# Understanding Visibility of Functions and Assets: Public, Protected and Private Twilio Functions and Assets can be: **public**, **protected**, or **private**. Here are the differences between each of the three levels of visibility for Functions and Assets: ## Public A public Function or Asset is publicly accessible on the internet at a specific URL once deployed. For example, if you create a Function with the path `/send/sms` and deploy to an environment `example-1234.twil.io`, then your function will be publicly accessible at `https://example-1234.twil.io/send/sms`. Similarly, a public Asset called `ahoy.mp3` in the same [Service](/docs/serverless/functions-assets/functions/create-service) would be accessible by anyone from `https://example-1234.twil.io/ahoy.mp3`. ## Protected A protected Function or Asset can be referenced via a URL as well, but requires a valid Twilio [X-Twilio-Signature header](/docs/usage/security) in the request in order to be accessed. This empowers you to limit your Functions and Assets to only be accessible by Twilio webhooks such as an incoming call or SMS message, by Twilio Studio widgets such as the [Run Function Widget](/docs/studio/widget-library/run-function) or the [Say/Play Widget](/docs/studio/widget-library/sayplay), or by your own Functions. This extra layer of protection makes Protected Assets particularly useful for storing sensitive information that needs to be referenced by your code or in a Studio Flow, for example, but not accessible by the public. ## Private Private Functions and Assets are library files intended **only** for access via other Functions. These files will not be accessible by URL or exposed to the web; rather, they are packaged alongside your Service at build time. For example, if your Function relies on a JSON file of data to read from, you can deploy that JSON file as a private Asset and read it from the Function. A private Asset could even be a way for you to store a list of five-letter words for [building your own Wordle](/blog/build-wordle-like-sms-game-serverless). Similarly, private Functions are a great way to [reuse code](/docs/serverless/functions-assets/client#include-a-private-function-in-another-function) or [define private libraries](/docs/serverless/functions-assets/client#load-a-module-from-an-asset) that you want to keep out of reach from the wider web. ## How to set Visibility ## Console You can specify a Function's or Asset's visibility in the [Functions Editor](https://console.twilio.com/?frameUrl=/console/functions/overview/services) by using the visibility dropdown and selecting your desired visibility. Access this dropdown by clicking on the downward-facing arrow next to any Function or Asset, or by clicking on the adjacent text which will say **Public**, **Protected**, or **Private**. Remember to redeploy your service to make the change take effect. ![Dropdown menu showing asset visibility options for sample.txt.](https://docs-resources.prod.twilio.com/7605fcf93f2fa7ea95bb7c52f4514a8aaf26595dad45d177ec2705111ff92a31.gif) ## Serverless Toolkit If you're developing your application using the [Serverless Toolkit](/docs/labs/serverless-toolkit) instead of the Functions Editor, you can specify a Function's or Asset's visibility by prepending either `protected` or `private` in front of the file extension, for example: * Public: `rickroll.mp3` * Protected: `names.protected.json` * Private: `function.private.js` ## What's next? That's most of the fundamentals out of the way! Let's apply all of this knowledge and start building by [creating your first Service](/docs/serverless/functions-assets/functions/create-service), or by following one of the many [examples](/docs/serverless/functions-assets/quickstart).