Webhook Guide
Twilio Guides de test webhook
SMS/voice callback webhooks
Chemin rapide : commandes helper CLI
Use these first to avoid setup mistakes, then follow the full provider steps below.
instatunnel webhook init --provider twilio --port 3000 --path /webhooks/twilio/sms
instatunnel webhook verify --provider twilio --secret-env TWILIO_AUTH_TOKEN
instatunnel webhook test --provider twilio
If you run into provider-specific issues, use the full checklist sections below.
For cross-provider MCP + webhook diagnostics, open /docs/troubleshooting.
Replay + helper signature (dashboard)
Open /dashboard or /dashboard/tunnels and use Webhook Command Center for this provider. It gives one-click replay and signature verification helpers.
instatunnel webhook verify --provider twilio --secret-env TWILIO_AUTH_TOKEN
curl -i -X POST "https://YOUR-SUBDOMAIN.instatunnel.my/webhooks/twilio/sms" -H "Content-Type: application/json" --data-binary @sample-twilio.json
Required signature header: x-twilio-signature
1. Setup app locale
Create a local webhook endpoint at: /webhooks/twilio/sms
import express from 'express'
import twilio from 'twilio'
const app = express()
app.use(express.urlencoded({ extended: false }))
app.post('/webhooks/twilio/sms', (req, res) => {
const signature = req.header('x-twilio-signature') || ''
const url = process.env.PUBLIC_WEBHOOK_URL!
const valid = twilio.validateRequest(
process.env.TWILIO_AUTH_TOKEN!,
signature,
url,
req.body
)
if (!valid) return res.status(403).send('invalid signature')
console.log('sms from:', req.body.From, 'body:', req.body.Body)
res.type('text/xml').send('<Response></Response>')
})
app.listen(3000, () => console.log('listening on :3000'))2. Lancer InstaTunnel
instatunnel 3000 --subdomain twilio-dev
Keep a fixed subdomain so your provider dashboard URL does not keep changing.
3. Champs provider a coller
| Field | Value | Where/notes |
|---|---|---|
| A message comes in URL | {{WEBHOOK_URL}} | Phone Number > Messaging config |
| HTTP method | POST | Twilio sends form-encoded parameters by default |
| Status callback URL (optional) | {{STATUS_CALLBACK_URL}} | Track delivery lifecycle |
| Auth token | TWILIO_AUTH_TOKEN | Use for signature verification |
Use the helper below to generate exact values with your chosen subdomain and path.
Assistant setup webhook en un clic
Genere commande tunnel, URL webhook et valeurs provider pretes a coller.
Lancer InstaTunnel
instatunnel 3000 --subdomain twilio-devURL webhook
https://twilio-dev.instatunnel.my/webhooks/twilio/sms| Champ provider | Valeur a coller | Notes |
|---|---|---|
| A message comes in URL | https://twilio-dev.instatunnel.my/webhooks/twilio/sms | Phone Number > Messaging config |
| HTTP method | POST | Twilio sends form-encoded parameters by default |
| Status callback URL (optional) | https://twilio-dev.instatunnel.my/webhooks/twilio/sms/status | Track delivery lifecycle |
| Auth token | TWILIO_AUTH_TOKEN | Use for signature verification |
Astuce : gardez un sous-domaine stable par provider pour eviter la reconfiguration.
4. Envoyer un evenement de test
- Set your Twilio phone number webhook URL to the tunnel URL.
- Send an SMS to that Twilio number from your phone.
- Validate received payload and XML response in local logs.
5. Verifier la signature
Verify this header on every request: x-twilio-signature
const valid = twilio.validateRequest(
process.env.TWILIO_AUTH_TOKEN!,
req.header('x-twilio-signature')!,
publicWebhookUrl,
req.body
)
if (!valid) return res.status(403).send('invalid signature')6. Retrys et idempotence
- Use MessageSid/CallSid as idempotency keys.
- Return valid TwiML quickly to prevent repeated retries.
- Log signature validation errors separately from business logic errors.
7. Echecs courants et corrections rapides
403 invalid signature
Use exact public URL and TWILIO_AUTH_TOKEN when validating request.
Twilio says 11200 HTTP retrieval failure
Confirm tunnel is live and endpoint responds within timeout.
Body fields missing
Parse urlencoded form body, not JSON, for default Twilio webhooks.