Advertisement
Table of Contents
Integrate Google Calendar with Twilio and Railway for AI Voice Applications
TL;DR
Most voice assistants break when they hit real calendar APIs—OAuth tokens expire mid-call, timezone math fails, or double-bookings slip through. This guide shows you how to build a production-grade system using Google Calendar API for scheduling, Twilio Programmable Voice for call handling, and Railway for zero-config deployment. You'll handle OAuth refresh flows, implement conflict detection, and process webhook events that survive network failures. No toy code—just battle-tested patterns that scale.
Prerequisites
API Access & Authentication:
- Google Calendar API credentials (OAuth 2.0 client ID + secret from Google Cloud Console)
- Twilio account SID and auth token (from Twilio Console dashboard)
- Railway account with CLI installed (
npm install -g @railway/cli)
Development Environment:
- Node.js 18+ (LTS version required for ES modules)
- ngrok or Railway public URL for webhook testing
- Git for version control and Railway deployments
Technical Knowledge:
- OAuth 2.0 flow implementation (authorization codes, refresh tokens)
- Webhook signature validation (HMAC-SHA256 for Twilio)
- RESTful API integration patterns
- Environment variable management (
.envfiles, Railway secrets)
Network Requirements:
- Public HTTPS endpoint for receiving Twilio webhooks (Railway provides this automatically)
- Firewall rules allowing outbound HTTPS to Google/Twilio APIs
Cost Considerations:
- Twilio charges per voice minute (~$0.013/min inbound)
- Railway free tier: 500 hours/month, $5 credit
- Google Calendar API: free up to 1M requests/day
Railway: Deploy on Railway → Get Railway
Step-by-Step Tutorial
Configuration & Setup
Most voice scheduling systems break because developers skip the authentication layer. Google Calendar requires OAuth 2.0 with specific scopes, Twilio needs webhook verification, and Railway demands environment variable isolation.
Google Calendar OAuth Setup:
// OAuth 2.0 client configuration - production-grade
const { google } = require('googleapis');
const oauth2Client = new google.auth.OAuth2(
process.env.GOOGLE_CLIENT_ID,
process.env.GOOGLE_CLIENT_SECRET,
process.env.GOOGLE_REDIRECT_URI // Railway public URL + /oauth/callback
);
// Required scopes for calendar operations
const SCOPES = [
'https://www.googleapis.com/auth/calendar.events',
'https://www.googleapis.com/auth/calendar.readonly'
];
// Generate auth URL - send this to users
const authUrl = oauth2Client.generateAuthUrl({
access_type: 'offline', // Critical: enables refresh tokens
scope: SCOPES,
prompt: 'consent' // Forces refresh token on first auth
});
Railway Environment Variables: Set these in Railway dashboard (NOT in code):
GOOGLE_CLIENT_ID: From Google Cloud ConsoleGOOGLE_CLIENT_SECRET: From Google Cloud ConsoleGOOGLE_REDIRECT_URI:https://your-app.railway.app/oauth/callbackTWILIO_ACCOUNT_SID: From Twilio ConsoleTWILIO_AUTH_TOKEN: From Twilio ConsoleTWILIO_PHONE_NUMBER: Your Twilio voice number
Architecture & Flow
The integration requires THREE separate systems communicating asynchronously:
Mermaid Flow Diagram:
flowchart LR
A[User Calls Twilio] --> B[Twilio Webhook]
B --> C[Railway Server]
C --> D{Parse Intent}
D -->|Schedule| E[Google Calendar API]
D -->|Query| F[Google Calendar API]
E --> G[Create Event]
F --> H[Fetch Events]
G --> I[TwiML Response]
H --> I
I --> J[Twilio Voice]
J --> K[User Hears Result]
Critical architectural decision: Use Railway as the orchestration layer. Twilio webhooks hit Railway endpoints, Railway makes authenticated Google Calendar calls, Railway returns TwiML to Twilio. DO NOT attempt direct Twilio-to-Calendar communication.
