SlideShare a Scribd company logo

Productizing Twilio Applications

Download as PPTX, PDF
Patrick McKenzie, profile picture
Patrick McKenzie

The document provides extensive guidelines for developing and testing Twilio applications, emphasizing the importance of avoiding certain practices, like pushing code to production at inopportune times, and advocating for robust testing processes to prevent disastrous failures. It addresses specific concerns regarding modeling call flows, application security, scaling considerations, and the intricacies of handling various types of calls, including those involving answering machines. Additionally, it offers practical advice on how to improve overall application reliability and customer experience by implementing state machines, proper security measures, and ensuring thorough logging of errors.

Technology
Related topics:
Ruby on Rails Overview
1 of 40
Downloaded 90 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
PRODUCTIZING TWILIO APPLICATIONS Patrick McKenzie – Kalzumeus Software
My Business
Twilio Has The Power To Make You… Sob softly at 3 AM in a cold, wet, dar
How could I have avoided that?  Process: Do not push new code to production at 5 PM on Friday night.  Process: Test on staging server first. Fail the deploy if core features do not work as expected.  Tech: Switch to idempotent queues.  Tech: How about we don‟t call the same person 50 times in five minutes?  Tech: Activity spike 500x historical max = Shut. Down. Everything.
Testing Twilio Apps
Testing Pitfalls With Twilio  Testing is dangerous  Testing trivial changes often requires manual work  Your view code (Twiml) will frequently blow up business logic  Poor separation of concerns between model, view, controller, Twilio libraries, and Twilio API. Many classes of bugs not exercised by automated testing
Treat All Guns As Loaded
What To Test  Business logic, business logic, business logic  Scheduling calls / SMSes per business rules  Call flow  Am I calling Twilio API the way Twilio expects?  Twimllooks OK?  Parameters for requests passed correctly?  Does stuff actually work?
Don‟t Contact Twilio In Tests  Makes tests slow  Potentially dangerous  Bought numbers in unit test. Twilio.revenue += 340  Hurts reproducability  Instead, record and playback (VCR gem, etc)  NotRuby? Use Twilio API explorer, copy/paste response to mock.
Use localtunnel in development  Quicker than “FTP new version to site”  Won‟t break stuff for real customers
Staging Servers Are Required  Staging = Production – Customers  “Same” hardware, configurations, etc, different Twilio numbers  Ban the Internet (except Twilio) from servers  Strongly recommend no real data in staging DB  Staging servers good for automated test calls
Staging Servers Protect Production  Prior to pushing to production, push to staging.  Run a script to automatically drive website and telephone, verifying that stuff actually works.  Fail deploy to production if anything goes wrong.  Adds ~5 minutes to a deploy, will save you outages, catastrophic blowups, and your sanity.
Modeling Calls
“How Do We Do A Call Tree?”
“How Do We Do A Call Tree?”
Case Statements Considered Harmful  Easy to introduce subtle bugs  Very difficult to test  Requires manual testing (with a phone !?)  Tightly couples business logic w/ Twilio  Hard to maintain  Adding menu item => stuff breaks  Change a number => stuff breaks  Restructure flow => stuff breaks
A Better Way
You‟ll Appreciate This Later
What To Use State Machines For?  Call flows  Business logic testable (in model)  Forces similar organization on model, view, controller, and vocal assets  SMS flows  Necessity for contact in the first place  Avoid easiest catastrophic failure mode with Twilio
Specifics To Modeling Calls  Each call gets a DB/model object  Model tracks call state  Set state to “processing” prior to initiating call (or at entrance to Twilio script for inbound)  Then, transition based on input, using each transition to:  trigger side-effects (updating DB, etc)  present user with view state (voice, etc)
Answering Machines
Twilio‟s IfMachine = Continue  Wait until call recipient says something  If they don‟t say something, must be a machine.  If they do say something, maybe still a machine?  Error rates ~20% in my limited experience
Problems With IfMachine=Continue  “I tried a test call to myself and it never started talking. I‟m concerned my customers would hang up before my message plays.”  If you don‟t pick up beep correctly, first several seconds of message does not get recorded.  “My customers hit 1 and nothing happens.”
Other Options (Not Answers)  Give machines/humans the same message.  Give machines/humans the same message, but force a keypress (“1”) prior to talking. This coerces most answering machines/voicemails into starting recording, even early.  “This is an automated message from Your Company Here. Press 1 to hear your message.” <Gather> their input. If input, play human message. If none, play answering machine message.
Be Careful With Answering Machines Hit 5 To Confirm Your Appointment
Be Careful With Answering Machines Message Erased
This Is A Real Problem
This Is A Real Problem We are that stupid.
Security
Check Your Application For…  Application security issues  Unintended information disclosure  Catastrophic degradation during failure conditions  The 4Chan Rule
Outgoing Call Security  Educate users regarding proper use.  This will require firing some of them.  Establish per-account, per-destination, and global rate caps. Review manually after triggers.  Have a global “Stop all outgoing calls” button.
Most Important Part of Data Security This call could end up over the PA at
Incoming Call Security  Caller IDs can be spoofed. Do not gate important stuff on them.  “Thanks for calling our automated system. Put in your task code to continue.”  Task code: 4~6 digit random ID. Expires in 1 hour. If possible, flush codes if > 3 failures in a row.  Per-account call-in numbers when feasible. Increases security and cuts down on support costs.
Scaling
One Commodity Server Has…  6 hours per working day  3,600 seconds per hour  ~25 requests per second  ~3 requests per 2 minute phone call 180,000
People Hate Numbers So… Do you need to call all of Little Rock?
Why Rate Limit Then?  Control costs to your business and customer.  Protect customer from crushing their offline processes which are feeding to/from the phones.  “Great that it scales. By the way, can we get an off button? To turn off calls for a few hours?”  “Why do you need an off button?”  “Our operators sometimes get called away from their desks, for meetings and whatnot.”  “Certainly. How many operators do you have?”  “Two.”
Random Advice
Random Grabbag Of Advice  Never contact Twilio in request/response cycle. Queue requests, use worker process.  Fiverr.com for voice actresses. Find one you like, put her on retainer.  Record copious information about errors. Very hard to get individualized “What did your customer do to hear that unspecified „Something broke‟ message?”  Fail closed: default to not making the call.
Thanks For Listening  http://www.kalzumeus.com  patrick@kalzumeus.com  I‟m patio11 on Twitter or HN.  I love talking about this. Feel free to get in touch.

