Skip to contentSkip to navigationSkip to topbar
On this page

Headers and cookies


(warning)

Warning

Functions allow you to access and set headers and cookies on incoming requests as well as your responses, as set forth in this documentation. Any controls, management, and configuration related to your use of headers and cookies, including compliance with applicable laws, is your responsibility and outside of Twilio's control. If you have questions about your legal obligations with respect to headers and cookies, please consult with your legal counsel.

For users of Runtime Handler 1.2.0 or later, Functions allow developers to access the HTTP Headers passed along with incoming requests. This will enable developers to take advantage of Cookies, CORS, and other features that headers enable.


What are headers?

what-are-headers page anchor

HTTP headers(link takes you to an external page) are small pieces of metadata that can be passed between clients and servers as part of the request/response life-cycle. For example, a request might include headers that contain more information about the resource being fetched or the client making the request.

It is also common to pass authentication values and API Keys as headers. For example, Twilio validates its webhook requests by including the X-Twilio-Signature HTTP header in requests.

Using the following request as an example, we can see that it includes headers describing the request's metadata such as Host, Content-Type, and Content-Length. In addition, there is an Authorization header that contains an auth token for identifying the request's user.

1
GET /example HTTP/1.1
2
Host: test-4321.twil.io
3
Authorization: 123abc
4
Content-Type: application/json
5
Content-Length: 23
6
7
{
8
"body": "Ahoy!"
9
}

What are cookies?

what-are-cookies page anchor

Cookies(link takes you to an external page) are a special kind of header which are typically used to tell if requests are coming from the same client or browser. On the web, they are commonly used for tracking session management (your authentication token and/or shopping cart), enabling personalization (site theme and/or preferences), and tracking of your behavior when browsing a site.


(warning)

Warning

Header support is not available for Functions Classic. Please consider migrating to the current version of Functions if you are still using Classic.

To enable headers, you must set the @twilio/runtime-handler Dependency version to 1.2.0 or later in the Functions Editor or your project's package.json if using the Serverless Toolkit. Once you redeploy your Function, headers will be accessible in your Function code.

Update Runtime Handler to version 1.2.

Now that you have your Runtime Handler updated, you are ready to work with headers and cookies in your Functions! Explore these resources to learn more about how to work with them and what you can build.

Need some help?

Terms of service

Copyright © 2024 Twilio Inc.