the Twilio Console — the URL that Twilio sends a POST to when an SMS is received on that number. The inbound message payload with From, To, Body, MessageSid, and NumMedia. The TwiML response that the webhook can return for automated reply generation.

Opt-out handling: Twilio automatically handles STOP, UNSTOP, HELP keywords for US and Canadian numbers — customers who reply STOP are automatically opted out. The opt-out status check before sending messages to ensure compliance with telecommunications regulations.

Twilio Verify — two-factor authentication. The pre-built verification API for SMS and phone-based 2FA.

Verification Service creation: the Verify Service created in the Twilio Console or via POST https://verify.twilio.com/v2/Services — the service with the friendly name, the code length (4-10 digits), the code expiry (60-600 seconds), and the enabled channels (SMS, voice, WhatsApp, email). The service SID (VA...) used in verification requests.

Sending verification code: the POST https://verify.twilio.com/v2/Services/{ServiceSid}/Verifications endpoint for initiating a verification. The request with To (the phone number to verify) and Channel (sms, voice, whatsapp). Twilio sends the verification code to the specified number through the specified channel.

Verifying the code: the POST https://verify.twilio.com/v2/Services/{ServiceSid}/VerificationCheck endpoint for checking the code entered by the user. The request with To (the phone number) and Code (the code the user entered). The response with status (pending or approved) — approved confirming the user has verified they control the phone number.

Verify versus manual OTP: Twilio Verify versus building custom OTP generation and SMS sending. Verify handles code generation, delivery, rate limiting, fraud detection, and expiry — eliminating the implementation burden. Custom OTP is appropriate when specific code format requirements, custom delivery logic, or tighter control over the verification flow is needed.

Programmable Voice. The Twilio Voice API for making and receiving phone calls.

Outbound calls: the POST https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Calls.json endpoint for initiating an outbound call. The request with From (the Twilio number), To (the destination number), and Url (the TwiML URL that defines the call flow) or Twiml (the inline TwiML). The call SID and initial status in the response.

TwiML for call flows: the TwiML (Twilio Markup Language) XML that defines what happens during a call. The <Say> verb for text-to-speech, <Play> for audio file playback, <Gather> for collecting DTMF tones or speech input, <Record> for call recording, <Dial> for connecting calls to other numbers, <Redirect> for routing to a different TwiML URL. The call flow XML that Twilio fetches from the configured URL at each step of the call.

Inbound call handling: the Twilio phone number's Voice webhook URL — the URL that Twilio requests when a call is received on that number. The TwiML response that defines how the inbound call is handled — routing to an agent, playing an IVR menu, collecting input, or connecting to a queue.

Call status callbacks: the StatusCallback URL parameter in the outbound call request — the URL that Twilio POSTs to when the call status changes (initiated, ringing, in-progress, completed, busy, no-answer, failed). The callback that notifies the application of call outcomes.

WhatsApp Business API via Twilio. Sending and receiving WhatsApp messages through Twilio's WhatsApp Business API integration.

WhatsApp-enabled numbers: the Twilio WhatsApp sandbox for development testing (a shared WhatsApp number that individual users opt into for testing), and the approved WhatsApp Business profile for production use. The From number in WhatsApp messages formatted as whatsapp:+{number}.

Sending WhatsApp messages: the same POST /Messages.json endpoint as SMS, with From: whatsapp:+14155238886 (or the approved business number) and To: whatsapp:+31612345678. The message body for text messages, or the MediaUrl for media messages.

WhatsApp message templates: WhatsApp requires pre-approved message templates for messages sent outside the 24-hour customer service window — the first outbound message to a customer who has not recently messaged the business must use an approved template. The ContentSid parameter for using Twilio Content API templates, or the Body parameter with template text for messages within the service window.

WhatsApp session window: the 24-hour window after a customer's last message during which free-form messages can be sent. Outside this window, only approved template messages are permitted. The session management that tracks when the customer last messaged to determine whether a template is required.

Incoming WhatsApp messages: the same inbound webhook mechanism as SMS — the webhook URL configured on the WhatsApp-enabled number that Twilio calls when a customer sends a WhatsApp message.

Webhook processing. Receiving Twilio webhooks for inbound messages, call events, and delivery status.

Webhook validation: the X-Twilio-Signature header in every Twilio webhook request — the HMAC-SHA1 signature computed from the webhook URL, the POST parameters, and the Auth Token. The mandatory signature validation that confirms the request originated from Twilio before processing. The Twilio helper library's validateRequest() method for reliable signature validation.

Delivery status webhooks: the StatusCallback URL on outbound messages — the URL that Twilio POSTs to with delivery status updates (sent, delivered, undelivered, failed). The delivery tracking that monitors whether messages are reaching recipients and alerts on delivery failures.