More Related Content

PPTX
Lets have some fun with twilio open tok
mirahman
 
PDF
Into In Infrastructure "what I Need"
egyappassiut
 
PPTX
How to Get Employees to Really Use New Technology
EMERGE App
 
PPTX
MyFirmsApp Small Firms Live Product Demo AU
Daniel Richards
 
PPT
Email for Mobile Phones
VerticalResponse
 
PPTX
Paul Sokol - Get It Done: Process
Infusionsoft
 
PPTX
Supply Chain Visibility: A Business Case for Automation in Your Supply Chain
Emily Millard Murphy
 
PPTX
Pel softlabs
Pelsoftlabs
 
Lets have some fun with twilio open tok
mirahman
 
Into In Infrastructure "what I Need"
egyappassiut
 
How to Get Employees to Really Use New Technology
EMERGE App
 
MyFirmsApp Small Firms Live Product Demo AU
Daniel Richards
 
Email for Mobile Phones
VerticalResponse
 
Paul Sokol - Get It Done: Process
Infusionsoft
 
Supply Chain Visibility: A Business Case for Automation in Your Supply Chain
Emily Millard Murphy
 
Pel softlabs
Pelsoftlabs
 

Viewers also liked (20)

PPTX
Software For Underserved Markets
Patrick McKenzie
 
PPTX
Software Businesses On 5 Hours A Week
Patrick McKenzie
 
PDF
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
Twilio Inc
 
PDF
Scaling Company Values - Twilio - TechWeek 2012
Twilio Inc
 
PDF
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Twilio Inc
 
PDF
Twilio Web Service API for building Voice Applications
Twilio Inc
 
PDF
Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Inc
 
PDF
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
Rudy Jahchan
 
PDF
How the Realtime Web is influencing the future of communications
Phil Leggetter
 
PPTX
Microconf Europe 2013 -- Patrick McKenzie
Patrick McKenzie
 
PPTX
Patrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie
 
PPTX
Conversion Optimization in Practice: BaconBiz 2013
Patrick McKenzie
 
KEY
Deploying Next Gen Systems with Zero Downtime
Twilio Inc
 
PDF
Call Tracking with Twilio - Cloudstock 2010
Twilio Inc
 
PPTX
Hashtag Aggregation - Tools
Roman Zoechlinger
 
PDF
Global Phone Numbers: Taking Your App Around The World
Twilio Inc
 
PDF
Influencer Marketing with Klear
Klear
 
PPTX
Best practices of modern marketing & sales for talent acquisition leaders
Francois Dufour
 
PDF
Pitch Influencer Marketing to your Boss
Klear
 
PPT
Salesforce Integration with Twilio
Pat Patterson
 
Software For Underserved Markets
Patrick McKenzie
 
Software Businesses On 5 Hours A Week
Patrick McKenzie
 
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
Twilio Inc
 
Scaling Company Values - Twilio - TechWeek 2012
Twilio Inc
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Twilio Inc
 
