Resources/The Agent API Atlas/Communication/Twilio

Everything an AI agent can do with the Twilio API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints29

API version2010-04-01

Last updated23 June 2026

Orientation

How the Twilio API works.

The Twilio API is how an app or AI agent works with Twilio's communication channels: sending an SMS, MMS, or WhatsApp message, placing and controlling a phone call, buying or releasing a phone number, and managing the account and its subaccounts. Access is granted through HTTP Basic auth, with either the Account SID and Auth Token or an API key, and the core REST API has no per-action OAuth scopes, so the credential itself sets the whole boundary. A state change like a delivered message or an answered call is reported back through a status-callback webhook.

29Endpoints

5Capability groups

14Read

15Write

0Permissions

Authentication

Twilio authenticates the core REST API with HTTP Basic auth, not OAuth. The credential is either the Account SID (AC...) as username with the Auth Token as password, or an API key SID (SK...) with its secret. Twilio recommends API keys for production, since a key can be revoked on its own, and recommends keeping the Account SID and Auth Token to local testing. An API key's secret is shown only once, at creation.

Permissions

The core REST API has no granular per-action permissions or OAuth scopes. Any valid credential can call across messaging, voice, phone numbers, and account management alike, so the credential itself is the entire access boundary. There is no built-in way to grant a key only 'send SMS' but not 'place calls' or 'buy numbers'. A 401 with error 20003 means the credential is wrong or revoked, not that it lacks a specific scope.

Versioning

The core REST API is pinned to one dated version, 2010-04-01, which appears in every request path under api.twilio.com. New capabilities ship inside that version rather than as new dated versions, so the path version is effectively stable. Newer products use their own versioned bases, like messaging.twilio.com/v1, and ship dated changes through the product changelog.

Data model

Twilio is resource-oriented REST: form-encoded requests, and JSON, XML, or CSV responses chosen by file extension on the 2010 API. Most resources nest under /2010-04-01/Accounts/{AccountSid}/, covering Messages, Calls, Recordings, IncomingPhoneNumbers, and Keys, while subaccounts let resources and billing be isolated. A state change, like a message being delivered or a call being answered, is reported by a status-callback webhook to a URL set on the request.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Twilio determines what it can reach. There is the REST API for making calls, status-callback webhooks for receiving updates, and a hosted documentation server for agents, and each is governed by the credential behind it. The core REST API authenticates with a single account-wide credential that carries no per-action scopes, so the credential itself sets the whole boundary.

Ways to connect

REST API

The core REST API answers at https://api.twilio.com, and every path carries the dated version 2010-04-01. Most resources live under /2010-04-01/Accounts/{AccountSid}/. It takes form-encoded request bodies and returns JSON when the path ends in .json (XML and CSV are also available on the 2010 API). Newer products use their own base, like messaging.twilio.com/v1, which returns JSON only. A request authenticates with HTTP Basic auth, and the core API has no per-action OAuth scopes, so the credential sets the whole boundary.

Best forConnecting an app or AI agent to Twilio.

Governed byThe Account SID and Auth Token, or the API key, behind the request.

Docs ↗

Status-callback webhooks

Twilio POSTs to a URL set on a message or call to report status changes, like a message being delivered or a call being answered. A message callback carries MessageStatus and, on failure, an ErrorCode; a call callback carries CallStatus, and StatusCallbackEvent selects which call events are sent. Inbound messages and calls are also delivered to the webhook URL configured on the receiving phone number.

Best forReceiving Twilio status updates at an app or AI agent.

Governed byThe callback URL set on the message, call, or number.

Docs ↗

MCP server (Model Context Protocol)

Twilio hosts a documentation MCP server at https://mcp.twilio.com/docs, in public beta, that an agent points its client at with no installation and no authentication. It indexes the public API specs across 1,800+ endpoints and 30+ products and exposes twilio__search and twilio__retrieve tools in a search-then-retrieve flow. It is read-only: it returns API documentation and does not execute API calls. A separate self-hostable server, the @twilio-alpha/mcp npm package from twilio-labs, turns Twilio's OpenAPI spec into executable MCP tools and authenticates with an API key SID and secret.

Best forGiving an AI agent Twilio API documentation, or self-hosting executable tools.

Governed byNothing for the hosted docs server (public specs only); the API key SID and secret for the self-hosted server.

