Monitoring Updates to Twilio REST API SSL Certificates

At Twilio, we believe in security, operational excellence, and transparency to build trust between us and our customers.  To this end, we are publishing our SSL Certificate update procedures to enable you, our customer, to monitor for any upcoming API SSL certificate changes.  This document is meant to be a “How To” guide to monitor for these changes.

REST API‘s SSL Certificate Upgrade Procedures

A month in advance of any API SSL certificate change, we will post the new "to be upgraded" SSL certificate on port 8443 of all of our API endpoints. These include but are not exclusive to:


How to Monitor for Changes

Based on this procedure, an organization or individual can now monitor for any upcoming API certificate change with a simple script to check port 8443 of our API. If the request succeeds with 200 OK, no further action is required. If there is a timeout or error message, further investigation is required to determine the cause and resolve any issues. Code connecting to port 8443 is available in subsequent “Testing Your Environment” section.

Testing Your Environment

The best way to see if your environment is impacted by the certificate change is by performing a test command to our endpoint outlined above to port 8443 (i.e. from your production environment (or one that is identical to production). If your command successfully tests the endpoint, no changes will be needed on your end for the upcoming certificate change.

Note: Be sure your environment allows outbound HTTPS traffic to port 8443.

Expected Output

If the test succeeds, you'll receive a 200 OK status code and this XML output:

<?xml version='1.0' encoding='UTF-8'?>
  <Versions firstpageuri="/?Page=0&amp;PageSize=50" numpages="1" end="1" total="2" previouspageuri="" lastpageuri="/?Page=0&amp;PageSize=50" uri="/" pagesize="50" start="0" nextpageuri="" page="0">

If your command fails, then outside of syntax errors, you are likely missing our new root certificate.  We do not recommend pinning certificates.  If you or your organization are pinning root certificates, please ensure the DigiCert Global Root CA is available in your local trust store.

Testing with cURL

curl -X POST '[YOUR_ACCOUNT_SID]/Messages.json'
--data-urlencode 'To=TO_PHONE_NUMBER'
--data-urlencode 'From=FROM_PHONE_NUMBER'
--data-urlencode 'Body=Your system is ready for the upcoming change to the Twilio API SSL certificate. No further action is needed.'
-u [YOUR_ACCOUNT_SID]:[AuthToken]

Testing with Twilio Helper Libraries

If you are using one of Twilio's new Helper Libraries, you can test the certificate with code snippets listed below.

Note: For Twilio's legacy Helper Libraries such as C# 3.x, download these snippets separately.


require __DIR__ . '/vendor/autoload.php'; $client = new Twilio\Http\CurlClient(); $response = $client->request('GET', ''); echo $response;

C# (.NET 4+)

using System;
using Twilio.Http;

class TwilioApiTest
    static void Main(string[] args)
            HttpClient client = new SystemNetHttpClient();
            Request request = new Request(HttpMethod.Get, "");
            Response response = client.MakeRequest(request);

C# (.NET 3.5)

using System;
using Twilio.Http;
using Twilio.Http.Net35;

class TwilioApiTest
    static void Main(string[] args)
            HttpClient client = new WebRequestClient();
            Request request = new Request(HttpMethod.Get, "");
            Response response = client.MakeRequest(request);


from twilio.http.http_client import TwilioHttpClient

client = TwilioHttpClient()
response = client.request('GET', '')


import com.twilio.http.*;

public class TwilioApiTest {
    public static void main(String[] args) {
        NetworkHttpClient client = new NetworkHttpClient();
        Request request = new Request(HttpMethod.GET, "");
        Response response = client.makeRequest(request);


require 'twilio-ruby'

@client =
response = @client.request('', '8443', 'GET', '')
puts response


var RequestClient = require('twilio/lib/base/RequestClient');

var client = new RequestClient();
    method: 'GET',
    uri: ''



For routine SSL certificate updates to refresh expiring certificates, we will not send out any customer notification.  If our certificate change affects the encryption level, encryption cypher, root chain or root certificate in any way, we will send out notification via email with a month’s notice.  The update procedure will be followed on any type of update to our certificate.

We hope this stated policy will help our customers stay operationally excellent and increase your trust in Twilio.

If you have any questions, please contact Customer Support.

Have more questions? Submit a request
Powered by Zendesk