User Data Redaction - SMS

Data privacy is a key concern for every organisation that manages or processes third party personal data such as end user phone numbers. With GDPR now in effect, data privacy holds more importance today than ever before.

This document explains the SMS redaction features available to Plivo customers interested in limiting the scope of their SMS usage data retained on Plivo’s servers and databases.

Plivo supports the redaction of sensitive information pertaining to Outbound as well as Inbound SMS messages.

How Redaction works - Outbound

When message redaction is enabled for Outgoing SMS messages

  • The last three digits of the destination number are redacted (replaced with ***)
  • The actual message content is redacted and replaced with ***Text Content Redacted***
  • Redaction will be applied on
    • Server logs
    • Console Debug logs
    • Console Debug UI
    • Customer Callbacks
Note:

If redaction flag is set, Plivo cannot debug or recover the message content if there are any issues.

Console logs UI

outbound SMS redaction

How to Enable this feature - Outbound

To redact the content and destination number of an outbound SMS, set the ‘log’ request parameter of the Send SMS API request to ‘false’. The default value of this parameter is ‘true’, which means that outbound messages are not redacted unless the log request parameter is explicitly set to ‘false’.

Code Samples

1
2
3
4
5
6
7
8
9
10
11
import plivo

client = plivo.RestClient('YOUR_AUTH_ID', 'YOUR_AUTH_TOKEN')

response = client.messages.create(
      src ='14092102231', # Sender's phone number with country code
      dst ='19177220741', # Receiver's phone Number with country code
      text ='hello, test message!',
      log = False)
print(response)
# print str(resp)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
// Example for Message create

var plivo = require('plivo');

(function main() {
    'use strict';

    // As the auth_id and auth_token are unspecified, Plivo will fetch them from the PLIVO_AUTH_ID and PLIVO_AUTH_TOKEN environment variables.
    var client = new plivo.Client("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
    client.messages.create(
        "14092102231", // src
        "19177220741", // dst
        "hello, test message!", // text
        {log : 'false'}
    ).then(function (response) {
        console.log(response);
    }, function (err) {
        console.error(err);
    });
})();
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<?php
require 'vendor/autoload.php';
use Plivo\RestClient;
use Plivo\Exceptions\PlivoRestException;

$client = new RestClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
try {
    $response = $client->messages->create(
                                          '14092102231',
                                          ['19177220741'],
                                          'hello, test message!',
                                          ['log' => false]
                                          );
    print_r($response);
}
catch (PlivoRestException $ex) {
    print_r(ex);
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
package com.plivo.api.samples.message;

import java.io.IOException;
import java.util.Collections;

import com.plivo.api.Plivo;
import com.plivo.api.exceptions.PlivoRestException;
import com.plivo.api.models.message.Message;
import com.plivo.api.models.message.MessageCreateResponse;

/**
 * Example for Message create
 */
class Example {
    public static void main(String [] args) {
        Plivo.init("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
        try {
            MessageCreateResponse response = Message.creator("14092102231", Collections.singletonList("19177220741"), "hello, test message!" ).log(false)
                    .create();

            System.out.println(response);
        } catch (PlivoRestException | IOException e) {
            e.printStackTrace();
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
// Example for Message create
package main

import "fmt"
import "github.com/plivo/plivo-go"

func main() {
	client, err := plivo.NewClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN", &plivo.ClientOptions{})
	if err != nil {
		panic(err)
	}
	response, err := client.Messages.Create(
		plivo.MessageCreateParams{
			Src: "14092102231",
			Dst: "19177220741",
			Text: "hello, test message!",
			Log: "false",
		},
	)
	if err != nil {
		panic(err)
	}
	fmt.Printf("Response: %#v\n", response)
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
using System;
using System.Collections.Generic;
using Plivo;
using Plivo.Exception;

namespace Send_Sms
{
    class Program
    {
        public static void Main(string[] args)
        {
            var api = new PlivoApi("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
            try
            {
                var response = api.Message.Create(
                    src: "14092102231",
                    dst: new List<String> { "19177220741" },
                    text: "hello, test message!",
                    log: false
                );
                Console.WriteLine(response);
            }
            catch (PlivoRestException e)
            {
                Console.WriteLine("Exception: " + e.Message);
            }
        }
    }
}
1
2
3
4
curl -i --user YOUR_AUTH_ID:YOUR_AUTH_TOKEN \
    -H "Content-Type: application/json" \
    -d '{"src": "14092102231","dst": "19177220741", "text": "hello, test message!", "log": "false"}' \
    https://api.plivo.com/v1/Account/{AUTH_ID}/Message/

PHLO

outbound redaction

How Redaction works - Inbound

When message redaction is enabled for Incoming SMS messages

  • The last three digits of the originating number are redacted (replaced with ***)
  • The actual message content is redacted and replaced with ***Text Content Redacted***
  • Redaction will be applied on
    • Server logs
    • Console Debug logs
    • Console Debug UI
Note:

As Inbound messages are redacted, Plivo cannot debug or recover the message content if there are any issues with the callback URL for inbound messages.

