Loading...
Loading...
Use this skill when working with Twilio communication APIs for SMS/MMS messaging, voice calls, phone number management, TwiML, webhook integration, two-way SMS conversations, bulk sending, or production deployment of telephony features. Includes official Twilio patterns, production code examples from Twilio-Aldea (provider-agnostic webhooks, signature validation, TwiML responses), and comprehensive TypeScript examples.
npx skill4agent add tdimino/claude-code-minoan twilio-apiconst twilio = require('twilio');
const client = twilio(
process.env.TWILIO_ACCOUNT_SID,
process.env.TWILIO_AUTH_TOKEN
);
async function sendSMS(to, from, body) {
const message = await client.messages.create({
to: to,
from: from,
body: body
});
return message;
}
// Usage
await sendSMS('+14155552671', '+14155559999', 'Hello from Twilio!');const https = require('https');
function sendSMS(to, from, body) {
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const auth = Buffer.from(`${accountSid}:${authToken}`).toString('base64');
const postData = new URLSearchParams({
To: to,
From: from,
Body: body
}).toString();
const options = {
hostname: 'api.twilio.com',
port: 443,
path: `/2010-04-01/Accounts/${accountSid}/Messages.json`,
method: 'POST',
headers: {
'Authorization': `Basic ${auth}`,
'Content-Type': 'application/x-www-form-urlencoded',
'Content-Length': postData.length
}
};
return new Promise((resolve, reject) => {
const req = https.request(options, (res) => {
let data = '';
res.on('data', (chunk) => { data += chunk; });
res.on('end', () => resolve(JSON.parse(data)));
});
req.on('error', reject);
req.write(postData);
req.end();
});
}function validateE164(phoneNumber) {
const e164Regex = /^\+[1-9]\d{1,14}$/;
if (!e164Regex.test(phoneNumber)) {
return {
valid: false,
error: 'Phone number must be in E.164 format (e.g., +14155552671)'
};
}
return { valid: true };
}
// Normalize US phone numbers to E.164
function formatToE164(number) {
let digits = number.replace(/\D/g, '');
if (!digits.startsWith('1')) {
digits = '1' + digits;
}
return '+' + digits;
}const express = require('express');
app.use(express.urlencoded({ extended: false }));
app.post('/webhooks/twilio', (req, res) => {
const from = req.body.From;
const body = req.body.Body;
const to = req.body.To;
console.log(`Received: "${body}" from ${from}`);
// Respond with TwiML
const twiml = `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Message>Thanks for your message!</Message>
</Response>`;
res.set('Content-Type', 'text/xml');
res.send(twiml);
});const crypto = require('crypto');
function verifyTwilioSignature(url, params, signature, authToken) {
// Build data string from sorted params
const data = Object.keys(params)
.sort()
.reduce((acc, key) => acc + key + params[key], url);
// Generate HMAC-SHA1 signature
const expectedSignature = crypto
.createHmac('sha1', authToken)
.update(Buffer.from(data, 'utf-8'))
.digest('base64');
return signature === expectedSignature;
}
// Usage in Express with body-parser
app.post('/webhooks/twilio', (req, res) => {
const signature = req.headers['x-twilio-signature'];
const url = `https://${req.headers.host}${req.url}`;
if (!verifyTwilioSignature(url, req.body, signature, process.env.TWILIO_AUTH_TOKEN)) {
return res.status(403).send('Forbidden');
}
// Process webhook...
const twiml = '<Response></Response>';
res.set('Content-Type', 'text/xml');
res.send(twiml);
});const twilio = require('twilio');
app.post('/webhooks/twilio', (req, res) => {
const signature = req.headers['x-twilio-signature'];
const url = `https://${req.headers.host}${req.url}`;
if (!twilio.validateRequest(
process.env.TWILIO_AUTH_TOKEN,
signature,
url,
req.body
)) {
return res.status(403).send('Forbidden');
}
// Process webhook...
