SOLVED Twilio Webhook for Incoming SMS

For anyone who has gone through the process of setting up SMS in FusionPBX using Twilio, you may have found that Twilio doesn't use consistent IPs for contacting the Webhook, and so FusionPBX's check_acl() function will almost always result in an "access denied" message. Using Twilio's Signature Validation can solve this issue if you don't want to just accept all incoming webhook notifications (which you shouldn't).

After setting up SMS in FusionPBX, downloading Twilio's PHP SDK and unzipping it in <fusionbpx dir>/app/sms/resources/, I edited <fusionbpx dir>/app/sms/hook/sms_hook_twilio.php as follows:
<?php

include "../root.php";

require_once "resources/require.php";
require_once "../sms_hook_common.php";

// twilio validation stuff
require_once "../resources/twilio-php-master/Twilio/autoload.php";
use Twilio\Security\RequestValidator;
$twilio_token = $_SESSION['sms']['twilio_secret_key']['text'];
$twilio_sig = $_SERVER["HTTP_X_TWILIO_SIGNATURE"];
$validator = new RequestValidator($twilio_token);
$url = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$post_vars = $_POST;


if (check_acl() || $validator->validate($twilio_sig, $url, $post_vars)) {

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($debug) {
error_log('[SMS] REQUEST: ' . print_r($_REQUEST, true));
}
route_and_send_sms($_REQUEST['From'], str_replace("+","",$_REQUEST['To']), $_REQUEST['Body']);
} else {
die("no");
}
} else {
error_log('ACCESS DENIED [SMS]: ' . print_r($_SERVER['REMOTE_ADDR'], true));
die("access denied again");
}
?>
 
Not built in to FusionPBX. SIP endpoints registered with your FusionPBX that support chat messages (I don't know what the technical term in SIP for them is off the top of my head) are what you would use for any texting capabilities, whether that's through Twilio or another provider.