Gotchas

Below is a list (which is being continuously expanded) on things which may “get you” at one point or another. We’ve done our best to try and make django-twilio as easy to use as possible, but sometimes problems are unavoidable!

Help! I Get HTTP 403 Forbidden

There are two common problems that cause django-twilio to return HTTP 403 errors in your views:

Forgery Protection

django-twilio has built in forgery protection in some decorators to help verify that requests made to any of your Twilio views actually originate from Twilio.

We do this by analyzing HTTP requests sent to your views and comparing a special cryptographic hash. This way, attackers are not able to simply POST data to your views and waste your Twilio resources. Attacks of this nature can be expensive and troublesome.

In the event that HTTP requests to your views are determined to be forged, django-twilio will return an HTTP 403 (forbidden) response.

Because of the way this forgery protection works, you’ll get HTTP 403 errors when hitting django-twilio views if you test them yourself and you have settings.DEBUG = False. If you’d like to test your views, be sure to do so with Django’s DEBUG setting ON.

Missing Settings

django-twilio requires that you specify the variables TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN, either as environment variables, or in your site’s settings module. These are used to verify the legitimacy of HTTP requests to your Twilio views, and to instantiate the TwilioRestClient.

If these variables are missing, django-twilio will raise HTTP 403 (forbidden) errors, because it is unable to determine whether or not the HTTP request originated from Twilio.

To fix this, simply set these environment variables or add them to your settings variables.