Docs ↗

Authentication

API key

An API key has its own SID (SK...) and a secret, and is sent through HTTP Basic auth with the key SID as the username and the secret as the password. Twilio recommends using API keys for production, because a key can be revoked on its own without rotating the Auth Token. A Standard key authenticates REST API requests; the secret is shown only once, when the key is created. An API key carries no per-action scopes on the core REST API.

TokenAPI key SID + secret (SK...)

Best forProduction server-side access that can be revoked independently.

Docs ↗

Account SID + Auth Token

The Account SID (AC...) is the username and the Auth Token is the password in HTTP Basic auth. This is the account's master credential and can call the entire API, so Twilio recommends limiting it to local testing and using API keys in production. If the Account SID and Auth Token leak, the whole account is compromised.

TokenAccount SID (AC...) + Auth Token

Best forLocal testing and getting started.

Docs ↗

Capability map

What an AI agent can do in Twilio.

The Twilio API is split into areas an agent can act on, like sending messages, placing and controlling calls, buying and releasing phone numbers, and managing the account and its subaccounts. The core REST API has no granular per-action permissions, so the credential used can reach every area at once unless something in front of it narrows the access.

Messaging

8 endpoints

Send an SMS, MMS, or WhatsApp message, read and update sent messages, and manage Messaging Services that pool numbers for sending.

A write here sends real messages, which can cost money and reach real recipients.

View endpoints →

Voice

7 endpoints

Place an outbound call, fetch and list calls, redirect or end a call in progress, and read or delete call recordings.

A write here places real calls or controls a live call, which can cost money.

View endpoints →

Phone numbers

6 endpoints

Search for numbers available to buy, provision a number onto the account, update its settings, and release a number.

A write here buys or releases real phone numbers, which changes billing and can drop service.

View endpoints →

Account & subaccounts

4 endpoints

Read account details, create and list subaccounts, and update an account's status to suspend, reactivate, or close it.

A write here can suspend or close an account and the service running under it.

View endpoints →

API keys

4 endpoints

Create, read, update, and delete the API keys that authenticate REST API requests.

A write here mints or revokes credentials that can call the whole API.

