fix(webhooks): warn when Twilio webhook has no auth token configured

waleedlatif1 · waleedlatif1 · commit 720b2036ffb6 · 2026-06-06T12:54:24.000-07:00
Addresses PR review: when no auth token is set, verifyTwilioAuth skips
signature verification (optional-secret convention). Log a warning so
operators can detect a webhook running unauthenticated.
diff --git a/apps/sim/lib/webhooks/providers/twilio-signature.ts b/apps/sim/lib/webhooks/providers/twilio-signature.ts
@@ -78,6 +78,9 @@ export async function verifyTwilioAuth(
   const authToken = providerConfig.authToken as string | undefined
 
   if (!authToken) {
+    logger.warn(
+      `[${requestId}] ${providerLabel} webhook has no auth token configured — accepting request without signature verification. Configure an auth token to require signed requests.`
+    )
     return null
   }
 

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,9 @@ export async function verifyTwilioAuth(`
`78`	`78`	`const authToken = providerConfig.authToken as string \| undefined`
`79`	`79`
`80`	`80`	`if (!authToken) {`
	`81`	`+ logger.warn(`
	`82`	+ `[${requestId}] ${providerLabel} webhook has no auth token configured — accepting request without signature verification. Configure an auth token to require signed requests.`
	`83`	`+ )`
`81`	`84`	`return null`
`82`	`85`	`}`
`83`	`86`