Request
Validation
All requests made by Plivo to your server URLs consist of X-Plivo-Signature-V2
and X-Plivo-Signature-V2-Nonce
HTTP headers. To validate a request and to verify that the request to your server originated from Plivo, you must generate a signature at your end and compare it with X-Plivo-Signature-V2
parameter in the HTTP header to check whether they match. Read more about signature validation.
Methods to compute and verify X-Plivo-Signature-V2 are available in the latest server SDKs. Choose the SDK for the programming language of your choice to see how to use these methods.
Arguments
Name | Type | Description |
---|---|---|
uri | string | The callback that you want to validate. Allowed values: answer_url , message_url , callback_url , action_url , hangup_url |
X-Plivo-Signature-V2-Nonce | string | Random numeric digits posted to the callback_url , used for validation purposes. |
X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 | string | Random alphanumeric characters used for validation. You can get this from the relevant event details posted to your callback. See note below. |
auth_token | string | Your account Auth Token, which you can find on the Overview page of the Plivo console. |
Note: You can either use X-Plivo-Signature-V2
or X-Plivo-Signature-Ma-V2
to validate the signature.
X-Plivo-Signature-V2
is generated using the Auth Token of the associated account or subaccount. To validate using theX-Plivo-Signature-V2
request header, generate the signature at your end using the same account or subaccount.X-Plivo-Signature-Ma-V2
is always generated using the Auth Token of the account. To validate using theX-Plivo-Signature-Ma-V2
request header, generate the signature using the main account.