Twilio - How do others resolve security issues?

I’m very keen to use Twilio for our SMS paging solution for our projects, however a couple customer IT departments that we’ve tried to trial this solution with haven’t been able to come up with a secure solution.

I’m no expert on network security, however the issue seems to be that in order to allow inbound SMS acknowledgements, traffic must be allowed in from any source, since Twilio’s inbound traffic doesn’t come from specific IP addresses…

How have others gotten around security issues?

With the Kymera twilio module, it is possible to set a different port for the Twilio servlet vs the Ignition servlet.

Forcing HTTPS is next.

Third, Twilio has a page describing how you can validate the message comes from Twilio
https://www.twilio.com/docs/api/security

And finally, I would put a Layer 7 filter in from of that servlet, which can limit messages to https://blahblah/twiliouri

1 Like

Hello Kyle,

Is your module a direct replacement for the Ignition Voice module? Ive had weird intermittent issues between the Ignition voice module and various providers. So I kind of round robin between providers.

If I swap from the Ignition voice module to your twilio module will I need to do any changes or scripting on my end? Twilio has been solid for me on sms, so I wouldnt mind giving them a shot.

It is not a direct replacement. We handle acknowledgements differently. Mainly, each user has a pin, not each alarm has a pin. When a user enters their pin, it acks all alarms that have been sent to them.

No changes should have be made to your scripts, but feel free to give it a try, and contact our support if you need a hand.