Latest Legacy

Validation

All requests made by Plivo to your server URLs consist of a X-Plivo-Signature-V2 and X-Plivo-Signature-V2-Nonce HTTP headers. To validate the request and to verify that the request to your server has originated from Plivo, you must generate the signature at your end and compare it with X-Plivo-Signature-V2 parameter in the HTTP header and check whether they are identical. Read more about signature validation here on the Developers Portal.

Methods to compute and verify X-Plivo-Signature-V2 are available in the latest SDKs. Please select the programming language of your choice and switch to the latest version to see how to use these methods.

Arguments

uri string

The callback which you want to validate. This uri can be answer_url, url (message callback), message_url, callback_url, action_url, or hangup_url.

nonce string

You can get this from the relevant event details posted to your callback.

X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 string

You can get this from the relevant event details posted to your callback.

auth_token string

Your account auth-token which you can get from your Plivo dashboard.

Note:
  • You can either use X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2to validate the signature
  • X-Plivo-Signature-V2 is generated using the Auth Token of the associated Main Account or Sub-Account. To validate using X-Plivo-Signature-V2 request header, you must generate the signature at your end using the same Main Account or Sub-Account.
  • X-Plivo-Signature-Ma-V2 is always generated using the Auth Token of the Main Account. To validate using X-Plivo-Signature-Ma-V2 request header, you must generate the signature using the Main account.

Response

  True

Example Request

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
from flask import Flask, request, make_response, url_for
import plivo

app = Flask(__name__)

@app.route('/receive_sms/', methods =['GET','POST'])
def signature():
    signature = request.headers.get('X-Plivo-Signature-V2')
    nonce = request.headers.get('X-Plivo-Signature-V2-Nonce')
    uri = url_for('signature', _external=True)
    auth_token = "Your_Auth_Token"
    
    output = plivo.utils.validate_signature(uri,nonce,signature,auth_token)
    print(output)

    from_number = request.values.get('From') # Sender's phone numer
    to_number = request.values.get('To') # Receiver's phone number - Plivo number
    text = request.values.get('Text') # The text which was received

    print('Message received - From: %s, To: %s, Text: %s' %(from_number, to_number, text))
    return "Text received"

if __name__ == "__main__":
    app.run(host='0.0.0.0', debug=True)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
require 'sinatra'
require 'rubygems'
require 'plivo'
include Plivo
require 'uri'

get '/receive_sms/' do
    auth_token = "Your_Auth_Token"
    signature = request.env["HTTP_X_PLIVO_SIGNATURE_V2"]
    nonce = request.env["HTTP_X_PLIVO_SIGNATURE_V2_NONCE"]
    url = request.url
    uri = (url.split("?"))[0]
    
    output = Plivo::Utils.valid_signature?(uri,nonce,signature,auth_token)
    puts output

    from_number = params[:From]# The phone number of the person who sent the SMS
    to_number = params[:To]# Your Plivo number that will receive the SMS
    text = params[:Text]# The text which was received on your Plivo number

    puts "Message received from #{from_number} : #{ text }"
end
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
var plivo = require('plivo');
var express = require('express');
var app = express();

app.set('port', (process.env.PORT || 5000));
app.use(express.static(__dirname + '/public'));
app.use(express.urlencoded({ extended: true }))

app.all('/receive_sms/', function(req, res) {
    
    var auth_token = ('Your_AUTH_TOKEN');
    var signature = req.get('X-Plivo-Signature-V2');
    var nonce = req.get('X-Plivo-Signature-V2-Nonce');
    var fullUrl = req.protocol + '://' + req.get('host') + req.originalUrl;

    var from_number = req.body.From;// Sender's phone number
    var to_number = req.body.To;// Receiver's phone number - Plivo number
    var text = req.body.Text;// The text which was received

    var output = plivo.validateSignature(fullUrl, nonce, signature, auth_token)
    console.log(output);
    
    console.log ('From : ' + from_number + ' To : ' + to_number + ' Text : ' + text);

});

app.listen(app.get('port'), function() {
    console.log('Node app is running on port', app.get('port'));
});
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<?php
    require 'vendor/autoload.php';
    use Plivo\Util\signatureValidation;

