Validation
All requests made by Plivo to your server URLs consist of X-Plivo-Signature-V2 and X-Plivo-Signature-V2-Nonce HTTP headers. To validate a request and to verify that the request to your server originated from Plivo, you must generate a signature at your end and compare it with X-Plivo-Signature-V2 parameter in the HTTP header to check whether they match. Read more about signature validation.
Methods to compute and verify X-Plivo-Signature-V2 are available in the latest server SDKs. Choose the SDK for the programming language of your choice to see how to use these methods.
Arguments
| uri string | The callback that you want to validate. Allowed values: answer_url, message_url, callback_url, action_url, hangup_url |
| X-Plivo-Signature-V2-Nonce string | Random numeric digits posted to the callback_url, used for validation purpose. |
| X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 string | Random alphanumeric characters used for validation. You can get this from the relevant event details posted to your callback. See note below. |
| auth_token string | Your account Auth Token, which you can find on the Overview page of the Plivo console. |
Note:
You can either use X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 to validate the signature.
- X-Plivo-Signature-V2 is generated using the Auth Token of the associated account or subaccount. To validate using the X-Plivo-Signature-V2 request header, generate the signature at your end using the same account or subaccount.
- X-Plivo-Signature-Ma-V2 is always generated using the Auth Token of the account. To validate using the X-Plivo-Signature-Ma-V2 request header, generate the signature using the main account.
Response
True
Example Request
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
from flask import Flask, request, make_response, url_for
import plivo
app = Flask(__name__)
@app.route('/receive_sms/', methods =['GET','POST'])
def signature():
signature = request.headers.get('X-Plivo-Signature-V2')
nonce = request.headers.get('X-Plivo-Signature-V2-Nonce')
uri = url_for('signature', _external=True)
auth_token = "<auth_token>"
output = plivo.utils.validate_signature(uri,nonce,signature,auth_token)
print(output)
from_number = request.values.get('From') # Sender's phone numer
to_number = request.values.get('To') # Receiver's phone number - Plivo number
text = request.values.get('Text') # The text which was received
print('Message received - From: %s, To: %s, Text: %s' %(from_number, to_number, text))
return "Text received"
if __name__ == "__main__":
app.run(host='0.0.0.0', debug=True)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
require 'sinatra'
require 'rubygems'
require 'plivo'
include Plivo
require 'uri'
get '/receive_sms/' do
auth_token = "<auth_token>"
signature = request.env["HTTP_X_PLIVO_SIGNATURE_V2"]
nonce = request.env["HTTP_X_PLIVO_SIGNATURE_V2_NONCE"]
url = request.url
uri = (url.split("?"))[0]
output = Plivo::Utils.valid_signature?(uri,nonce,signature,auth_token)
puts output
from_number = params[:From]# The phone number of the person who sent the SMS
to_number = params[:To]# Your Plivo number that will receive the SMS
text = params[:Text]# The text which was received on your Plivo number
puts "Message received from #{from_number} : #{ text }"
end
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
var plivo = require('plivo');
var express = require('express');
var app = express();
app.set('port', (process.env.PORT || 5000));
app.use(express.static(__dirname + '/public'));
app.use(express.urlencoded({ extended: true }))
app.all('/receive_sms/', function(req, res) {
var auth_token = ('<auth_token>');
var signature = req.get('X-Plivo-Signature-V2');
var nonce = req.get('X-Plivo-Signature-V2-Nonce');
var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;
var from_number = req.body.From;// Sender's phone number
var to_number = req.body.To;// Receiver's phone number - Plivo number
var text = req.body.Text;// The text which was received
var output = plivo.validateSignature(fullUrl, nonce, signature, auth_token)
console.log(output);
console.log ('From : ' + from_number + ' To : ' + to_number + ' Text : ' + text);
});
app.listen(app.get('port'), function() {
