npm install twilio-cli -g
twilio plugins:install @twilio-labs/plugin-serverless
twilio login
.twilio serverless:init token-service
exports.handler = function(context, event, callback) { }
Standard
. Click the button that says Create API Key.API_KEY
environment variable. Then, copy the value for the SECRET into your .env file as the value for a new API_SECRET
environment variable.exports.handler = function(context, event, callback) { const twilioAccountSid = context.ACCOUNT_SID; const twilioApiKey = context.API_KEY; const twilioApiSecret = context.API_SECRET; const identity = event.identity; }
context
object provided by Twilio Functions. Likewise, any URL parameters passed on an API call to a Twilio Function are available on the event
object.event.identity
. Think of the identity as a sort of username, and consider carefully how you verify this identity before issuing an Access Token to the client.exports.handler = function(context, event, callback) { ... const AccessToken = Twilio.jwt.AccessToken; const token = new AccessToken( twilioAccountSid, twilioApiKey, twilioApiSecret, {identity: identity} ); }
AccessToken
object from Twilio. You automatically have access to the Twilio client inside a Twilio Function.VideoGrant
object from the AccessToken
object you already have.const VideoGrant = AccessToken.VideoGrant; const videoGrant = new VideoGrant(); token.addGrant(videoGrant);
VideoGrant
object and adds it to your Access Token.const VideoGrant = AccessToken.VideoGrant; const videoGrant = new VideoGrant({ room: 'cool room' // the specific room's name }); token.addGrant(videoGrant);
event
object.SERVICE_SID
.const ChatGrant = AccessToken.ChatGrant; const chatGrant = new chatGrant({ serviceSid: context.SERVICE_SID, }); token.addGrant(chatGrant);
ChatGrant
object with the Service SID you just obtained and then adds the chat grant to your token.OUTGOING_SID
environment variable.const VoiceGrant = AccessToken.VoiceGrant; const voiceGrant = new VoiceGrant({ outgoingApplicationSid: context.OUTGOING_SID, incomingAllow: true // allows your client-side device to receive calls as well as make them }); token.addGrant(voiceGrant);
VoiceGrant
object with your TwiML App’s SID and the incomingAllow
key sets permissions for whether or not your client-side Twilio Device can receive calls as well as make them. This key is optional.Response
object and send it back to the caller (your client-side application):exports.handler = function(context, event, callback) { ... const response = new Twilio.Response(); const headers = { "Access-Control-Allow-Origin": "*", // change this to your client-side URL "Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,OPTIONS", "Access-Control-Allow-Headers": "Content-Type", "Content-Type": "application/json" }; response.setHeaders(headers); response.setBody({ accessToken: token.toJwt() }); return callback(null, response); }
Access-Control-Allow-Origin
key to the root URL of your client-side application. As written, your client-side code could be duplicated and used to build an unauthorized app that easily connects to your Access Token code.twilio serverless:deploy
https://token-service-XXXX-dev.twil.io/token
. This is the endpoint you’ll fetch from in your client-side application when you need to get your Access Token - hang onto it!curl
to verify your response (be sure to use your specific URL and not the placeholder URL shown below):curl token-service-XXXX-dev.twil.io/token