Message SID lookup: the GET /Messages/{MessageSid}.json endpoint for querying the current status of a specific message — for applications that need to poll delivery status rather than receive webhook callbacks.

Number management. Purchasing and configuring Twilio phone numbers.

Number search and purchase: the GET /AvailablePhoneNumbers/{CountryCode}/Local.json endpoint for searching available phone numbers by country, area code, and capabilities (SMS, voice, MMS). The POST /IncomingPhoneNumbers.json endpoint for purchasing a number. The number provisioning that assigns the purchased number to the account and configures it with the application's webhook URLs.

Dutch phone numbers: Twilio supports Dutch (NL) phone numbers — local Dutch mobile and geographic numbers for applications targeting Dutch users. The local number that improves delivery rates for Dutch SMS recipients compared to international sender numbers.

Number configuration: the POST /IncomingPhoneNumbers/{Sid}.json endpoint for updating a number's configuration — the SMS and Voice webhook URLs that Twilio calls for inbound messages and calls, the status callback URLs, and the messaging service assignment.

Twilio SendGrid — transactional email. The SendGrid email API for transactional message delivery alongside SMS and voice.

Email sending: the POST https://api.sendgrid.com/v3/mail/send endpoint for sending transactional emails. The request with from, to (array of recipient objects), subject, content (text and HTML), and template_id for dynamic template rendering. The SendGrid API key in the Authorization: Bearer {api_key} header.

Dynamic templates: the SendGrid Dynamic Templates that separate email design from code — the Handlebars template with {{variable}} placeholders, and the dynamic_template_data object in the send request that provides the values. The template that renders with recipient-specific data without requiring HTML construction in application code.

Communication flow patterns. Common integration patterns for Twilio-powered communication.

Order and delivery notifications: the e-commerce integration that sends SMS when an order is placed, when it ships, and when it is delivered — the {OrderNumber} and {TrackingUrl} in the message body. The delivery notification that reduces customer support enquiries by proactively communicating order status.

Alert and threshold notifications: the operational or trading system that sends SMS alerts when configured conditions are met — risk threshold breaches, system errors, stock alerts. The time-critical notification that reaches the recipient on their phone rather than waiting for email monitoring.

Two-factor authentication: the login flow that sends a Twilio Verify code after password authentication — the additional factor that protects accounts from password-only attacks. The verification code that expires after the configured timeout and can only be used once.

Appointment reminders: the scheduled SMS reminder sent before an appointment — the healthcare, legal, or service scheduling system that reduces no-shows by sending reminders via SMS at a configured time before the appointment.

Technologies Used

  • C# / ASP.NET Core — Twilio integration using the Twilio NuGet package with the Twilio helper library for .NET
  • TypeScript / Node.js — Twilio integration using the twilio npm package
  • Python — Twilio integration using the twilio PyPI package for Django, Flask, and FastAPI applications
  • PHP / Laravel — Twilio integration using the twilio/sdk Composer package
  • Rust — Twilio REST API integration via direct HTTP for Rust-based applications
  • Twilio REST API — SMS, voice, and WhatsApp message sending and management
  • Twilio Verify API — phone number verification and two-factor authentication
  • TwiML — call flow and message response definition
  • Webhooks — inbound message and call event delivery
  • HMAC-SHA1 — Twilio webhook signature validation
  • SQL (PostgreSQL / MySQL) — message log, delivery status tracking, opt-out management, verification records
  • Redis — webhook deduplication, rate limit management, OTP state
  • Hangfire / scheduled jobs — scheduled appointment reminders, batch notification delivery
  • Docker — containerised application deployment
  • GitHub Actions — CI/CD pipeline for application deployment

Compliance Considerations for SMS Communication

SMS communication at scale involves telecommunications regulations that vary by country. For Dutch and European SMS:

GDPR compliance: SMS recipients in the EU must have provided consent for marketing communications. The consent record that documents when and how the recipient opted in — stored alongside the phone number in the application database.

Opt-out management: the automatic STOP handling that Twilio provides for US/Canadian numbers, and the equivalent opt-out mechanism for European numbers where Twilio's automatic handling may not apply. The opt-out flag in the application database that prevents sending to opted-out numbers regardless of Twilio's automatic handling.

Sender ID: Dutch mobile carriers support alphanumeric sender IDs (up to 11 characters) for one-way SMS — the sender name that appears instead of a phone number. The sender ID registration requirements that vary by country and carrier. Alphanumeric sender IDs cannot receive replies — for two-way SMS, a Twilio phone number is required as the sender.

Multi-Channel Communication, Connected to Your Applications

Twilio integrations built to production standards — correct Account SID and API key management, webhook signature validation for all inbound events, E.164 number formatting for reliable delivery, message segmentation awareness for accurate cost and delivery prediction, opt-out compliance for regulated communication, and the delivery status monitoring that surfaces failures before they cause communication gaps.