Validating Requests and Responses

All requests made by Plivo to your server URLs contain X-Plivo-Signature-V2, X-Plivo-Signature-Ma-V2, and X-Plivo-Signature-V2-Nonce HTTP headers. To validate a request and to verify that the request to your server originated from Plivo, you must generate a signature at your end and check that it matches with the X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 parameter in the HTTP header.

You can use either X-Plivo-Signature-V2 or X-Plivo-Signature-Ma-V2 to validate a signature.

​

Generating and validating the signature

You can generate the signature by calculating the keyed hash message authentication code (HMAC) with these parameters:

• Key — Your Plivo Auth Token
• Message — Base URI appended with X-Plivo-Signature-V2-Nonce. For example, if the base URI is https://<yourdomain>.com/answer/ and X-Plivo-Signature-V2-Nonce is 05429567804466091622, the message will be https://<yourdomain>.com/answer/05429567804466091622.
• Hashing Function — SHA256

​

Code

from flask import Flask, request, make_response, url_for
import plivo

app = Flask(__name__)

@app.route('/receive_sms/', methods =['GET','POST'])
def signature():
    signature = request.headers.get('X-Plivo-Signature-V2')
    nonce = request.headers.get('X-Plivo-Signature-V2-Nonce')
    uri = url_for('signature', _external=True)
    auth_token = "<auth_token>"
    
    output = plivo.utils.validate_signature(uri,nonce,signature,auth_token)
    print(output)

    from_number = request.values.get('From') # Sender's phone numer
    to_number = request.values.get('To') # Receiver's phone number - Plivo number
    text = request.values.get('Text') # The text which was received

    print('Message received - From: %s, To: %s, Text: %s' %(from_number, to_number, text))
    return "Text received"

if __name__ == "__main__":
    app.run(host='0.0.0.0', debug=True)