toc

Sending an SMS with Twilio

Sending encrypted data to a third-party.

Let’s now send an SMS to your user with the Twilio SMS API. If you haven't got a Twilio account, the first thing you’ll need to do is create one.

Let’s create three Twilio environment variables inside Replit.

Add Twilio environment variables

Paste this code into your index.js file to initialize the Twilio SDK:

javascript
// Initialize Twilio
const client = require('twilio')(
process.env.TWILIO_ACCOUNT_SID,
process.env.TWILIO_AUTH_TOKEN
);

Next, update the if block of your POST /submit handler to include the following:

javascript
// If the phone number is valid, send the SMS through Twilio
if (result.isValid) {
const sms = await client.messages.create({
body: `Hello, ${name}!`,
from: process.env.TWILIO_NUMBER,
to: phone,
});
}

This is what your completed index.js file should look like:

javascript
// Include Express.js, a library for easily building APIs in Node.js
const express = require('express');
const app = express();
// Including the Evervault SDK
const Evervault = require('@evervault/sdk');
// Initializing the Evervault SDK
const evervault = new Evervault(process.env.EVERVAULT_API_KEY, { decryptionDomains: ["api.twilio.com"] })
// Initialize Twilio
const client = require('twilio')(
process.env.TWILIO_ACCOUNT_SID,
process.env.TWILIO_AUTH_TOKEN
);
// Parse JSON bodies
app.use(express.json());
// Serve files from public folder
app.use(express.static('public'));
app.post('/submit', async (req, res) => {
try {
// Extract name and phone from the JSON the user sends from the form
const { name, phone } = req.body;
console.log('Sending SMS for', { name, phone });
// Verify phone number using a Cage
// Will return a result including isValid (bool),
// as well as country code information
const { result } = await evervault.run('verify-phone-number', { phone });
// If the phone number is valid, send the SMS through Twilio
if (result.isValid) {
const sms = await client.messages.create({
body: `Hello, ${name}!`,
from: process.env.TWILIO_NUMBER,
to: phone,
});
} else {
// If the phone number is not valid, return an error to the user
return res.json({ success: false });
}
return res.json({ success: true });
} catch (err) {
return res.json({ success: false });
}
});
// Start the server and listen on port 3030
app.listen(3030, () => {
console.log('App listening on port 3030');
});

If you submit the form with your real phone number, you should receive an SMS: Hello, Claude Shannon!.

That’s it! You’ve built a fully-functioning encrypted app with Evervault.

Summary

Let’s summarize what you’ve built. You’ve:

  1. Created an Express.js server (index.js),
  2. Created a HTML form for collecting a name and a phone number from a user (index.html),
  3. Connected your HTML form to your Express.js server,
  4. Integrated Evervault Relay so that phone numbers submitted to your form are encrypted before they enter your server,
  5. Included the Evervault SDK so that outbound requests from your server are automatically decrypted,
  6. Deployed a Cage to verify that phone numbers are valid, and
  7. Integrated the Twilio SMS API to send a user a text — without ever handling their phone number in plaintext.

Was this page useful?