Search code examples
twilio-functions

How to securely store phone numbers in Twilio Functions?

I am using Twilio Functions. I wonder if the phone numbers stored in the Function's code are secure?

I am using code similar to that found here: https://support.twilio.com/hc/en-us/articles/223180548-How-Can-I-Stop-Receiving-or-Block-Incoming-Phone-Calls-#blacklistNumbers

Basically, it rejects numbers that on a blacklist of your choosing. The blacklist is in the Function's code itself.

Perhaps this is already secure. Forgive my misunderstanding.

The aforementioned code:

exports.handler = function(context, event, callback) {
  // Listing all the blocked phone numbers, at the moment "+1(212)555-1234" and "+1(702)555-6789"
  let blacklist = event.blacklist || [ "+12125551234", "+17025556789" ];

  let twiml = new Twilio.twiml.VoiceResponse();
  let blocked = true;
  if (blacklist.length > 0) {
    if (blacklist.indexOf(event.From) === -1) {
      blocked = false;
    }
  }
  if (blocked) {
    twiml.reject();
  }
  else {
    // if the caller's number is not blocked, redirecting to another TwiML which includes instructions for what to do
    twiml.redirect("https://demo.twilio.com/docs/voice.xml");
  }
  callback(null, twiml);
};
Solution

  • Heyooo. Twilio Developer Evangelist here. 👋

    I don't think you have to worry about the security of these numbers. But what you could do it to add the blacklist to the function configuration instead. This way you wouldn't have to change the function code whenever you want to add a new number to the blacklist.

    Function configuration in twilio

    These values below will be available in the context object that is passed into your function.

    Blacklist as function parameter

    exports.handler = async function(context, event, callback) {
  console.log(context.BLACKLIST); // 1212...
}