I'd be surprised if it wasn't similar to (or exactly like) their POST auth. They concatenate the URL, the post variables (alphabetically sorted) and your twilio account id and hash it with your auth key. They put that hash into an auth header on the post.

I had to dig into it because we had a reverse proxy in front of our app and the hash generated by their client .net library was understandably different than what they sent because the domains were ultimately different.