console.log('Node app is running on port', app.get('port'));
});
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php
require 'vendor/autoload.php';
use Plivo\Util\signatureValidation;
$auth_token = "<auth_token>";
$signature = $_SERVER["HTTP_X_PLIVO_SIGNATURE_V2"];
$nonce = $_SERVER["HTTP_X_PLIVO_SIGNATURE_V2_NONCE"];
$url = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . "{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
$uri = explode('?',$url);
$uri1 = $uri[0];
$SVUtil = new signatureValidation();
$output = $SVUtil->validateSignature($uri1,$nonce,$signature,$auth_token);
var_export($output);
$from_number = $_REQUEST["From"];// Sender's phone numer
$to_number = $_REQUEST["To"];// Receiver's phone number - Plivo number
$text = $_REQUEST["Text"];// The SMS text message which was received
echo("Message received from $from_number : $text");
?>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package plivoexample;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import com.plivo.api.util.Utils;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import com.plivo.helper.util.*;
public class validateSignature extends HttpServlet {
private static final long serialVersionUID = 1L;
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
String auth_token = "<auth_token>";
String signature = req.getHeader("X-Plivo-Signature-V2");
String nonce = req.getHeader("X-Plivo-Signature-V2-Nonce");
String url = req.getRequestURL().toString();
try {
Boolean isValid = XPlivoSignature.verify(url, nonce, signature, auth_token);
System.out.println("Valid : " + isValid);
} catch (PlivoException e) {
e.printStackTrace();
}
String from_number = req.getParameter("From");
String to_number = req.getParameter("To");
String text = req.getParameter("Text");
System.out.println("From : " + from_number + " To : " + to_number + " Text : " + text);
}
public static void main(String[] args) throws Exception {
String port = System.getenv("PORT");
if(port==null)
port ="8080";
Server server = new Server(Integer.valueOf(port));
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
server.setHandler(context);
context.addServlet(new ServletHolder(new validateSignature()),"/receive_sms");
server.start();
server.join();
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
using System;
using System.Collections.Generic;
using System.Diagnostics;
using RestSharp;
using Plivo.Utilities;
using Nancy;
namespace validateSignature
{
public class Program : NancyModule
{
public Program()
{
Get["/receive_sms/"] = x =>
{
IEnumerable<string> signature = Request.Headers["X-Plivo-Signature-V2"];
String[] sign = (String[])signature;
String actualsignature = sign[0];
IEnumerable<string> nonce = Request.Headers["X-Plivo-Signature-V2-Nonce"];
String[] key = (String[])nonce;
String actualnonce = key[0];
String auth_token = "<auth_token>";
String url = Request.Url.SiteBase + Request.Url.Path;
bool valid = Plivo.Utilities.XPlivoSignatureV2.VerifySignature(url, actualnonce, actualsignature, auth_token);
Debug.WriteLine("Valid : " + valid);
String from_number = Request.Query["From"];
String to_number = Request.Query["To"];
String text = Request.Query["Text"];
Debug.WriteLine("From : {0}, To : {1}, Text : {2}", from_number, to_number, text);
Console.ReadLine();
return "OK";
};
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package main
import (
"fmt"
"net/http"
"github.com/plivo/plivo-go"
)
func handler(w http.ResponseWriter, r *http.Request) {
originalurl := "https://" + r.Host + r.URL.Path
authToken := "<auth_token>"
signature := r.Header.Get("X-Plivo-Signature-V2")
nonce := r.Header.Get("X-Plivo-Signature-V2-Nonce")
fromnumber := r.FormValue("From")
tonumber := r.FormValue("To")
text := r.FormValue("Text")
response := plivo.ValidateSignatureV2(
originalurl,
nonce,
signature,
authToken,
)
fmt.Printf("Response: %#v\n", response)
print("Message Received - ", fromnumber, " ", tonumber, " ", text)
}
func main() {
http.HandleFunc("/receive_sms/", handler)
http.ListenAndServe(":8080", nil)
}
Rate this page
🥳 Thank you! It means a lot to us!
×
Help Us Improve
Thank you so much for rating the page, we would like to get your input for further improvements!
Subscribe to Updates
Thank you for your feedback!