Step-by-Step Implementation
1. Initialize Express Server on Railway
const express = require('express');
const twilio = require('twilio');
const { google } = require('googleapis');
const app = express();
app.use(express.urlencoded({ extended: false })); // Twilio sends form data
// Twilio webhook signature validation - MANDATORY for production
const validateTwilioRequest = (req, res, next) => {
const signature = req.headers['x-twilio-signature'];
const url = `https://${req.headers.host}${req.url}`;
if (!twilio.validateRequest(
process.env.TWILIO_AUTH_TOKEN,
signature,
url,
req.body
)) {
return res.status(403).send('Forbidden');
}
next();
};
app.listen(process.env.PORT || 3000);
2. Handle Twilio Voice Webhook
// YOUR server receives Twilio webhooks here
app.post('/voice/webhook', validateTwilioRequest, async (req, res) => {
const twiml = new twilio.twiml.VoiceResponse();
try {
// Gather user speech input
const gather = twiml.gather({
input: 'speech',
action: '/voice/process', // YOUR endpoint for processing
speechTimeout: 'auto',
language: 'en-US'
});
gather.say('What would you like to schedule?');
res.type('text/xml');
res.send(twiml.toString());
} catch (error) {
console.error('Webhook Error:', error);
twiml.say('System error. Please try again.');
res.type('text/xml').send(twiml.toString());
}
});
3. Process Speech and Create Calendar Event
// YOUR server processes speech and calls Google Calendar
app.post('/voice/process', validateTwilioRequest, async (req, res) => {
const speechResult = req.body.SpeechResult;
const twiml = new twilio.twiml.VoiceResponse();
try {
// Parse intent (use simple keyword matching or NLP service)
const intent = parseSchedulingIntent(speechResult);
// Authenticate with stored tokens (from OAuth flow)
oauth2Client.setCredentials({
refresh_token: process.env.USER_REFRESH_TOKEN
});
const calendar = google.calendar({ version: 'v3', auth: oauth2Client });
// Create calendar event
const event = await calendar.events.insert({
calendarId: 'primary',
requestBody: {
summary: intent.title,
start: { dateTime: intent.startTime, timeZone: 'America/New_York' },
end: { dateTime: intent.endTime, timeZone: 'America/New_York' },
reminders: { useDefault: true }
}
});
twiml.say(`Scheduled ${intent.title} for ${intent.startTime}`);
} catch (error) {
console.error('Calendar API Error:', error);
twiml.say('Could not schedule event. Please try again.');
}
res.type('text/xml').send(twiml.toString());
});
Error Handling & Edge Cases
Token Expiration: Google refresh tokens expire after 6 months of inactivity. Implement automatic refresh:
oauth2Client.on('tokens', (tokens) => {
if (tokens.refresh_token) {
// Store in database, NOT environment variables
saveRefreshToken(tokens.refresh_token);
}
});
Twilio Timeout: Webhooks timeout after 15 seconds. For long Calendar API calls, respond immediately with "Processing..." then use Twilio REST API to update the call.
Railway Cold Starts: First request after inactivity takes 2-3 seconds. Keep a warm connection pool or use Railway's always-on plan.
System Diagram
Audio processing pipeline from microphone input to speaker output.
graph LR
Mic[Microphone]
AudioBuffer[Audio Buffer]
VAD[Voice Activity Detection]
STT[Speech-to-Text]
IntentDetection[Intent Detection]
CalendarAPI[Google Calendar API]
ErrorHandling[Error Handling]
TTS[Text-to-Speech]
Speaker[Speaker]
Mic-->AudioBuffer
AudioBuffer-->VAD
VAD-->STT
STT-->IntentDetection
IntentDetection-->CalendarAPI
CalendarAPI-->TTS
TTS-->Speaker
CalendarAPI-->|Error|ErrorHandling
ErrorHandling-->TTS
Testing & Validation
Most integrations fail in production because developers skip local testing with real webhooks. Here's how to validate before deployment.
Local Testing
Expose your local server using ngrok to test Twilio webhooks without deploying:
// Start ngrok tunnel (run in terminal: ngrok http 3000)
// Update Twilio webhook URL to: https://YOUR_NGROK_URL/voice
// Test webhook handler locally
app.post('/test-webhook', (req, res) => {
console.log('Received webhook:', req.body);
// Validate required Twilio parameters
if (!req.body.CallSid || !req.body.From) {
return res.status(400).send('Missing required parameters');
}
// Test TwiML response generation
const twiml = new twilio.twiml.VoiceResponse();
const gather = twiml.gather({
input: 'speech',
action: '/process-speech',
speechTimeout: 'auto',
language: 'en-US'
});
gather.say('Test appointment booking. Say a date and time.');
res.type('text/xml');
res.send(twiml.toString());
});
Test the endpoint with curl to verify TwiML generation:
curl -X POST http://localhost:3000/test-webhook \
-d "CallSid=TEST123" \
-d "From=+15555551234"
Webhook Validation
Twilio signs all webhook requests. Validate signatures to prevent unauthorized access:
// Verify webhook authenticity before processing
const isValid = validateTwilioRequest(
process.env.TWILIO_AUTH_TOKEN,
signature,
url,
req.body
);
if (!isValid) {
console.error('Invalid Twilio signature');
return res.status(403).send('Forbidden');
}
Check Railway logs for OAuth token refresh errors and Google Calendar API rate limits (10,000 requests/day).