    $auth_token = "Your_Auth_Token";
    $signature = $_SERVER["HTTP_X_PLIVO_SIGNATURE_V2"];
    $nonce = $_SERVER["HTTP_X_PLIVO_SIGNATURE_V2_NONCE"];
    
    $url = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . "{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
    $uri = explode('?',$url);   
    $uri1 = $uri[0];    

    $SVUtil = new signatureValidation();
    $output = $SVUtil->validateSignature($uri1,$nonce,$signature,$auth_token);
    var_export($output);
    
    $from_number = $_REQUEST["From"];// Sender's phone numer
    $to_number = $_REQUEST["To"];// Receiver's phone number - Plivo number
    $text = $_REQUEST["Text"];// The SMS text message which was received
    
    echo("Message received from $from_number : $text");
?>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package plivoexample;

import java.io.IOException;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import com.plivo.api.util.Utils;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;

import com.plivo.helper.util.*;

public class validateSignature extends HttpServlet {
    private static final long serialVersionUID = 1L;
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) 
            throws ServletException, IOException {
        String auth_token = "Your_AUTH_TOKEN";
        String signature = req.getHeader("X-Plivo-Signature-V2");
        String nonce = req.getHeader("X-Plivo-Signature-V2-Nonce");
        String url = req.getRequestURL().toString();
        
        try {
            Boolean isValid = XPlivoSignature.verify(url, nonce, signature, auth_token);
            System.out.println("Valid : " + isValid);
        } catch (PlivoException e) {
            e.printStackTrace();
        }
        
        String from_number = req.getParameter("From");
        String to_number = req.getParameter("To");
        String text = req.getParameter("Text");
        System.out.println("From : " + from_number + " To : " + to_number + " Text : " + text);       
    }

    public static void main(String[] args) throws Exception {
        String port = System.getenv("PORT");
        if(port==null)
            port ="8080";
        Server server = new Server(Integer.valueOf(port));
        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
        context.setContextPath("/");
        server.setHandler(context);
        context.addServlet(new ServletHolder(new validateSignature()),"/receive_sms");
        server.start();
        server.join();
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
using System;
using System.Collections.Generic;
using System.Diagnostics;
using RestSharp;
using Plivo.Utilities;
using Nancy;

namespace validateSignature
{
    public class Program : NancyModule
    {
        public Program()
        {
            Get["/receive_sms/"] = x =>
            {
                IEnumerable<string> signature = Request.Headers["X-Plivo-Signature-V2"];
                String[] sign = (String[])signature;
                String actualsignature = sign[0];

                IEnumerable<string> nonce = Request.Headers["X-Plivo-Signature-V2-Nonce"];
                String[] key = (String[])nonce;
                String actualnonce = key[0];

                String auth_token = "Your_AUTH_TOKEN";
                String url = Request.Url.SiteBase + Request.Url.Path;

                bool valid = Plivo.Utilities.XPlivoSignatureV2.VerifySignature(url, actualnonce, actualsignature, auth_token);
                Debug.WriteLine("Valid : " + valid);
                
                String from_number = Request.Query["From"];
                String to_number = Request.Query["To"];
                String text = Request.Query["Text"];

                Debug.WriteLine("From : {0}, To : {1}, Text : {2}", from_number, to_number, text);
                Console.ReadLine(); 
                return "OK";
            };
        }
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
package main

import (
	"fmt"
	"net/http"

	"github.com/plivo/plivo-go"
)

func handler(w http.ResponseWriter, r *http.Request) {

	originalurl := "http://" + r.Host + r.URL.Path
	authToken := "Your_AUTH_TOKEN"
	signature := r.Header.Get("X-Plivo-Signature-V2")
	nonce := r.Header.Get("X-Plivo-Signature-V2-Nonce")
	fromnumber := r.FormValue("From")
	tonumber := r.FormValue("To")
	text := r.FormValue("Text")

	response := plivo.ValidateSignatureV2(
		originalurl,
		nonce,
		signature,
		authToken,
	)
	fmt.Printf("Response: %#v\n", response)

	print("Message Received - ", fromnumber, " ", tonumber, " ", text)
}

func main() {
	http.HandleFunc("/receive_sms/", handler)
	http.ListenAndServe(":8080", nil)
}