Reputation: 5298
Twilio Validate Requests from Subaccounts
I want to be able to validate the requests to my server from Twilio are from twilio as shown here. When using my primary account, this works just fine (I use a node wrapper but I manually have followed the steps and can match their x-twilio-signature.
When I use subaccounts, though, it fails every time. I attempt to use the subaccount's auth token as well as the parent's as the key to the SHA, but nothing works, nor do the node wrappers. There is no documentation about subaccounts and validation. Anyone used subaccounts and also tried validating incoming requests?
Upvotes: 1
Views: 325
Answers (1)
Reputation: 3811
From a support interaction it looks like the OP spent some time debugging Twilio-Node and found:
The Node module encodes the URL, so it creates something like
https://987f3bb1.ngrok.io/api/twilioWebhook%3Ffoo=1whereas you guys are not encoding the query string delimiter, so your URL looks like
https://987f3bb1.ngrok.io/api/twilioWebhook?foo=1I am now recreating the URL myself and passing it in as part of the options, and this does not get formatted so it is working now. I've created an issue in the GitHub repo for this as well with suggestions to fix.
Upvotes: 0
Related Questions
- Twilio callback signature validation always failing for POST call
- How to validate an incoming webhook GET request from the Twilio API using Node.js
- Can Twilio subaccounts use main account active numbers and verified caller IDs?
- twilio webhook: fail to validate signature
- Validate Twilio webhook incoming request with API key and secret, instead of using Auth Token
- Cannot validate Twilio webhook signatures for calls from authorized, Connect subaccounts
- How do you use the Twilio Node SDK to validate webhook requests?
- how to verify a Twilio call using the parent account token
- Unable to validate Twilio request in Google cloud function