Vapi is the Voice AI platform for developers.

Vapi AI

I noticed that the `twilioAccountSid` and `twilioAuthToken` are included in the body for each server-message request. Is this secure? Does VAPI have any documentation regarding this security measure?

<@730434293003976744>
Yes, VAPI takes security very seriously, and the inclusion of sensitive information such as `twilioAccountSid` and `twilioAuthToken` in the request body is handled with utmost care. These credentials are transmitted securely using HTTPS, which encrypts the data in transit, protecting it from interception by unauthorized parties.

VAPI also recommends best practices for securing your API credentials, such as not hardcoding them in your application code, using environment variables, and regularly rotating your credentials.

For detailed information on security measures and best practices, VAPI provides documentation that you can refer to. This documentation includes guidelines on how to securely handle your credentials and how VAPI protects your data.

If you have any specific concerns or need further clarification on security practices, please ask support for more info on this.

You can continue this conversation by mentioning me in the message.

<@730434293003976744> Yes it's completely secure as those credentials and right into your web-hooks, to get into the technicalities of this you can find more info from here https://security.vapi.ai