A2P 10DLC Campaign Vetting Delays: Twilio cannot approve 10DLC Campaigns ourselves, and must rely on third parties who control our connections to carriers to sign off. These external processes are creating several week delays for our customers. We continue to escalate these issues and are working to reduce delays wherever possible. Further details will be shared in the Campaign Vetting Changes article as they become available.

Which IP addresses will Twilio's requests come from?

Twilio makes HTTP requests to your server to fetch your app's TwiML instructions. Some users prefer to know which IP address the request from Twilio is coming from in order to open up specific ports in a firewall. However, due to the fluid nature of our cloud architecture, we don't have a set range of IPs that requests are sent from or know in advance what they will be.

Because Twilio's requests will be coming from different IP addresses, we instead recommend that you validate that a request came from Twilio by other means:

  • If you are interested in confirming the origin of requests coming to your server, each HTTP request contains a cryptographic signature header which can be used to validate that the request is legitimately from Twilio. Please see our documentation on securing your application for more details.
  • If your internal network environment requires you to add each connecting IP to an allow list, we suggest hosting a server outside your network (e.g. in a network DMZ) to proxy requests from Twilio into the internal network.

If the inability to have a request come from a static IP address is a serious concern for your enterprise, please contact our sales department to discuss your security needs and other options which might be available.

For more information, see All About Twilio IP Addresses

Have more questions? Submit a request
Powered by Zendesk