Console Logs UI

Inbound redaction

How to Enable this feature - Inbound

Inbound SMS redaction can be controlled at an Application level.

When message redaction is enabled for an Application, incoming messages to Plivo phone numbers associated with the Application are redacted.

Setting the application level flag ‘log_incoming_messages’ to false will enable redaction in the above systems. Default is true. The text and from_number field will be redacted in case redaction is enabled.

Code Samples

1
2
3
4
5
6
7
import plivo

client = plivo.RestClient("YOUR_AUTH_ID","YOUR_AUTH_TOKEN")
response = client.applications.create(
    app_name='Test Application',
    answer_url='http://answer.url', log_incoming_messages= False)
print(response)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#
# Example for Application Create
#
require 'rubygems'
require 'plivo'

include Plivo
include Plivo::Exceptions

api = RestClient.new("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN")

begin
    response = api.applications.create(
       'Test Application',
       answer_url: 'http://answer.url',
       answer_method: 'GET',
       log_incoming_messages: false
       )
       puts response
rescue PlivoRESTError => e
puts 'Exception: ' + e.message
end
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
// Example for Application create

var plivo = require('plivo');

(function main() {
    'use strict';

    // As the auth_id and auth_token are unspecified, Plivo will fetch them from the PLIVO_AUTH_ID and PLIVO_AUTH_TOKEN environment variables.
    var client = new plivo.Client("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
    client.applications.create(
        "Test Application", // app name
    	{
		answerUrl: "http://answer.url", // answer url
        logIncomingMessages: "false"
	}
    ).then(function (response) {
        console.log(response);
    }, function (err) {
        console.error(err);
    });
})();
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<?php
/**
 * Example for Application create
 */
require 'vendor/autoload.php';
use Plivo\RestClient;
use Plivo\Exceptions\PlivoRestException;
$client = new RestClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");

try {
    $response = $client->applications->create(
	    'Test Application',
	    [
		'answer_url' => 'http://answer.url',
	    'answer_method' => 'POST',
	    'log_incoming_messages' => 'false'
		]
	    );
    print_r($response);
}
catch (PlivoRestException $ex) {
    print_r(ex);
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
package com.plivo.api.samples.application;

import java.io.IOException;
import com.plivo.api.Plivo;
import com.plivo.api.exceptions.PlivoRestException;
import com.plivo.api.models.application.Application;
import com.plivo.api.models.application.ApplicationCreateResponse;
/**
 * Example for Message create
 */
class Example {
    public static void main(String [] args) {
        Plivo.init("YOUR_AUTH_ID","YOUR_AUTH_TOKEN");
        try {
            ApplicationCreateResponse response = Application.creator("Test Application").answerUrl("http://answer.url").logIncomingMessages(false)
                    .create();
            System.out.println(response);
        } catch (PlivoRestException | IOException e) {
            e.printStackTrace();
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
// Example for Application create
package main

import "fmt"
import "github.com/plivo/plivo-go"

func main() {
	client, err := plivo.NewClient("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN", &plivo.ClientOptions{})
	if err != nil {
		panic(err)
	}
	response, err := client.Applications.Create(
		plivo.ApplicationCreateParams{
			AppName: "Test Application",
			AnswerURL: "http://answer.url",
			LogIncomingMessages: false,
		},
	)
	if err != nil {
		panic(err)
	}
	fmt.Printf("Response: %#v\n", response)
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
using System;
using System.Collections.Generic;
using Plivo;
using Plivo.Exception;

namespace apps
{
    class Program
    {
        public static void Main(string[] args)
        {
            var api = new PlivoApi("YOUR_AUTH_ID", "YOUR_AUTH_TOKEN");
            try
            {
                var response = api.Application.Create(
                    appName: "Test Application",
                    answerUrl: "http://answer.url",
                    logIncomingMessages: false
                );
                Console.WriteLine(response);
            }
            catch (PlivoRestException e)
            {
                Console.WriteLine("Exception: " + e.Message);
            }
        }
    }
}
1
2
3
4
curl -i --user YOUR_AUTH_ID:YOUR_AUTH_TOKEN \
    -H "Content-Type: application/json" \
    -d '{"answer_url": "http://example.com", "app_name": "Test Application", "log_incoming_messages": "false"}' \
    https://api.plivo.com/v1/Account/{AUTH_ID}/Application/

Console UI

Inbound SMS redaction

PHLO

Inbound redaction