Skip to content
Transyt Docs

Twilio

Signature Verification

Section titled “Signature Verification”
PropertyValue
AlgorithmHMAC-SHA1
HeaderX-Twilio-Signature

Signing formula:

Base64(HMAC-SHA1(url + sorted_params, auth_token))

Twilio constructs the signature by concatenating the full webhook URL with all POST parameters sorted alphabetically, then computing an HMAC-SHA1 using your Auth Token.

Setup

Section titled “Setup”
  1. In the Twilio Console, navigate to your phone number or TwiML application
  2. Set the webhook URL to: 
    https://ingest.transyt.com/twilio/{your-account-slug}
  3. Use your Twilio Auth Token as the signing secret

Account Configuration

Section titled “Account Configuration”
Terminal window
curl -X POST https://ingest.transyt.com/admin/accounts \
  -H "X-Admin-Token: YOUR_ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "twilio",
    "account_slug": "main",
    "app_key": "my-app",
    "signing_secret_current": "your-twilio-auth-token"
  }'

Event Type Mappings

Section titled “Event Type Mappings”

Twilio uses the same event type mappings as SignalWire, since SignalWire is Twilio-compatible.

External ID

Section titled “External ID”

Same composite format as SignalWire: {MessageSid}:{status} or {CallSid}:{status}.