Product changelog and announcements

Starting June 11, 2026, Node.js v20 support in Twilio Functions will end. Any new Functions that you create or deploy after that date will default to Node.js v22. Existing Functions will keep running on Node.js v20, and will only move to v22 when you choose to redeploy them. 

Starting May 1, 2026, Twilio’s public Certificate Authority will no longer include the Client Authentication Extended Key Usage (EKU) extension in the security certificates they issue.

To support compliance and improve campaign approval rates, Twilio is introducing new fields during U.S. A2P 10DLC Campaign registration.

What’s Changing?

When registering a Campaign, you must now provide:

• Privacy Policy URL – A valid, publicly accessible link to your privacy policy
• Terms & Conditions URL – A valid, publicly accessible link to your service terms.

These are now dedicated fields in the registration flow.

Console Updates

In the Twilio Console, you’ll see new fields in the Campaign registration form where you can enter your Privacy Policy and Terms & Conditions URLs directly.

API Updates
For programmatic registrations, these fields are now supported:

• Setup: Values can be passed during the Campaign create request. Providing the specific request header during the Campaign create call will return these fields in the API response.
• Recommendation: While the API currently allows flexibility, we highly recommend including these links in all new registration requests to avoid potential vetting failures.

Why This Matters
Previously, this information was required and  requested within the Message Flow description.
Providing dedicated, direct links ensures your Campaigns get approved faster and reduce the risk of rejection.

To learn more about U.S. A2P 10DLC registration, please review our documentation and Support article on Campaign approval requirements.

Starting in June 2026, WhatsApp will start rolling out usernames, an optional feature that allows users to hide their phone numbers when messaging or calling businesses. When a user adopts a username, their phone number may no longer appear in webhook payloads. Instead, a Business Scoped User ID (BSUID) will be provided in the to and from field, as well as the new ExternalUserId field.

To improve message reliability and security, we are updating the Toll-Free Verification process to require business registration numbers.
Starting February 17, 2026, a business registration number for all business types expect sole proprietorships will be required for all new Toll-Free submissions.

These fields are available now in Console and API. 
To learn more about  business registration number requirements check out our Toll-Free Verification API Docs and Support Article. 

To maintain compliance with industry standards for platform integrity, all 527 organizations using toll-free numbers for political messaging must now provide a Campaign Verify (CV) Auth Token.

February 17, 2026 - All new political Toll-free verifications from 527 organizations require a valid CV Auth Token to register and a CV Auth Token needs to be added to existing verifications.
January 7, 2026 - Support for CV Auth Tokens launched in Twilio Console and API

To learn more about Campaign Verify Token requirements check out our Toll-Free Verification API Docs and the Campaign Verify FAQ

We're transitioning TLS certificate management for Twilio's classic HTTP REST APIs from manually managed DigiCert certificates to AWS Certificate Manager (ACM). This change prepares Twilio for industry-wide changes that will reduce maximum certificate lifespans to 47 days by 2029.

Starting April 28, 2026, we’re deprecating these region-specific API domain patterns: 

• api.ie1.twilio.com

• api.au1.twilio.com

• api.br1.twilio.com

• api.de1.twilio.com

• api.jp1.twilio.com

• api.sg1.twilio.com

• api.us2.twilio.com

The Event Types will be restricted after 30 January 2026 at 22:00 UTC. Learn more about using restricted Event Types in Restricted Event Types. If you delete any of your existing subscriptions or remove one of the restricted Event Types, you will not be able to create a new subscription or add the restricted Event Types back.

TL;DR: Twilio Real-Time Transcriptions now supportsindividual word timings, and Deepgram’s Nova-3 Multi-language speech model,  for use with either Webhook-delievered speech results, or with Persisted Transcript Resources and Twilio Conversational Intelligence.