Twilio Web Service API for building Voice Applications
Twilio Inc
 
Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Inc
 
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
Rudy Jahchan
 
How the Realtime Web is influencing the future of communications
Phil Leggetter
 
Microconf Europe 2013 -- Patrick McKenzie
Patrick McKenzie
 
Patrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie
 
Conversion Optimization in Practice: BaconBiz 2013
Patrick McKenzie
 
Deploying Next Gen Systems with Zero Downtime
Twilio Inc
 
Call Tracking with Twilio - Cloudstock 2010
Twilio Inc
 
Hashtag Aggregation - Tools
Roman Zoechlinger
 
Global Phone Numbers: Taking Your App Around The World
Twilio Inc
 
Influencer Marketing with Klear
Klear
 
Best practices of modern marketing & sales for talent acquisition leaders
Francois Dufour
 
Pitch Influencer Marketing to your Boss
Klear
 
Salesforce Integration with Twilio
Pat Patterson
 
Ad

Similar to Productizing Twilio Applications (20)

PPTX
Tech campmemphis slides_post_session
Stewart Whaley
 
PDF
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Ron Pierce
 
PPTX
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Nick Galbreath
 
PDF
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
PDF
Flo-Tech E-book-Avoiding Device Failure
Thomas Clifford
 
PDF
The on-call survival guide - how to be confident on-call
Raygun
 
PDF
Dit yvol5iss32
Rick Lemieux
 
PDF
OSMC 2008 | Review of notification methods by Jose Luis Martinez
NETWAYS
 
PPTX
The Lean Startup EA edition
Eric Ries
 
PDF
The DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
tlevey
 
PPTX
The Lean Startup fbFund Edition
Eric Ries
 
PDF
2600 v02 n10 (october 1985)
Felipe Prado
 
PDF
Operationalizing Machine Learning in the Enterprise
mark madsen
 
PPTX
VoIP Security 101 what you need to know
Eric Klein
 
PDF
ZenAlert, The Thing Care Platform - Why you need it and how it works -
ZenAlert
 
PDF
Breaking the bank : how to really test/annoy financial institutions
SensePost
 
ODP
Salesdialers Presentation
SalesDialers.com
 
PPT
Voice Biometrics automated password_reset
Kunal Grover
 
PPTX
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus
 
PDF
The limits of unit testing by Craig Stuntz
QA or the Highway
 
Tech campmemphis slides_post_session
Stewart Whaley
 
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Ron Pierce
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Nick Galbreath
 
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
 
Flo-Tech E-book-Avoiding Device Failure
Thomas Clifford
 
The on-call survival guide - how to be confident on-call
Raygun
 
Dit yvol5iss32
Rick Lemieux
 
OSMC 2008 | Review of notification methods by Jose Luis Martinez
NETWAYS
 
The Lean Startup EA edition
Eric Ries
 
The DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
tlevey
 
The Lean Startup fbFund Edition
Eric Ries
 
2600 v02 n10 (october 1985)
Felipe Prado
 
Operationalizing Machine Learning in the Enterprise
mark madsen
 
VoIP Security 101 what you need to know
Eric Klein
 
ZenAlert, The Thing Care Platform - Why you need it and how it works -
ZenAlert
 
Breaking the bank : how to really test/annoy financial institutions
SensePost
 
Salesdialers Presentation
SalesDialers.com
 
Voice Biometrics automated password_reset
Kunal Grover
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus
 
The limits of unit testing by Craig Stuntz
QA or the Highway
 
Ad

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Approach and Philosophy of On baking technology
30anthuong17
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 

