Improving Twilio SMS Integration and Ensuring Data Encryption
During the meeting, Mike discussed how he optimized the script to loop over all records and store them in memory before writing them to the database. He mentioned that the hold up is on the Twilio side, as they are rate limiting the SMS notifications. Mike is currently working with Twilio to address this issue.
The conversation then shifted to Twilio's programmable SMS feature. Mike explained that when sending individual transactions to Twilio, it works well, but when including additional details like arrival/departure airports and time, the process slows down. The group discussed the possibility of sending multiple SMS messages with a single API call and suggested exploring Twilio's API settings and creating a list of phone numbers to send the same message to.
They also briefly discussed T-Mobile blocking messages with links and the need to include a stop feature in the messages. Mike mentioned that he plans to send all the data to Twilio and let them handle the message distribution and parsing.
David offered to provide guidance on crafting API calls to Twilio and advised that all transmitted data should be encrypted and sent over HTTPS, ensuring secure transmission. He explained that the encryption during transmission is handled by the transport layer security (TLS) protocol.
Mike mentioned upcoming work on encryption, specifically encrypting data from the front end of the app to the back end database, as the app deals with sensitive information such as driver's licenses and passport numbers. David assured Mike that encryption during transmission is already solved through HTTPS, and the focus should be on handling data securely once it reaches Xano or the phone.
David also mentioned that expiration and two-factor authentication are effective measures to enhance security, and there are other ways to ensure secure token storage without encrypting on the phone.
The meeting concluded with Mike expressing gratitude for the help he received and mentioning future research on SMS-related topics during his downtime. David encouraged him to focus on securing the system by addressing weak points rather than trying to make already secure systems even more secure.