SMS Data Redaction

    Data privacy is a key concern for every organisation that manages or processes third party personal data such as end user phone numbers. With GDPR now in effect, data privacy holds more importance today than ever before.

    This document explains the SMS redaction features available to Plivo customers interested in limiting the scope of their SMS usage data retained on Plivo’s servers and databases.

    Plivo supports the redaction of sensitive information pertaining to Outbound as well as Inbound SMS messages.

    Outbound SMS Redaction

    When message redaction is enabled for Outgoing SMS messages

    • The last three digits of the destination number are redacted (replaced with ***)
    • The actual message content is redacted and replaced with ***Text Content Redacted***
    • Redaction will be applied on
      • Server logs
      • Console Debug logs
      • Console Debug UI
      • Customer Callbacks
    Note:

    If redaction flag is set, Plivo cannot debug or recover the message content if there are any issues.

    Console logs UI

    outbound SMS redaction

    Enable Outbound SMS Redaction

    To redact the content and destination number of an outbound SMS, set the ‘log’ request parameter of the Send SMS API request to ‘false’. The default value of this parameter is ‘true’, which means that outbound messages are not redacted unless the log request parameter is explicitly set to ‘false’.

    Code Samples

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    
    import plivo
    
    client = plivo.RestClient('YOUR_AUTH_ID', 'YOUR_AUTH_TOKEN')
    
    response = client.messages.create(
          src ='14092102231', # Sender's phone number with country code
          dst ='19177220741', # Receiver's phone Number with country code
          text ='hello, test message!',
          log = False)
    print(response)
    # print str(resp)
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    
    // Example for Message create
    
    var plivo = require('plivo');
    
    (function main() {
        'use strict';
    
        // As the auth_id and auth_token are unspecified, Plivo will fetch them from the PLIVO_AUTH_ID and PLIVO_AUTH_TOKEN environment variables.
        var client = new plivo.Client("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
        client.messages.create(
            "14092102231", // src
            "19177220741", // dst
            "hello, test message!", // text
            {log : 'false'}
        ).then(function (response) {
            console.log(response);
        }, function (err) {
            console.error(err);
        });
    })();
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    
    <?php
    require 'vendor/autoload.php';
    use Plivo\RestClient;
    use Plivo\Exceptions\PlivoRestException;
    
    $client = new RestClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
    try {
        $response = $client->messages->create(
                                              '14092102231',
                                              ['19177220741'],
                                              'hello, test message!',
                                              ['log' => false]
                                              );
        print_r($response);
    }
    catch (PlivoRestException $ex) {
        print_r(ex);
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    
    package com.plivo.api.samples.message;
    
    import java.io.IOException;
    import java.util.Collections;
    
    import com.plivo.api.Plivo;
    import com.plivo.api.exceptions.PlivoRestException;
    import com.plivo.api.models.message.Message;
    import com.plivo.api.models.message.MessageCreateResponse;
    
    /**
     * Example for Message create
     */
    class Example {
        public static void main(String [] args) {
            Plivo.init("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
            try {
                MessageCreateResponse response = Message.creator("14092102231", Collections.singletonList("19177220741"), "hello, test message!" ).log(false)
                        .create();
    
                System.out.println(response);
            } catch (PlivoRestException | IOException e) {
                e.printStackTrace();
            }
        }
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    
    // Example for Message create
    package main
    
    import "fmt"
    import "github.com/plivo/plivo-go"
    
    func main() {
    	client, err := plivo.NewClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN", &plivo.ClientOptions{})
    	if err != nil {
    		panic(err)
    	}
    	response, err := client.Messages.Create(
    		plivo.MessageCreateParams{
    			Src: "14092102231",
    			Dst: "19177220741",
    			Text: "hello, test message!",
    			Log: "false",
    		},
    	)
    	if err != nil {
    		panic(err)
    	}
    	fmt.Printf("Response: %#v\n", response)
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    
    using System;
    using System.Collections.Generic;
    using Plivo;
    using Plivo.Exception;
    
    namespace Send_Sms
    {
        class Program
        {
            public static void Main(string[] args)
            {
                var api = new PlivoApi("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
                try
                {
                    var response = api.Message.Create(
                        src: "14092102231",
                        dst: new List<String> { "19177220741" },
                        text: "hello, test message!",
                        log: false
                    );
                    Console.WriteLine(response);
                }
                catch (PlivoRestException e)
                {
                    Console.WriteLine("Exception: " + e.Message);
                }
            }
        }
    }
    
    1
    2
    3
    4
    
    curl -i --user YOUR_AUTH_ID:YOUR_AUTH_TOKEN \
        -H "Content-Type: application/json" \
        -d '{"src": "14092102231","dst": "19177220741", "text": "hello, test message!", "log": "false"}' \
        https://api.plivo.com/v1/Account/{AUTH_ID}/Message/
    

    PHLO

    outbound redaction

    Inbound SMS Redaction

    When message redaction is enabled for Incoming SMS messages

    • The last three digits of the originating number are redacted (replaced with ***)
    • The actual message content is redacted and replaced with ***Text Content Redacted***
    • Redaction will be applied on
      • Server logs
      • Console Debug logs
      • Console Debug UI
    Note:

    As Inbound messages are redacted, Plivo cannot debug or recover the message content if there are any issues with the callback URL for inbound messages.