View endpoints →

Endpoint reference

Every Twilio API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Messaging Send an SMS, MMS, or WhatsApp message, read and update sent messages, and manage Messaging Services that pool numbers for sending.8
POST	`/2010-04-01/Accounts/{AccountSid}/Messages.json`	Send an outbound SMS, MMS, or WhatsApp message.	write	—	Current
The core REST API has no per-action scopes; any valid Account SID and Auth Token, or API key, can call this. A StatusCallback URL can be set to receive delivery updates. Acts onmessage Permission (capability)None required VersionAvailable since the API’s base version Webhook event`message-status` Rate limitThroughput is the account's messages-per-second for the sending number; excess queues. SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Messages/{Sid}.json`	Fetch a single message by its SID.	read	—	Current
Read-only. No per-action scope on the core REST API. Acts onmessage Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Messages.json`	List messages sent from or received by the account, with optional date and number filters.	read	—	Current
Read-only. Paginated with PageSize and next_page_uri. Acts onmessage Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/2010-04-01/Accounts/{AccountSid}/Messages/{Sid}.json`	Update a message's body, used to redact the content of a sent or in-progress message.	write	—	Current
Posting an empty body redacts the message. No per-action scope on the core REST API. Acts onmessage Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/2010-04-01/Accounts/{AccountSid}/Messages/{Sid}.json`	Delete a message record from the account.	write	—	Current
Removes the message record. No per-action scope on the core REST API. Acts onmessage Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/Services`	Create a Messaging Service, a pool of numbers and settings used to send messages at scale.	write	—	Current
On the product API base messaging.twilio.com/v1, not the 2010-04-01 base. No per-action scope. Acts onmessaging_service Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/Services`	List the account's Messaging Services.	read	—	Current
Read-only. On messaging.twilio.com/v1. Acts onmessaging_service Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/Services/{Sid}`	Delete a Messaging Service, returning its phone numbers and short codes to the account.	write	—	Current
Deleting a Service used for US A2P 10DLC immediately halts that messaging. On messaging.twilio.com/v1. Acts onmessaging_service Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Voice Place an outbound call, fetch and list calls, redirect or end a call in progress, and read or delete call recordings.7
POST	`/2010-04-01/Accounts/{AccountSid}/Calls.json`	Place an outbound call to a phone number, SIP address, or client identifier.	write	—	Current
A StatusCallback URL and StatusCallbackEvent set which call events are sent back. No per-action scope. Acts oncall Permission (capability)None required VersionAvailable since the API’s base version Webhook event`call-status` Rate limitSubject to the account's REST API concurrency limit. SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Calls/{Sid}.json`	Fetch a single call by its SID.	read	—	Current
Read-only. No per-action scope on the core REST API. Acts oncall Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Calls.json`	List calls made to and from the account, with optional filters.	read	—	Current
Read-only. Paginated with PageSize and next_page_uri. Acts oncall Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/2010-04-01/Accounts/{AccountSid}/Calls/{Sid}.json`	Modify a call in progress, redirecting it to new TwiML or ending it.	write	—	Current
Setting Status to completed ends a live call. No per-action scope. Acts oncall Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Recordings/{Sid}.json`	Fetch the metadata of a single call recording.	read	—	Current
Read-only. Metadata is returned in JSON or XML. Acts onrecording Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Recordings.json`	List the account's call recordings, with optional filters.	read	—	Current
Read-only. Paginated. Acts onrecording Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/2010-04-01/Accounts/{AccountSid}/Recordings/{Sid}.json`	Delete a recording from the account.	write	—	Current
Sets the recording status to deleted; metadata is retained for 40 days. No per-action scope. Acts onrecording Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Phone numbers Search for numbers available to buy, provision a number onto the account, update its settings, and release a number.6
GET	`/2010-04-01/Accounts/{AccountSid}/AvailablePhoneNumbers/{CountryCode}/Local.json`	Search for local phone numbers available to buy, filtered by area code, capabilities, or pattern.	read	—	Current
Read-only search; buying happens through IncomingPhoneNumbers. No per-action scope. Acts onavailable_phone_number Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/2010-04-01/Accounts/{AccountSid}/IncomingPhoneNumbers.json`	Provision a phone number onto the account by buying it.	write	—	Current
Buys a real number and starts billing for it. No per-action scope. Acts onincoming_phone_number Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/IncomingPhoneNumbers/{Sid}.json`	Fetch a single phone number owned by the account.	read	—	Current
Read-only. No per-action scope on the core REST API. Acts onincoming_phone_number Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/IncomingPhoneNumbers.json`	List the phone numbers owned by the account.	read	—	Current
Read-only. Paginated. Acts onincoming_phone_number Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/2010-04-01/Accounts/{AccountSid}/IncomingPhoneNumbers/{Sid}.json`	Update a phone number's settings, like the webhook URLs for incoming calls and messages.	write	—	Current
Changes how the number routes inbound traffic. No per-action scope. Acts onincoming_phone_number Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/2010-04-01/Accounts/{AccountSid}/IncomingPhoneNumbers/{Sid}.json`	Release a phone number from the account.	write	—	Current
Releasing a number gives it up, and it may not be recoverable. No per-action scope. Acts onincoming_phone_number Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Account & subaccounts Read account details, create and list subaccounts, and update an account's status to suspend, reactivate, or close it.4
POST	`/2010-04-01/Accounts.json`	Create a subaccount under the main account.	write	—	Current
Subaccounts isolate resources and billing. No per-action scope. Acts onaccount Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{Sid}.json`	Fetch an account or subaccount by its SID.	read	—	Current
Read-only. No per-action scope on the core REST API. Acts onaccount Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts.json`	List the accounts and subaccounts the credential can reach.	read	—	Current
Read-only. Paginated. Acts onaccount Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/2010-04-01/Accounts/{Sid}.json`	Update an account, including its Status to suspend, reactivate, or close it.	write	—	Current
Setting Status to closed permanently closes a subaccount. No per-action scope. Acts onaccount Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
API keys Create, read, update, and delete the API keys that authenticate REST API requests.4
POST	`/2010-04-01/Accounts/{AccountSid}/Keys.json`	Create a Standard API key used to authenticate REST API requests.	write	—	Current
The secret is returned once, at creation. A key can call the whole API. No per-action scope. Acts onkey Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json`	Fetch a single API key's details.	read	—	Current
Read-only; the secret is never returned again. No per-action scope. Acts onkey Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/2010-04-01/Accounts/{AccountSid}/Keys.json`	List the account's API keys.	read	—	Current
Read-only. Paginated. Acts onkey Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json`	Delete an API key, revoking its access to the REST API.	write	—	Current
Immediately stops any request using that key. No per-action scope. Acts onkey Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Twilio can notify an app when something happens, like a message reaching its recipient or a call being answered. It sends an HTTP request, called a status callback, to a URL set on the message or call, so an integration learns the outcome without polling.

