Programmable Voice | Jan. 11, 2024

Upcoming security changes: Deprecation HTTP Recording Media Endpoint

Effective 5 February, 2024, Twilio will deprecate HTTP voice media endpoint and redirect requests to fetch recordings media files to HTTPS. As a result, CNAME to serve media from custom hostname will no longer be supported.

HTTP requests to access or download voice recordings media files are streamed over an insecure channel. Following industry best practices, Twilio will require and enforce the use of secured HTTPS endpoints and Transport-Layer-Security (TLS) protocols when an account accesses voice recordings media files.

Effective 5 February, 2024, Twilio will deprecate HTTP voice media endpoint and redirect requests to fetch recordings media files to HTTPS. As a result, CNAME to serve media from custom hostname will no longer be supported.

Existing accounts that access voice recordings media files using HTTP requests instead of HTTPS (either directly to api.twilio.com or through CNAME of Twilio API URLs) will be redirected to a secured HTTPS path. Applications not able to handle HTTPS redirection and/or using CNAME to serve media from custom hostname will fail to fetch recording media files.

To ensure your Twilio account follows security best practices and can continue to fetch recording media files without access issues, take the following actions before 5 February, 2024:

  • Prepare your applications to use secured HTTPS requests to access Voice Recordings stored on Twilio.
  • Discontinue using CNAME to serve media from custom hostname, fetch media using HTTPS requests instead
  • Review your code to use HTTPS requests instead of HTTP to fetch recordings media files. Alternatively, test your application to ensure it can handle redirects from HTTP to secure HTTPS
Voice