Building an Android App: Twilio Integration in Azure Mobile Services

This is a continuation of a series documenting my challenge to build and release an Android app. You can read the past updates here.

Over the last several posts, I’ve written about several issues around integrating Twilio into an Android app. In my latest post I wrote that I’ll be trying to use Windows Azure mobile services because it really fits the bill for what I need my Android app’s back-end service to do.

Azure Mobile Services (AMS) gives you data storage capabilities and allows you to define custom scripts or APIs. These scripts are written in JavaScript, specifically Node.js. This means you can use the Node Package Manager (NPM) to integrate libraries into your scripts much like you would use NuGet (in ASP.NET). Scott Guthrie mentioned that in the future these custom APIs will be able to be written in .Net as well.

To get started, create your mobile service in the Azure dashboard.
CreateNewServiceOnce your mobile service is created, enable source control. This will create a Git repository. With that you can use write your custom APIs (scripts) on your local machine and use NPM to add libraries to your project. Then you can push your changes up to your mobile service.
TurnOnSourceControlI used the Twilio library for Node.js. You’ll see it referenced like this:

var twilio = require('twilio');

Sending SMS Messages

This API (script) can be used to send text messages through Twilio:

exports.get = function(request, response) {
    var twilio = require('twilio');
    var client = new twilio.RestClient('AccountSID', 'AuthToken');

        to:'[+13135555555]', //Notice the +1 prefix (required by Twilio)
        body:'ahoy hoy! Testing Twilio and node.js'
    }, function(error, message) {

        // The "error" variable will contain error information, if any.
        // If the request was successful, this value will be "false"
        if (!error) {

            console.log('Success! The SID for this SMS message is: ' + message.sid);
            console.log('Message sent on: ' + message.dateCreated);
            //simple response to the caller
            response.send(statusCodes.OK, { message : 'Success! The SID for this SMS message is: ' + message.sid });
        else {
            //These error log entries show up in mobile services log in the Azure dashboard.
            console.log('Oops! There was an error.');
            response.send(statusCodes.OK, { message : 'Error!' });


Notice only the exports.get function is setup. If I wanted to access this script via a post, then I would need to place the code in the function.

Voice Calls

exports.get = function(request, response) {
    var twilio = require('twilio'); //The NPM module.
    var client = new twilio.RestClient('AccountSID', 'AuthToken');

        to:'+15555555', //The number you're trying to call; note the +1 prefix.
        from: '+15555555', //The number you're calling form (i.e. your Twilio number)
        url: '' //The URL that will serve your TWIML up to Twilio.        
    }, function(err, responseData) {


    response.send(statusCodes.OK, { message : 'Message Sent' });

Mobile App Specifics

In order to allow your mobile application to talk to your Twilio account, you’ll need to have an API that you can use to generate a Capability Token. You’ll pass this token to Twilio along with your account credentials to enable your app to make or receive phone calls or text messages.

I used another Node library to help me do generate the token. There are probably other options but I used twilio-client-token. Here’s the script:

exports.get = function(request, response) {
    var TwilioCapability = require('twilio-client-token');

    var accountSid = 'xxx';
    var authToken  = 'xxx';
    var appSid     = 'xxx'; 
    //App SID is defined when you create your TWIML app in the Twilio dashboard.

   var tc = new TwilioCapability(accountSid, authToken);


    var token = tc.generate();

    response.send(statusCodes.OK, { token : token });

A Word about Security

Each script (API) has it’s own security settings that dicate how it can be called. By default, Azure will set up each script to be executed only when the invoker (the client) has the application key.APIDefaultSecurity

But you can also enable only authenticated users to run the scripts or only administrators to delete or patch scripts.

OptionalAPISecurityMake sure that your scripts are properly locked down! It would be a shame to get a huge Twilio bill because someone figured out how to hijack your back-end service!

Mobile,Mobile App Challenge
Share this Story:
  • facebook
  • twitter
  • gplus

About Jeremy Foltz

Leave a comment