I have a Twilio phone number and setup a webhook for incoming SMS messages. I want to point that webhook to an AWS Api Gateway api that requires an api key. Is it possible to send an x-api-key header to an aws api gateway from a twilio webhook?
Asked
Active
Viewed 388 times
1 Answers
1
No.
What you need to do instead is defend your Endpoint by verifying Twilio is the caller.
This is detailed in this article (for Python). I'm sure there's another article for other languages.
Summary:
- Configure the Method Request to pass X-Twilio-Signature through.
- Configure the Integration Request Mapping Template to pass that (and the URL-encoded-Form) as well.
- In your Lambda, you will use the Twilio RequestValidator to then validate the request.
- You will also need access to the (sub)account Token and Request URL (the URL you put in Twilio). The sample says to use environment variables. I use AWS Systems Manager Parameter Store. The sample also says the Master Number... I didn't use that at all.
I hope that points you in the right direction. I found your article when I was trying to figure this out an following that article worked for me.
Patrick
- 2,044
- 1
- 25
- 44