Validation

All requests made by Plivo to your server URLs consist of a X-Plivo-Signature-V2 and X-Plivo-Signature-V2-Nonce HTTP headers. To validate the request and to verify that the request to your server has originated from Plivo, you must generate the signature at your end and compare it with X-Plivo-Signature-V2 parameter in the HTTP header and check whether they are identical. Read more about signature validation here on the Developers Portal.

Methods to compute and verify X-Plivo-Signature-V2 are available in the latest SDKs. Please select the programming language of your choice and switch to the latest version to see how to use these methods.

Arguments

uri string

The callback which you want to validate. This uri can be answer_url, url (message callback), message_url, callback_url, action_url, or hangup_url.

nonce string

You can get this from the relevant event details posted to your callback.

X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 string

You can get this from the relevant event details posted to your callback.

auth_token string

Your account auth-token which you can get from your Plivo dashboard.

Response

  True

Example Request

1
2
3
import plivo
response = plivo.utils.validate_signature('uri', 'nonce', 'signature v2', 'auth_token')
print(response)
1
2
3
4
5
6
7
8
9
10
require 'rubygems'
require 'plivo'
include Plivo
include Plivo::Exceptions
begin
    response = Plivo::Utils.valid_signature?('uri', 'nonce', 'signature v2', 'auth_token')
    puts response
    rescue PlivoRESTError => e
    puts 'Exception: ' + e.message
end
1
2
3
4
5
6
7
var plivo = require('plivo');
(function main() {
    'use strict';

    var response = plivo.validateSignature('uri', 'nounce', 'Signature V2', 'auth_token')
    console.log(response);
})();
1
2
3
4
5
6
7
8
<?php
require 'vendor/autoload.php';
use Plivo\RestClient;
use Plivo\Exceptions\PlivoRestException;
use Plivo\Util\signatureValidation;
$SVUtil = new signatureValidation();
$output = $SVUtil->validateSignature('uri', 'nonce', 'signature v2', 'auth_token');
var_export($output);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
import com.plivo.api.util.Utils;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
class signatureValidation {
    public static void main(String [] args) {
        try {
            boolean response = Utils.validateSignature("uri", "nonce", "signature v2", "auth_token");
            System.out.println(response);
        }catch (IOException | NoSuchAlgorithmException | InvalidKeyException e) {
            e.printStackTrace();
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
using System;
namespace PlivoExamples
{
    class Program
    {
        public static void Main(string[] args)
        {
            string url = "https://answer.url";
            string nonce = "12345";
            string signature = "siganture v2";
            string authToken = "auth_token";
            Console.WriteLine(Plivo.Utilities.XPlivoSignatureV2.VerifySignature(url, nonce, signature, authToken));
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
package main
import "fmt"
import "github.com/plivo/plivo-go"
func main() {
    response := plivo.ValidateSignatureV2(
        "uri",
        "nonce",
        "signature v2",
        "auth_token",
    )
    fmt.Printf("Response: %#v\n", response)
}