Real-World Example
Most voice scheduling systems break when users interrupt mid-sentence or change their mind. Here's what actually happens in production when a user calls to book a doctor's appointment.
Barge-In Scenario
User calls in. Twilio streams audio to your Railway server. User says "I need an appointment" but interrupts with "actually, make it next Tuesday at 3pm" before the bot finishes asking for details.
app.post('/voice/stream', (req, res) => {
const twiml = new twilio.twiml.VoiceResponse();
const gather = twiml.gather({
input: 'speech',
action: '/voice/process',
speechTimeout: 'auto', // Detects natural pauses
language: 'en-US',
hints: 'appointment, schedule, Tuesday, Wednesday' // Improves accuracy
});
gather.say('What day works for you?');
// Barge-in handling: speechTimeout: 'auto' lets Twilio detect
// when user stops speaking vs. interrupting. If user cuts in,
// Twilio sends partial transcript immediately to /voice/process
res.type('text/xml');
res.send(twiml.toString());
});
Event Logs
When the interrupt fires, Twilio sends a webhook with speechResult containing the partial transcript. Your server must handle incomplete data:
app.post('/voice/process', async (req, res) => {
const speechResult = req.body.SpeechResult; // "next Tuesday at 3pm"
const intent = parseIntent(speechResult); // Extract date/time
if (!intent.date || !intent.time) {
// Incomplete data - ask for clarification
const twiml = new twilio.twiml.VoiceResponse();
twiml.say('I heard Tuesday at 3pm. Is that correct?');
return res.type('text/xml').send(twiml.toString());
}
// Create Google Calendar event
const event = {
summary: 'Doctor Appointment',
start: { dateTime: intent.date, timeZone: 'America/New_York' },
end: { dateTime: addHours(intent.date, 1), timeZone: 'America/New_York' }
};
await calendar.events.insert({ calendarId: 'primary', requestBody: event });
});
Edge Cases
Multiple interrupts: User says "Tuesday... no wait, Wednesday". Your parser must track conversation state and prioritize the LAST valid input, not the first.
False positives: Background noise triggers speechResult with empty string. Always validate speechResult.length > 0 before processing. Twilio's hints parameter reduces false triggers by 40% in noisy environments.
Common Issues & Fixes
OAuth Token Expiration Mid-Call
Most voice apps crash when the Google Calendar OAuth token expires during an active call. Twilio's webhook timeout is 15 seconds—if your token refresh takes longer, the call drops.
// Production-grade token refresh with fallback
async function getValidToken(oauth2Client) {
const { expiry_date } = oauth2Client.credentials;
const bufferTime = 5 * 60 * 1000; // Refresh 5min early
if (Date.now() >= expiry_date - bufferTime) {
try {
const { credentials } = await oauth2Client.refreshAccessToken();
oauth2Client.setCredentials(credentials);
console.log('Token refreshed:', credentials.expiry_date);
} catch (error) {
console.error('Token refresh failed:', error.message);
throw new Error('AUTH_EXPIRED'); // Trigger re-auth flow
}
}
return oauth2Client;
}
// Use before EVERY Calendar API call
app.post('/webhook', validateTwilioRequest, async (req, res) => {
const speechResult = req.body.SpeechResult;
try {
await getValidToken(oauth2Client); // CRITICAL: Refresh first
const event = await calendar.events.insert({
calendarId: 'primary',
requestBody: { summary: speechResult, start: { dateTime: '...' } }
});
} catch (error) {
const twiml = new twilio.twiml.VoiceResponse();
twiml.say('Authentication expired. Please call back.');
res.type('text/xml').send(twiml.toString());
}
});
Why this breaks: OAuth tokens expire after 1 hour. If your Railway app restarts or the user's session is long, the next Calendar API call returns 401 Unauthorized. Twilio receives no TwiML response → call hangs → user hears silence.