const twiml = new twilio.twiml.MessagingResponse();
twiml.message('Thanks for your message!');
res.set('Content-Type', 'text/xml');
res.send(twiml.toString());
});async function sendWithRetry(to, from, body, maxRetries = 3) {
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
return await client.messages.create({ to, from, body });
} catch (error) {
if (error.status >= 500 && attempt < maxRetries) {
// Server error - retry with exponential backoff
const delayMs = Math.pow(2, attempt) * 1000;
console.log(`Retry ${attempt} in ${delayMs}ms...`);
await new Promise(resolve => setTimeout(resolve, delayMs));
} else {
throw error;
}
}
}
}async function sendBulkSMS(recipients, from, body) {
const delayMs = 100; // 10 messages/second
const results = [];
for (const recipient of recipients) {
try {
const result = await client.messages.create({ to: recipient, from, body });
results.push({ success: true, to: recipient, sid: result.sid });
} catch (error) {
results.push({ success: false, to: recipient, error: error.message });
}
await new Promise(resolve => setTimeout(resolve, delayMs));
}
return results;
}// From Twilio-Aldea production codebase
function detectProvider(payload: any): 'twilio' | 'telnyx' {
// Telnyx uses JSON with data.event_type
if (payload.data && payload.data.event_type) {
return 'telnyx';
}
// Twilio uses form-urlencoded with MessageSid
if (payload.MessageSid || payload.From) {
return 'twilio';
}
throw new Error('Unknown SMS provider');
}
// Unified webhook handler
app.post('/api/sms/webhook', async (req, res) => {
const providerType = detectProvider(req.body);
if (providerType === 'twilio') {
// Validate Twilio signature
// Return TwiML response
const twiml = '<?xml version="1.0"?><Response></Response>';
res.set('Content-Type', 'text/xml');
res.send(twiml);
} else {
// Validate Telnyx Ed25519 signature
// Return JSON response
res.status(200).json({ status: 'ok' });
}
});function handleTwilioError(error) {
if (!error.status) {
return { type: 'NETWORK_ERROR', retriable: true };
}
switch (error.status) {
case 400:
case 422:
// Validation error
return {
type: 'VALIDATION_ERROR',
message: error.message,
code: error.code,
retriable: false
};
case 401:
// Check Account SID and Auth Token
return { type: 'AUTH_ERROR', retriable: false };
case 429:
// Rate limit
return {
type: 'RATE_LIMIT',
retriable: true,
retryAfter: 60
};
case 500:
case 502:
case 503:
// Server error
return { type: 'SERVER_ERROR', retriable: true };
default:
return { type: 'UNKNOWN_ERROR', retriable: false };
}
}+[country code][number]+14155552671+442071234567+Authorization: Basic base64(ACCOUNT_SID:AUTH_TOKEN)<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Message>Your message text here</Message>
</Response><Message><Redirect><Dial><Say><Play>MessageSidFromToBodyMessageStatusNumMediaqueuedsendingsentdeliveredundeliveredfailedX-Twilio-Signature// Support both Twilio and Telnyx from single endpoint
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const rawBody = await readRawBody(req);
// Auto-detect provider
let payload: any;
try {
payload = JSON.parse(rawBody); // Telnyx
} catch {
payload = parseFormUrlEncoded(rawBody); // Twilio
}
const providerType = detectProvider(payload);
const provider = getProviderByType(providerType);
// Validate signature
const isValid = provider.validateSignature(req, rawBody);
if (!isValid) {
return res.status(403).json({ error: 'Invalid signature' });
}
// Process message
await processIncomingSMS(payload, provider);
// Return provider-specific response
if (providerType === 'twilio') {
res.set('Content-Type', 'text/xml');
res.send('<?xml version="1.0"?><Response></Response>');
} else {
res.status(200).json({ status: 'ok' });
}
}// Next.js API route config
export const config = {
api: {
bodyParser: false, // Preserve raw body
