Skip to main content
When Plivo makes a synchronous HTTP request to your application, the API expects an XML document in response. Plivo also sends a few parameters with the HTTP request that your application can act upon before responding.

Incoming Message Parameters

To receive a message, your Plivo Application must have a message_url. Plivo expects an XML response from this URL after it sends the parameters below. Only a Message XML element can be sent as a response from the message URL. See the Message XML reference page for more information.

Parameters sent by Plivo for incoming messages

ParameterDescription
FromThe source number of the message.
ToThe number to which the message was sent.
TypeThe type of the message. Allowed value: sms
TextThe message content.
MessageUUIDA unique ID for the message.

Signature Validation

All requests made by Plivo to your server URLs consist of X-Plivo-Signature-V2 and X-Plivo-Signature-V2-Nonce HTTP headers. To validate a request and to verify that the request to your server originated from Plivo, you must generate a signature at your end and compare it with X-Plivo-Signature-V2 parameter in the HTTP header to check whether they match. Read more about signature validation. Methods to compute and verify X-Plivo-Signature-V2 are available in the latest server SDKs. Choose the SDK for the programming language of your choice to see how to use these methods.

Arguments

NameTypeDescription
uristringThe callback that you want to validate. Allowed values: answer_url, message_url, callback_url, action_url, hangup_url
X-Plivo-Signature-V2-NoncestringRandom numeric digits posted to the callback_url, used for validation purposes.
X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2stringRandom alphanumeric characters used for validation. You can get this from the relevant event details posted to your callback. See note below.
auth_tokenstringYour account Auth Token, which you can find on the Overview page of the Plivo console.
Note: You can either use X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 to validate the signature.
  • X-Plivo-Signature-V2 is generated using the Auth Token of the associated account or subaccount. To validate using the X-Plivo-Signature-V2 request header, generate the signature at your end using the same account or subaccount.
  • X-Plivo-Signature-Ma-V2 is always generated using the Auth Token of the account. To validate using the X-Plivo-Signature-Ma-V2 request header, generate the signature using the main account.
from flask import Flask, request, make_response, url_for
import plivo

app = Flask(__name__)

@app.route('/receive_sms/', methods =['GET','POST'])
def signature():
    signature = request.headers.get('X-Plivo-Signature-V2')
    nonce = request.headers.get('X-Plivo-Signature-V2-Nonce')
    uri = url_for('signature', _external=True)
    auth_token = "<auth_token>"

    output = plivo.utils.validate_signature(uri,nonce,signature,auth_token)
    print(output)

    from_number = request.values.get('From')
    to_number = request.values.get('To')
    text = request.values.get('Text')

    print('Message received - From: %s, To: %s, Text: %s' %(from_number, to_number, text))
    return "Text received"

if __name__ == "__main__":
    app.run(host='0.0.0.0', debug=True)

Response

True