Railway Cold Start Latency
Railway containers sleep after 5 minutes of inactivity. First webhook request takes 8-12 seconds to wake up—Twilio times out at 15 seconds.
// Keep Railway warm with scheduled pings
const RAILWAY_URL = process.env.RAILWAY_PUBLIC_DOMAIN;
setInterval(async () => {
try {
await fetch(`${RAILWAY_URL}/health`);
console.log('Keep-alive ping sent');
} catch (error) {
console.error('Ping failed:', error.message);
}
}, 4 * 60 * 1000); // Every 4 minutes
app.get('/health', (req, res) => res.sendStatus(200));
Production fix: Use Railway's "Always On" plan ($5/month) or implement the ping above. Without this, 30% of first calls fail with Twilio error 11200 (HTTP retrieval failure).
Twilio Signature Validation Failures
Railway's proxy adds X-Forwarded-Proto: https but Twilio validates against the original http:// URL—signature mismatch = rejected webhooks.
// CRITICAL: Use HTTPS URL for validation
const validateTwilioRequest = (req, res, next) => {
const signature = req.headers['x-twilio-signature'];
const url = `https://${req.headers.host}${req.url}`; // Force HTTPS
const isValid = twilio.validateRequest(
process.env.TWILIO_AUTH_TOKEN,
signature,
url,
req.body
);
if (!isValid) {
console.error('Invalid signature. URL:', url);
return res.status(403).send('Forbidden');
}
next();
};
Why this matters: Without HTTPS in the validation URL, every webhook returns 403 Forbidden. Twilio retries 3 times then marks your endpoint as failing. Check Railway logs for "Invalid signature" errors—this is the #1 cause.
Complete Working Example
Most tutorials show fragmented code. Here's the full production server that handles OAuth, Twilio webhooks, and Calendar operations in one place. This runs on Railway with zero config changes.
Full Server Code
This is the complete server.js that ties everything together. Copy-paste this, set your environment variables, and deploy:
const express = require('express');
const { google } = require('googleapis');
const twilio = require('twilio');
const app = express();
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
// OAuth2 client setup
const oauth2Client = new google.auth.OAuth2(
process.env.GOOGLE_CLIENT_ID,
process.env.GOOGLE_CLIENT_SECRET,
`${process.env.RAILWAY_URL}/oauth/callback`
);
const SCOPES = ['https://www.googleapis.com/auth/calendar'];
const calendar = google.calendar({ version: 'v3', auth: oauth2Client });
// Token refresh handler
async function getValidToken() {
try {
const { credentials } = await oauth2Client.refreshAccessToken();
oauth2Client.setCredentials(credentials);
return credentials;
} catch (error) {
console.error('Token refresh failed:', error);
throw new Error('Authentication required');
}
}
// OAuth flow
app.get('/oauth/login', (req, res) => {
const authUrl = oauth2Client.generateAuthUrl({
access_type: 'offline',
scope: SCOPES,
prompt: 'consent'
});
res.redirect(authUrl);
});
app.get('/oauth/callback', async (req, res) => {
const { code } = req.query;
try {
const { tokens } = await oauth2Client.getToken(code);
oauth2Client.setCredentials(tokens);
// Store tokens in DB here (not shown for brevity)
res.send('Authentication successful! Close this window.');
} catch (error) {
console.error('OAuth callback error:', error);
res.status(500).send('Authentication failed');
}
});
// Twilio webhook handler
app.post('/webhook/voice', async (req, res) => {
const twiml = new twilio.twiml.VoiceResponse();
const gather = twiml.gather({
input: 'speech',
action: '/webhook/process',
speechTimeout: 'auto',
language: 'en-US',
hints: 'schedule appointment, book meeting, cancel appointment'
});
gather.say('What would you like to do with your calendar?');
res.type('text/xml');
res.send(twiml.toString());
});
app.post('/webhook/process', async (req, res) => {
const speechResult = req.body.SpeechResult;
const twiml = new twilio.twiml.VoiceResponse();
try {
await getValidToken(); // Refresh if needed
if (speechResult.toLowerCase().includes('schedule')) {
// Parse intent (production: use NLU service)
const event = {
summary: 'Voice Scheduled Appointment',
start: { dateTime: new Date(Date.now() + 3600000).toISOString(), timeZone: 'America/New_York' },
end: { dateTime: new Date(Date.now() + 7200000).toISOString(), timeZone: 'America/New_York' },
reminders: { useDefault: false, overrides: [{ method: 'email', minutes: 30 }] }
};
const response = await calendar.events.insert({
calendarId: 'primary',
requestBody: event
});
twiml.say(`Appointment scheduled for ${new Date(event.start.dateTime).toLocaleString()}`);
} else {
twiml.say('I did not understand. Please try again.');
}
} catch (error) {
console.error('Calendar operation failed:', error);
twiml.say('Sorry, there was an error processing your request.');
}
res.type('text/xml');
res.send(twiml.toString());
});
// Health check
app.get('/health', (req, res) => res.json({ status: 'ok' }));
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => console.log(`Server running on port ${PORT}`));
Why this works: Token refresh happens automatically before every Calendar operation. Twilio webhooks parse speech input and trigger Calendar API calls. Railway exposes the public URL for OAuth callbacks and Twilio webhooks.
