Today, we are are excited to introduce authentication for call recordings on Plivo. This adds another layer of security while accessing sensitive call recordings on your account.
Currently, all call recordings on Plivo are stored encrypted at rest. Each recording is stored with a unique hard to guess URL. End users with access to the URL are able to download and listen to the call recordings. In general, this works for most customers that need to share these recordings with third-party service providers or applications for post processing including voice analytics. This also makes sharing call recordings simple and easy.
However, there are customers who need to comply with industry guidelines or regional regulations for data protection. Such customers require a stronger security mechanism while accessing and sharing call recordings.
Accessing call recordings by default
Once you login to your Plivo console and navigate to the recordings settings, you will notice basic auth is disabled by default. The reason for that is to ensure we don’t break any of our customers’ console settings by enabling auth as a default option.
Here are a few code samples to fetch call recordings when auth is disabled:
curl -X GET \ https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3 \ -H 'cache-control: no-cache'
Enabling auth for recordings
Once you have enabled basic auth for recordings, Plivo will authenticate all API requests for your recording resources hosted on our platform. With auth enabled, you now have an added layer of security and you must use your auth ID and auth token to access call recordings. As a best practice, we recommend you to enable auth if you don’t have to share your media files publicly. Enabling this feature also has advantages such as adhering to regulations and compliance for specific regions, providing secure access to authorized personnel, and protecting your media files from public access.
As an account admin, you can easily enable or disable auth settings any time.
Here are a few code samples to fetch call recordings once you enable basic auth:
curl -i --user AUTH_ID:AUTH_TOKEN \ https://media.plivo.com/v1/Account/AUTH_ID/Recording/RECORDING.mp3 \ -H 'cache-control: no-cache'
This feature is only applicable to all call recordings after May 24, 2018. Any recording prior to this date will not be authenticated.
For more information, refer our documentation guide for enabling basic auth. Go ahead and give this feature a try and let us know your use cases in the comments section. You can sign-up for a free trial if you want to know more about Plivo and our products.