When I recently wrote Twilio code the first thing I did was add in as much stuff as I could to prevent this sort of thing happening. I think I put in captcha and also IP address throttling and request counting.
At the time I wondered if I was overengineering or gold plating but apparently not.
I do seem to recall that Twilio writes about this issue quite alot and includes strategies in its best practices for avoiding the issue.
At the time I wondered if I was overengineering or gold plating but apparently not.
I do seem to recall that Twilio writes about this issue quite alot and includes strategies in its best practices for avoiding the issue.