    Console Logs UI

    Inbound redaction

    Inbound MMS Redaction

    If message redaction is turned on

    • The source number will be redacted in logs and in the MDR.
    • Hyperlinks for the attached media will not be logged anywhere on Plivo server logs. (Including callback logs).
    • Media sub-resource for the received media will be created and will remain accessible.
      • These may be deleted by explicitly invoking the Delete Media API to delete the media files hosted on Plivo servers.

    Enable Inbound SMS & MMS Redaction

    Inbound SMS redaction can be controlled at an Application level.

    When message redaction is enabled for an Application, incoming messages to Plivo phone numbers associated with the Application are redacted.

    Setting the application level flag ‘log_incoming_messages’ to false will enable redaction in the above systems. Default is true. The text and from_number field will be redacted in case redaction is enabled.

    Code Samples

    1
    2
    3
    4
    5
    6
    7
    
    import plivo
    
    client = plivo.RestClient("YOUR_AUTH_ID","YOUR_AUTH_TOKEN")
    response = client.applications.create(
        app_name='Test Application',
        answer_url='http://answer.url', log_incoming_messages= False)
    print(response)
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
    #
    # Example for Application Create
    #
    require 'rubygems'
    require 'plivo'
    
    include Plivo
    include Plivo::Exceptions
    
    api = RestClient.new("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN")
    
    begin
        response = api.applications.create(
           'Test Application',
           answer_url: 'http://answer.url',
           answer_method: 'GET',
           log_incoming_messages: false
           )
           puts response
    rescue PlivoRESTError => e
    puts 'Exception: ' + e.message
    end
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    
    // Example for Application create
    
    var plivo = require('plivo');
    
    (function main() {
        'use strict';
    
        // As the auth_id and auth_token are unspecified, Plivo will fetch them from the PLIVO_AUTH_ID and PLIVO_AUTH_TOKEN environment variables.
        var client = new plivo.Client("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
        client.applications.create(
            "Test Application", // app name
        	{
    		answerUrl: "http://answer.url", // answer url
            logIncomingMessages: "false"
    	}
        ).then(function (response) {
            console.log(response);
        }, function (err) {
            console.error(err);
        });
    })();
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    
    <?php
    /**
     * Example for Application create
     */
    require 'vendor/autoload.php';
    use Plivo\RestClient;
    use Plivo\Exceptions\PlivoRestException;
    $client = new RestClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
    
    try {
        $response = $client->applications->create(
    	    'Test Application',
    	    [
    		'answer_url' => 'http://answer.url',
    	    'answer_method' => 'POST',
    	    'log_incoming_messages' => 'false'
    		]
    	    );
        print_r($response);
    }
    catch (PlivoRestException $ex) {
        print_r(ex);
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    
    package com.plivo.api.samples.application;
    
    import java.io.IOException;
    import com.plivo.api.Plivo;
    import com.plivo.api.exceptions.PlivoRestException;
    import com.plivo.api.models.application.Application;
    import com.plivo.api.models.application.ApplicationCreateResponse;
    /**
     * Example for Message create
     */
    class Example {
        public static void main(String [] args) {
            Plivo.init("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
            try {
                ApplicationCreateResponse response = Application.creator("Test Application").answerUrl("http://answer.url").logIncomingMessages(false)
                        .create();
                System.out.println(response);
            } catch (PlivoRestException | IOException e) {
                e.printStackTrace();
            }
        }
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    
    // Example for Application create
    package main
    
    import "fmt"
    import "github.com/plivo/plivo-go"
    
    func main() {
    	client, err := plivo.NewClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN", &plivo.ClientOptions{})
    	if err != nil {
    		panic(err)
    	}
    	response, err := client.Applications.Create(
    		plivo.ApplicationCreateParams{
    			AppName: "Test Application",
    			AnswerURL: "http://answer.url",
    			LogIncomingMessages: false,
    		},
    	)
    	if err != nil {
    		panic(err)
    	}
    	fmt.Printf("Response: %#v\n", response)
    }
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    
    using System;
    using System.Collections.Generic;
    using Plivo;
    using Plivo.Exception;
    
    namespace apps
    {
        class Program
        {
            public static void Main(string[] args)
            {
                var api = new PlivoApi("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
                try
                {
                    var response = api.Application.Create(
                        appName: "Test Application",
                        answerUrl: "http://answer.url",
                        logIncomingMessages: false
                    );
                    Console.WriteLine(response);
                }
                catch (PlivoRestException e)
                {
                    Console.WriteLine("Exception: " + e.Message);
                }
            }
        }
    }
    
    1
    2
    3
    4
    
    curl -i --user YOUR_AUTH_ID:YOUR_AUTH_TOKEN \
        -H "Content-Type: application/json" \
        -d '{"answer_url": "http://example.com", "app_name": "Test Application", "log_incoming_messages": "false"}' \
        https://api.plivo.com/v1/Account/{AUTH_ID}/Application/
    

    Console UI

    Inbound SMS redaction

    PHLO

    Inbound redaction