I am developing a script where users can insert their Twilio Account SID & Auth Token (Basically a username pass combo). These credentials are used when sending SMS messages through Twilio REST API. If the credentials are incorrect I get a fatal error (which is bad..).
If the users server has CURL or file_get_contents enabled I can make a request for that users account (curl_init('https://' . $accountsid . ':' . $authtoken . '@api.twilio.com/2010-04-01/Accounts');) and verify the credentials based on the http response code.
However, the problem is not all servers have curl or file_get_contents enabled. So if the user inputs incorrect Account SID and/or Auth Token they will get a fatal error when trying to send the message.
Obviously you cannot catch and disable a fatal error, so any ideas how I could verify account credentials without using curl or file_get_contents?
PHP’s stream wrappers – http://php.net/manual/en/wrappers.php.php – will allow you to make HTTP requests. In your case, you could use the Account Sid and Auth Token to make a request for something like account information. If you get back the information, you expect, you’re done. If not, you handle appropriately.
Regardless, you might be able to simplify the flow a bit.. we have a tool called Twilio Connect which is like OAuth in that they don’t provide you credentials, they simply authorize you to use their account. The AccountSid/AuthToken are never shared.
Here are some docs on it: http://www.twilio.com/docs/connect
(Disclosure: Twilio employee here.)