Productizing Twilio Applications

  • 3. Twilio Has The Power To Make You… Sob softly at 3 AM in a cold, wet, dar
  • 4. How could I have avoided that?  Process: Do not push new code to production at 5 PM on Friday night.  Process: Test on staging server first. Fail the deploy if core features do not work as expected.  Tech: Switch to idempotent queues.  Tech: How about we don‟t call the same person 50 times in five minutes?  Tech: Activity spike 500x historical max = Shut. Down. Everything.
  • 6. Testing Pitfalls With Twilio  Testing is dangerous  Testing trivial changes often requires manual work  Your view code (Twiml) will frequently blow up business logic  Poor separation of concerns between model, view, controller, Twilio libraries, and Twilio API. Many classes of bugs not exercised by automated testing
  • 7. Treat All Guns As Loaded
  • 8. What To Test  Business logic, business logic, business logic  Scheduling calls / SMSes per business rules  Call flow  Am I calling Twilio API the way Twilio expects?  Twimllooks OK?  Parameters for requests passed correctly?  Does stuff actually work?
  • 9. Don‟t Contact Twilio In Tests  Makes tests slow  Potentially dangerous  Bought numbers in unit test. Twilio.revenue += 340  Hurts reproducability  Instead, record and playback (VCR gem, etc)  NotRuby? Use Twilio API explorer, copy/paste response to mock.
  • 10. Use localtunnel in development  Quicker than “FTP new version to site”  Won‟t break stuff for real customers
  • 11. Staging Servers Are Required  Staging = Production – Customers  “Same” hardware, configurations, etc, different Twilio numbers  Ban the Internet (except Twilio) from servers  Strongly recommend no real data in staging DB  Staging servers good for automated test calls
  • 12. Staging Servers Protect Production  Prior to pushing to production, push to staging.  Run a script to automatically drive website and telephone, verifying that stuff actually works.  Fail deploy to production if anything goes wrong.  Adds ~5 minutes to a deploy, will save you outages, catastrophic blowups, and your sanity.
  • 14. “How Do We Do A Call Tree?”
  • 15. “How Do We Do A Call Tree?”
  • 16. Case Statements Considered Harmful  Easy to introduce subtle bugs  Very difficult to test  Requires manual testing (with a phone !?)  Tightly couples business logic w/ Twilio  Hard to maintain  Adding menu item => stuff breaks  Change a number => stuff breaks  Restructure flow => stuff breaks
  • 19. What To Use State Machines For?  Call flows  Business logic testable (in model)  Forces similar organization on model, view, controller, and vocal assets  SMS flows  Necessity for contact in the first place  Avoid easiest catastrophic failure mode with Twilio
  • 20. Specifics To Modeling Calls  Each call gets a DB/model object  Model tracks call state  Set state to “processing” prior to initiating call (or at entrance to Twilio script for inbound)  Then, transition based on input, using each transition to:  trigger side-effects (updating DB, etc)  present user with view state (voice, etc)
  • 22. Twilio‟s IfMachine = Continue  Wait until call recipient says something  If they don‟t say something, must be a machine.  If they do say something, maybe still a machine?  Error rates ~20% in my limited experience
  • 23. Problems With IfMachine=Continue  “I tried a test call to myself and it never started talking. I‟m concerned my customers would hang up before my message plays.”  If you don‟t pick up beep correctly, first several seconds of message does not get recorded.  “My customers hit 1 and nothing happens.”
  • 24. Other Options (Not Answers)  Give machines/humans the same message.  Give machines/humans the same message, but force a keypress (“1”) prior to talking. This coerces most answering machines/voicemails into starting recording, even early.  “This is an automated message from Your Company Here. Press 1 to hear your message.” <Gather> their input. If input, play human message. If none, play answering machine message.
  • 25. Be Careful With Answering Machines Hit 5 To Confirm Your Appointment
  • 26. Be Careful With Answering Machines Message Erased
  • 27. This Is A Real Problem
  • 28. This Is A Real Problem We are that stupid.
  • 30. Check Your Application For…  Application security issues  Unintended information disclosure  Catastrophic degradation during failure conditions  The 4Chan Rule
  • 31. Outgoing Call Security  Educate users regarding proper use.  This will require firing some of them.  Establish per-account, per-destination, and global rate caps. Review manually after triggers.  Have a global “Stop all outgoing calls” button.
  • 32. Most Important Part of Data Security This call could end up over the PA at
  • 33. Incoming Call Security  Caller IDs can be spoofed. Do not gate important stuff on them.  “Thanks for calling our automated system. Put in your task code to continue.”  Task code: 4~6 digit random ID. Expires in 1 hour. If possible, flush codes if > 3 failures in a row.  Per-account call-in numbers when feasible. Increases security and cuts down on support costs.
  • 35. One Commodity Server Has…  6 hours per working day  3,600 seconds per hour  ~25 requests per second  ~3 requests per 2 minute phone call 180,000
  • 36. People Hate Numbers So… Do you need to call all of Little Rock?
  • 37. Why Rate Limit Then?  Control costs to your business and customer.  Protect customer from crushing their offline processes which are feeding to/from the phones.  “Great that it scales. By the way, can we get an off button? To turn off calls for a few hours?”  “Why do you need an off button?”  “Our operators sometimes get called away from their desks, for meetings and whatnot.”  “Certainly. How many operators do you have?”  “Two.”
  • 39. Random Grabbag Of Advice  Never contact Twilio in request/response cycle. Queue requests, use worker process.  Fiverr.com for voice actresses. Find one you like, put her on retainer.  Record copious information about errors. Very hard to get individualized “What did your customer do to hear that unspecified „Something broke‟ message?”  Fail closed: default to not making the call.
  • 40. Thanks For Listening  http://www.kalzumeus.com  patrick@kalzumeus.com  I‟m patio11 on Twitter or HN.  I love talking about this. Feel free to get in touch.