By default, Twilio Endpoints are not secured.
Twilio is offering a signature-based method of validating that requests are indeed coming from Twilio. https://www.twilio.com/docs/usage/security#validating-requests
In order to implement these, you can access the request headers inside an Input Transformer and perform the necessary checks in there.
A working example can be found on our Github repository.
Updated about 2 years ago