Data privacy is a key concern for every organisation that manages or processes third party personal data such as end user phone numbers. With GDPR now in effect, data privacy holds more importance today than ever before.
This document explains the SMS redaction features available to Plivo customers interested in limiting the scope of their SMS usage data retained on Plivo’s servers and databases.
Plivo supports the redaction of sensitive information pertaining to Outbound as well as Inbound SMS messages.
Outbound SMS Redaction
When message redaction is enabled for Outgoing SMS messages
The last three digits of the destination number are redacted (replaced with ***)
The actual message content is redacted and replaced with ***Text Content Redacted***
Redaction will be applied on
Server logs
Console Debug logs
Console Debug UI
Customer Callbacks
Note:
If redaction flag is set, Plivo cannot debug or recover the message content if there are any issues.
Console logs UI
Enable Outbound SMS Redaction
To redact the content and destination number of an outbound SMS, set the ‘log’ request parameter of the Send SMS API request to ‘false’. The default value of this parameter is ‘true’, which means that outbound messages are not redacted unless the log request parameter is explicitly set to ‘false’.
importplivoclient=plivo.RestClient('YOUR_AUTH_ID','YOUR_AUTH_TOKEN')response=client.messages.create(src='14092102231',# Sender's phone number with country code
dst='19177220741',# Receiver's phone Number with country code
text='hello, test message!',log=False)print(response)# print str(resp)
// Example for Message createvarplivo=require('plivo');(functionmain(){'use strict';// As the auth_id and auth_token are unspecified, Plivo will fetch them from the PLIVO_AUTH_ID and PLIVO_AUTH_TOKEN environment variables.varclient=newplivo.Client("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");client.messages.create("14092102231",// src"19177220741",// dst"hello, test message!",// text{log:'false'}).then(function(response){console.log(response);},function(err){console.error(err);});})();
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<?phprequire'vendor/autoload.php';usePlivo\RestClient;usePlivo\Exceptions\PlivoRestException;$client=newRestClient("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");try{$response=$client->messages->create('14092102231',['19177220741'],'hello, test message!',['log'=>false]);print_r($response);}catch(PlivoRestException$ex){print_r($ex);}
packagecom.plivo.api.samples.message;importjava.io.IOException;importjava.util.Collections;importcom.plivo.api.Plivo;importcom.plivo.api.exceptions.PlivoRestException;importcom.plivo.api.models.message.Message;importcom.plivo.api.models.message.MessageCreateResponse;/**
* Example for Message create
*/classExample{publicstaticvoidmain(String[]args){Plivo.init("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");try{MessageCreateResponseresponse=Message.creator("14092102231",Collections.singletonList("19177220741"),"hello, test message!").log(false).create();System.out.println(response);}catch(PlivoRestException|IOExceptione){e.printStackTrace();}}}
// Example for Message createpackagemainimport"fmt"import"github.com/plivo/plivo-go"funcmain(){client,err:=plivo.NewClient("YOUR_AUTH_ID","YOUR_AUTH_TOKEN",&plivo.ClientOptions{})iferr!=nil{panic(err)}response,err:=client.Messages.Create(plivo.MessageCreateParams{Src:"14092102231",Dst:"19177220741",Text:"hello, test message!",Log:"false",},)iferr!=nil{panic(err)}fmt.Printf("Response: %#v\n",response)}
usingSystem;usingSystem.Collections.Generic;usingPlivo;usingPlivo.Exception;namespaceSend_Sms{classProgram{publicstaticvoidMain(string[]args){varapi=newPlivoApi("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");try{varresponse=api.Message.Create(src:"14092102231",dst:newList<String>{"19177220741"},text:"hello, test message!",log:false);Console.WriteLine(response);}catch(PlivoRestExceptione){Console.WriteLine("Exception: "+e.Message);}}}}
When message redaction is enabled for Incoming SMS messages
The last three digits of the originating number are redacted (replaced with ***)
The actual message content is redacted and replaced with ***Text Content Redacted***
Redaction will be applied on
Server logs
Console Debug logs
Console Debug UI
Note:
As Inbound messages are redacted, Plivo cannot debug or recover the message content if there are any issues with the callback URL for inbound messages.
Console Logs UI
Inbound MMS Redaction
If message redaction is turned on
The source number will be redacted in logs and in the MDR.
Hyperlinks for the attached media will not be logged anywhere on Plivo server logs. (Including callback logs).
Media sub-resource for the received media will be created and will remain accessible.
These may be deleted by explicitly invoking the Delete Media API to delete the media files hosted on Plivo servers.
Enable Inbound SMS & MMS Redaction
Inbound SMS redaction can be controlled at an Application level.
When message redaction is enabled for an Application, incoming messages to Plivo phone numbers associated with the Application are redacted.
Setting the application level flag ‘log_incoming_messages’ to false will enable redaction in the above systems. Default is true. The text and from_number field will be redacted in case redaction is enabled.
## Example for Application Create#require'rubygems'require'plivo'includePlivoincludePlivo::Exceptionsapi=RestClient.new("YOUR_AUTH_ID","YOUR_AUTH_TOKEN")beginresponse=api.applications.create('Test Application',answer_url: 'http://answer.url',answer_method: 'GET',log_incoming_messages: false)putsresponserescuePlivoRESTError=>eputs'Exception: '+e.messageend
// Example for Application createvarplivo=require('plivo');(functionmain(){'use strict';// As the auth_id and auth_token are unspecified, Plivo will fetch them from the PLIVO_AUTH_ID and PLIVO_AUTH_TOKEN environment variables.varclient=newplivo.Client("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");client.applications.create("Test Application",// app name{answerUrl:"http://answer.url",// answer urllogIncomingMessages:"false"}).then(function(response){console.log(response);},function(err){console.error(err);});})();
<?php/**
* Example for Application create
*/require'vendor/autoload.php';usePlivo\RestClient;usePlivo\Exceptions\PlivoRestException;$client=newRestClient("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");try{$response=$client->applications->create('Test Application',['answer_url'=>'http://answer.url','answer_method'=>'POST','log_incoming_messages'=>'false']);print_r($response);}catch(PlivoRestException$ex){print_r($ex);}
packagecom.plivo.api.samples.application;importjava.io.IOException;importcom.plivo.api.Plivo;importcom.plivo.api.exceptions.PlivoRestException;importcom.plivo.api.models.application.Application;importcom.plivo.api.models.application.ApplicationCreateResponse;/**
* Example for Message create
*/classExample{publicstaticvoidmain(String[]args){Plivo.init("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");try{ApplicationCreateResponseresponse=Application.creator("Test Application").answerUrl("http://answer.url").logIncomingMessages(false).create();System.out.println(response);}catch(PlivoRestException|IOExceptione){e.printStackTrace();}}}
// Example for Application createpackagemainimport"fmt"import"github.com/plivo/plivo-go"funcmain(){client,err:=plivo.NewClient("YOUR_AUTH_ID","YOUR_AUTH_TOKEN",&plivo.ClientOptions{})iferr!=nil{panic(err)}response,err:=client.Applications.Create(plivo.ApplicationCreateParams{AppName:"Test Application",AnswerURL:"http://answer.url",LogIncomingMessages:false,},)iferr!=nil{panic(err)}fmt.Printf("Response: %#v\n",response)}