All requests made by Plivo to your server URLs contain X-Plivo-Signature-V2, X-Plivo-Signature-Ma-V2, and X-Plivo-Signature-V2-Nonce HTTP headers. To validate a request and to verify that the request to your server originated from Plivo, you must generate a signature at your end and check that it matches with the X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 parameter in the HTTP header. You can use either X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 to validate a signature.
  • X-Plivo-Signature-V2 is generated using the Auth Token of the associated account or subaccount. To validate using the X-Plivo-Signature-V2 request header, you must generate a signature at your end using the same account or subaccount.
  • X-Plivo-Signature-Ma-V2 is always generated using the Auth Token of the main account. To validate using the X-Plivo-Signature-Ma-V2 request header, you must generate the signature using the main account.

Generating and validating the signature

You can generate the signature by calculating the keyed hash message authentication code (HMAC) with these parameters:
  • Key — Your Plivo Auth Token
  • Message — Base URI appended with X-Plivo-Signature-V2-Nonce. For example, if the base URI is https://<yourdomain>.com/answer/ and X-Plivo-Signature-V2-Nonce is 05429567804466091622, the message will be https://<yourdomain>.com/answer/05429567804466091622.
  • Hashing Function — SHA256

Code

from flask import Flask, request, make_response, url_for
import plivo

app = Flask(__name__)

@app.route('/receive_sms/', methods =['GET','POST'])
def signature():
    signature = request.headers.get('X-Plivo-Signature-V2')
    nonce = request.headers.get('X-Plivo-Signature-V2-Nonce')
    uri = url_for('signature', _external=True)
    auth_token = "<auth_token>"
    
    output = plivo.utils.validate_signature(uri,nonce,signature,auth_token)
    print(output)

    from_number = request.values.get('From') # Sender's phone numer
    to_number = request.values.get('To') # Receiver's phone number - Plivo number
    text = request.values.get('Text') # The text which was received

    print('Message received - From: %s, To: %s, Text: %s' %(from_number, to_number, text))
    return "Text received"

if __name__ == "__main__":
    app.run(host='0.0.0.0', debug=True)