},
};
async function readRawBody(req: NextApiRequest): Promise<string> {
return new Promise<string>((resolve, reject) => {
let data = '';
req.setEncoding('utf8');
req.on('data', (chunk) => { data += chunk; });
req.on('end', () => resolve(data));
req.on('error', reject);
});
}// Environment variable: SMS_FAST_MODE=true/false
const fastMode = process.env.SMS_FAST_MODE?.toLowerCase() !== 'false';
if (fastMode) {
// Return immediate acknowledgment
res.status(200).send(twiml);
// Process async in background
processIncomingSMS(payload).catch(console.error);
} else {
// Wait for AI processing
await processIncomingSMS(payload);
res.status(200).send(twiml);
}function buildTwiMLResponse(message?: string): string {
if (!message) {
return '<?xml version="1.0" encoding="UTF-8"?><Response></Response>';
}
// Escape XML special characters
const escaped = message
.replace(/&/g, '&')
.replace(/</g, '<')
.replace(/>/g, '>')
.replace(/"/g, '"')
.replace(/'/g, ''');
return `<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Message>${escaped}</Message>
</Response>`;
}// PostgreSQL with unique constraint on message_sid
async function processWebhookIdempotent(messageSid: string, client: any) {
try {
await client.query('BEGIN');
await client.query(
'INSERT INTO processed_webhooks (message_sid, processed_at) VALUES ($1, NOW())',
[messageSid]
);
await handleMessage(messageSid, client);
await client.query('COMMIT');
} catch (error: any) {
await client.query('ROLLBACK');
if (error.code === '23505') { // Duplicate key
console.log('Message already processed');
return;
}
throw error;
}
}function withTimeout<T>(
promise: Promise<T>,
timeoutMs: number = 25000
): Promise<T> {
return Promise.race([
promise,
new Promise<T>((_, reject) =>
setTimeout(() => reject(new Error('Timeout')), timeoutMs)
),
]);
}
// Usage
const result = await withTimeout(
processIncomingSMS(payload),
25000
);https://api.twilio.com/2010-04-01Authorization: Basic base64(ACCOUNT_SID:AUTH_TOKEN)# .env file
TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
TWILIO_AUTH_TOKEN=your_auth_token_here
TWILIO_PHONE_NUMBER=+18005551234{
"sid": "SMxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"date_created": "Wed, 18 Aug 2021 20:01:14 +0000",
"date_updated": "Wed, 18 Aug 2021 20:01:14 +0000",
"date_sent": null,
"account_sid": "ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"to": "+14155552671",
"from": "+14155559999",
"body": "Hello from Twilio!",
"status": "queued",
"num_segments": "1",
"num_media": "0",
"direction": "outbound-api",
"price": null,
"price_unit": "USD",
"uri": "/2010-04-01/Accounts/ACxxx/Messages/SMxxx.json"
}+2000320005212112121221408216102042930001300033000430005300063000730008// Use Twilio SDK for built-in validation
const twilio = require('twilio');
if (!twilio.validateRequest(authToken, signature, url, params)) {
return res.status(403).send('Forbidden');
}// Don't do expensive processing before responding
app.post('/webhook', async (req, res) => {
// Return TwiML immediately
res.set('Content-Type', 'text/xml');
res.send('<Response></Response>');
// Process async
processMessage(req.body).catch(console.error);
});await client.messages.create({
to: '+14155552671',
from: '+14155559999',
body: 'Hello!',
statusCallback: 'https://yourdomain.com/status'
});// Keep messages under 160 characters for GSM-7
function optimizeForGSM7(text) {
return text
.replace(/[""]/g, '"')
.replace(/['']/g, "'")
.replace(/[—–]/g, '-')
.replace(/…/g, '...');
}async function sendWithBackoff(to, from, body, maxRetries = 3) {
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
return await client.messages.create({ to, from, body });
} catch (error) {
if (attempt < maxRetries && error.status >= 500) {
await new Promise(r => setTimeout(r, Math.pow(2, attempt) * 1000));
} else {
throw error;
}
}
}
}