All requests made by Plivo to your server URLs contain X-Plivo-Signature-V2, X-Plivo-Signature-Ma-V2, and X-Plivo-Signature-V2-Nonce HTTP headers. To validate a request and to verify that the request to your server originated from Plivo, you must generate a signature at your end and check that it matches with the X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 parameter in the HTTP header.You can use either X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 to validate a signature.
X-Plivo-Signature-V2 is generated using the Auth Token of the associated account or subaccount. To validate using the X-Plivo-Signature-V2 request header, you must generate a signature at your end using the same account or subaccount.
X-Plivo-Signature-Ma-V2 is always generated using the Auth Token of the main account. To validate using the X-Plivo-Signature-Ma-V2 request header, you must generate the signature using the main account.
You can generate the signature by calculating the keyed hash message authentication code (HMAC) with these parameters:
Key — Your Plivo Auth Token
Message — Base URI appended with X-Plivo-Signature-V2-Nonce. For example, if the base URI is https://<yourdomain>.com/answer/ and X-Plivo-Signature-V2-Nonce is 05429567804466091622, the message will be https://<yourdomain>.com/answer/05429567804466091622.