Run Instructions
Local testing:
npm install express googleapis twilio
export GOOGLE_CLIENT_ID=your_client_id
export GOOGLE_CLIENT_SECRET=your_client_secret
export RAILWAY_URL=https://your-ngrok-url.ngrok.io
node server.js
Railway deployment:
- Push code to GitHub
- Connect Railway to your repo
- Set environment variables in Railway dashboard
- Railway auto-assigns
RAILWAY_URLandPORT - Configure Twilio webhook URL:
https://your-app.railway.app/webhook/voice
First-time OAuth: Visit https://your-app.railway.app/oauth/login to authorize. Tokens persist in memory (production: use Redis or DB).
FAQ
Technical Questions
Q: Can I use Google Calendar API integration without OAuth2?
No. Google Calendar API requires OAuth2 for user data access. Service accounts work for domain-wide delegation in Google Workspace, but consumer Gmail accounts need full OAuth2 flow with refresh tokens. Twilio programmable voice API doesn't bypass this—your Railway deployment platform must handle token refresh logic server-side.
Q: How do I handle expired OAuth tokens during a live call?
Implement getValidToken() with automatic refresh before every Calendar API call. Store refresh tokens in Railway environment variables (NOT in code). If refresh fails mid-call, return a TwiML <Say> error message and log the failure. Never let token expiration crash the call—Twilio will hang up after 60 seconds of silence.
Q: What's the difference between Twilio's <Gather> and <Record> for voice input?
<Gather input="speech"> transcribes short responses (10-60 seconds) and returns text immediately—ideal for appointment scheduling intents. <Record> captures raw audio files for later processing. For AI voice assistant development, use <Gather> with speechTimeout and parse the SpeechResult parameter in your webhook.
Performance
Q: What latency should I expect for Calendar API calls during a voice interaction?
Google Calendar API averages 200-400ms per request. Add 150ms for Twilio's speech-to-text processing. Total user-perceived delay: 350-550ms. Optimize by pre-fetching availability during the <Gather> pause. Railway deployment platform cold starts add 1-2 seconds—keep one instance warm with a cron ping.
Q: How many concurrent calls can Railway handle for voice AI appointment scheduling?
Railway's Hobby plan supports ~10 concurrent Twilio voice connections before CPU throttling. Each call holds an open HTTP connection for TwiML streaming. Upgrade to Pro ($20/month) for 50+ concurrent calls with autoscaling.
Platform Comparison
Q: Why use Railway instead of Heroku or AWS Lambda for Twilio integration?
Railway offers zero-config deployments with built-in environment variables and automatic HTTPS—critical for Twilio webhook signature validation. AWS Lambda has cold start penalties (1-3 seconds) that break voice flow. Heroku works but costs 3x more for equivalent resources.
Resources
Twilio: Get Twilio Voice API → https://www.twilio.com/try-twilio
Official Documentation:
- Google Calendar API Reference - Complete REST API specs for calendar integration
- Twilio Voice API Docs - Programmable voice endpoints and TwiML reference
- Railway Deployment Guide - Platform-specific deployment configurations
GitHub Repositories:
- google-api-nodejs-client - Official Node.js SDK with OAuth examples
- twilio-node - Twilio helper library for webhook validation
Advertisement
Written by
Voice AI Engineer & Creator
Building production voice AI systems and sharing what I learn. Focused on VAPI, LLM integrations, and real-time communication. Documenting the challenges most tutorials skip.
Found this helpful?
Share it with other developers building voice AI.
