Introducing Authentication for Call Recordings
- 02 Aug 2018
Each call recording on Plivo is stored encrypted with a unique hard-to-guess URL. Users who have the proper access rights to the URL can download and listen to the call recordings. This setup works for most customers that need to share recordings with third-party service providers or applications for post processing, including voice analytics. Some customers, however, need to comply with industry guidelines or regional regulations for data protection, and therefore require a stronger security mechanism for accessing and sharing call recordings. Plivo’s new authentication for call recordings offers an additional layer of security.
When you log in to your Plivo console and navigate to Voice > Recordings, you can see that basic auth for recording URLs is disabled by default. We do this to ensure that we don’t break any of our customers’ console settings by enabling authentication as a default option.
Here are a few code samples to fetch call recordings when auth is disabled:
curl -X GET \ https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3 \ -H 'cache-control: no-cache'
Enabling authentication for recordings
When you enable basic auth for recordings, Plivo authenticates all API requests for the recording resources hosted on our platform, and you must use your Auth ID and Auth Token to access call recordings. As a best practice, we recommend you enable auth if you don’t have to share your media files publicly. Enabling this feature has other advantages, such as adhering to regulations and compliance for specific regions, providing secure access to authorized personnel, and protecting your media files from public access.
Account admins can enable or disable auth settings at any time.
Here are a few code samples to fetch call recordings once you enable basic auth:
curl -i --user AUTH_ID:AUTH_TOKEN \ https://media.plivo.com/v1/Account/AUTH_ID/Recording/RECORDING.mp3 \ -H 'cache-control: no-cache'
Authentication is applicable only to call recordings made after May 24. Earlier recordings cannot be authenticated.
For more information about call recordings, see our documentation.