Event	What it signals	Triggered by
`MessageStatus callback`	Twilio POSTs to the StatusCallback URL as a message moves through its lifecycle, with MessageStatus values like queued, sending, sent, delivered, undelivered, and failed. When the status is undelivered or failed, an ErrorCode says why.	`/2010-04-01/Accounts/{AccountSid}/Messages.json`
`CallStatus callback`	Twilio POSTs to the StatusCallback URL on a call's status events, with CallStatus values like queued, ringing, in-progress, completed, busy, no-answer, canceled, and failed. StatusCallbackEvent selects which of initiated, ringing, answered, and completed are sent.	`/2010-04-01/Accounts/{AccountSid}/Calls.json`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Twilio limits how fast an app can call the REST API through a per-account concurrency ceiling, and limits message sending separately through a per-second throughput that depends on the phone number type.

Request rate

Twilio limits the REST API by a per-account concurrency ceiling on how many requests run at once, not by a per-method point cost; exceeding it returns HTTP 429 with error 20429. Message sending is limited separately by throughput, measured in message segments per second (MPS) and tied to the sending number type: a US or Canada long code defaults to 1 MPS, a toll-free number defaults to higher rates, and a short code can reach about 100 MPS. Requests above the sending number's MPS queue rather than fail, with account and campaign queues holding up to about 10 hours of segments. Inbound messages are queued at up to 500 per second per destination number.

Pagination

List endpoints are page-based. PageSize sets how many resources a page returns (default 50), page is the zero-indexed page number, and the response carries next_page_uri, previous_page_uri, and first_page_uri to walk the list. Following next_page_uri is preferred over building page URLs by hand, and the official SDKs auto-paginate.

Request size

A list page returns up to the PageSize requested, defaulting to 50. The 2010-04-01 API can return JSON, XML, or CSV by file extension on the path; product APIs return JSON only. A deleted recording's metadata is retained for 40 days.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`21211`	The 'To' phone number is not a valid number. The request was well-formed but a parameter is invalid.	Validate and format the destination number in E.164 (like +14155551234) before sending, and do not retry as-is.
400	`21608`	The 'To' number is not verified for this account. On a trial account, messages can only go to verified numbers.	Verify the destination number in the Console, or upgrade the account past the trial limit.
400	`21610`	The message can't be sent because the recipient has unsubscribed (replied STOP) from this number.	Stop sending to that recipient on that number, or send from a number they have not opted out of.
401	`20003`	Permission denied: authentication failed, usually a wrong or revoked Account SID, Auth Token, or API key.	Check the credential being sent, and rotate it if it is compromised.
404	`20404`	The requested resource was not found, because the SID is wrong or the resource is not visible to this credential.	Confirm the resource SID and that the credential's account owns it.
429	`20429`	Too many requests: the account's REST API concurrency limit was exceeded.	Back off and retry with exponential backoff, and smooth the request rate.
500	`20500`	An internal Twilio server error. It is rare and not caused by the request.	Retry with backoff, and contact Twilio support if it persists.

Versioning & freshness

Version history.

Twilio pins its core REST API to a single dated version, 2010-04-01, which appears in every request path. New features ship inside that version rather than as new dated versions, and individual products ship their own dated changes through the changelog.

Version history

What changed, and when

Latest version2010-04-01

2010-04-01Current version

Core REST API version (stable)

The core REST API at api.twilio.com is pinned to the dated version 2010-04-01, which appears in every request path. Twilio has kept it as the stable version, shipping new features inside it rather than minting new dated versions for the core API. Individual products use their own versioned bases (like messaging.twilio.com/v1) and ship dated changes through the product changelog.

What changed

Core REST API resources (Messages, Calls, Recordings, IncomingPhoneNumbers, Accounts, Keys) live under this version.
New product capabilities are delivered through separately versioned product APIs and the changelog, not a new core version.

2026-06-14Feature update

Unified typing indicators across channels

Typing indicators became available across RCS, WhatsApp, and Apple Messages for Business through a unified V3 API with consistent JSON payloads.

What changed

Typing indicators unified across RCS, WhatsApp, and Apple Messages for Business via a V3 API.

2026-06-10Requires migration

Conference list endpoint default changing

The Conference list endpoint's behavior is changing on 13 July 2026 to default to returning only in-progress conferences rather than conferences of every status.

What changed

Conference list endpoint will default to in-progress conferences only, from 13 July 2026.

