Twilio fixture

`Incoming SMS`

Fires when one of your Twilio numbers receives an SMS. Unlike most modern webhooks, Twilio sends application/x-www-form-urlencoded — your handler must parse form data, not JSON.

When does it fire?

An incoming SMS to a Twilio number configured with a webhook URL. Twilio expects a TwiML XML response (or empty 200) for the auto-reply.

Request headers

Content-Type: application/x-www-form-urlencoded
X-Twilio-Signature: RSOYDt4T1cUTdK1PtY1FrUkF6h0=
User-Agent: TwilioProxy/1.1

Payload

{
  "MessageSid": "SM1234567890abcdef1234567890abcdef",
  "AccountSid": "AC1234567890abcdef1234567890abcdef",
  "From": "+14155552671",
  "To": "+15558675309",
  "Body": "STOP",
  "NumMedia": "0",
  "FromCity": "SAN FRANCISCO",
  "FromState": "CA",
  "FromCountry": "US"
}

Key fields

MessageSid
Unique message ID — use as dedup key.
From / To
E.164 format phone numbers. Always parse, never compare raw strings.
Body
Message text. Handle STOP/HELP keywords for compliance.
X-Twilio-Signature
Verify with HMAC-SHA1 over `URL + sorted form params`. Different from most providers.

Test it with cURL

Replace your-endpoint with your HookSense endpoint slug — or any URL you want to test against.

curl -X POST https://hooksense.com/w/your-endpoint \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "X-Twilio-Signature: RSOYDt4T1cUTdK1PtY1FrUkF6h0=" \
  -H "User-Agent: TwilioProxy/1.1" \
  -d '{
  "MessageSid": "SM1234567890abcdef1234567890abcdef",
  "AccountSid": "AC1234567890abcdef1234567890abcdef",
  "From": "+14155552671",
  "To": "+15558675309",
  "Body": "STOP",
  "NumMedia": "0",
  "FromCity": "SAN FRANCISCO",
  "FromState": "CA",
  "FromCountry": "US"
}'

Capture this in HookSense

Fire the cURL above at your HookSense endpoint and inspect the request in real time — with headers, body, signature verification, and replay.

Get a free endpoint

More Twilio fixtures

Twilio integration guide →