2026-06-09Feature update

SMS data residency in the EU (Ireland) GA

SMS data residency for the EU reached general availability in the Ireland (IE1) region, with full Messaging Service support.

What changed

EU SMS data residency (IE1) reached general availability.

2026-05-26Feature update

REST API cipher suite security updates

The deadline for cipher suite security updates on REST API endpoints was extended to 18 November 2026 to give customers time to migrate.

What changed

Cipher suite updates for REST API endpoints extended to an 18 November 2026 deadline.

The 2010-04-01 path version is stable; track the changelog for product-level changes.

Twilio product changelog ↗

Questions

Twilio API, answered.

How does Twilio authenticate API requests?+

Through HTTP Basic auth, not OAuth. A request sends either the Account SID as the username and the Auth Token as the password, or an API key SID and its secret. Twilio recommends API keys for production because a key can be revoked independently without rotating the Auth Token, and recommends limiting the raw Account SID and Auth Token to local testing. If the Account SID and Auth Token leak, the whole account is compromised.

Does the Twilio core API have per-action permissions or scopes?+

No. The core REST API has no granular OAuth scopes or per-action permissions. A valid Account SID and Auth Token, or API key, can call every area, sending messages, placing calls, buying numbers, and managing the account alike. The credential is the entire access boundary, which is why a gateway in front of Twilio is the way to limit an agent to only the areas it needs.

What does the 2010-04-01 in the URL mean?+

It is the dated version of the core REST API, and it appears in every request path under api.twilio.com. Twilio has kept 2010-04-01 as the stable version and ships new features inside it rather than minting new dated versions for the core API. Newer products use their own versioned bases instead, such as messaging.twilio.com/v1.

How do I find out whether a message was delivered?+

Set a StatusCallback URL when sending the message. Twilio POSTs to it as the message moves through queued, sending, sent, delivered, undelivered, and failed, and includes an ErrorCode when it is undelivered or failed. Status can also be polled by fetching the Message resource, and Twilio suggests reconciling at least daily and polling if a status has not updated within 12 hours, since a callback can be missed.

What are the rate limits?+

Two separate limits apply. The REST API has a per-account concurrency ceiling on requests in flight; exceeding it returns HTTP 429 with error 20429. Message sending is limited by throughput in message segments per second, tied to the number type: a US long code defaults to 1 per second, while a short code can reach about 100 per second. Requests above the sending number's rate queue rather than fail.

What format are responses, and how does pagination work?+

The 2010-04-01 API returns JSON, XML, or CSV, chosen by the file extension on the path (.json, .xml, .csv); newer product APIs return JSON only. List endpoints are page-based: PageSize sets the page size (default 50), and the response includes next_page_uri, previous_page_uri, and first_page_uri. Following next_page_uri is preferred over constructing page URLs by hand, and the SDKs auto-paginate.

Does Twilio have an MCP server for AI agents?+

Yes. Twilio hosts a documentation MCP server at mcp.twilio.com/docs, in public beta, that needs no installation and no authentication and indexes the public API specs across 1,800+ endpoints, exposing twilio__search and twilio__retrieve. It is read-only and returns documentation rather than running API calls. A separate self-hostable server, the @twilio-alpha/mcp package from twilio-labs, turns the OpenAPI spec into executable tools and authenticates with an API key SID and secret.

What is Bollard AI?

Control what every AI agent can do in Twilio.

Bollard AI sits between a team's AI agents and Twilio. Twilio's core API has no built-in per-action permissions, so one key can send messages, place calls, and buy numbers alike. Bollard adds that boundary, granting each agent only the areas it needs, and every call is checked and logged.

Set send, read, or off per capability area, never a shared Twilio key that can do everything.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Twilio access in Bollard Browse all APIs →

Twilio

Notifications Agent

Send SMS notifications ActionOffReadFull use

Make voice calls ActionOffReadFull use

Buy and release phone numbers ResourceOffReadFull use

Read message and call logs ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Twilio

How the Twilio API works.

Connection & authentication methods.

REST API

Status-callback webhooks

MCP server (Model Context Protocol)

API key

Account SID + Auth Token

What an AI agent can do in Twilio.

Messaging

Voice

Phone numbers

Account & subaccounts

API keys

Every Twilio API method.

Messaging

Voice

Phone numbers

Account & subaccounts

API keys

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Twilio API, answered.

More communication API guides for agents

Gmail

Discord

Bird

Webex

Google Chat

Slack

Control what every AI agent can do in Twilio.