Reputation: 2663
How to validate X-TWILIO-SIGNATURE
We are using twilio to send/receive SMS messages. We have a webhook configured to receive the messages sent by a customer. We want to validate if the request infact originated from twilio. I was going through the documentation and found that there is a method called validated in twilio sdk. For some reason we are not using the sdk. So we want to validate it by ourself. Can anyone please tell me how to validate?
Upvotes: 0
Views: 4995
Answers (1)
Reputation: 11742
You can do it yourself without the SDK if you wish.
In short, you'll have to use https for your webhooks when configuring at Twilio, and, on your server side, validate a signature which Twilio sends as a header X-Twilio-Signature when making the request.
Computing the signature means to re-assemble the request data and compute a hash using your Twilio account AuthToken.
This is explained in more details on Twilio's docs here:
https://www.twilio.com/docs/usage/security#validating-requests
Upvotes: 2
Related Questions
- integrated twillio verify service in my App
- How to generate hash signature?
- How to use RequestValidator with API Key?
- Check status after verification - Twilio Verify
- Serverless Phone Verification with Twilio Verify and Twilio Functions
- Twilio - X-Twilio-Signature - Incoming request Validation
- How to use custom alphanumeric sender id with Twilio Verify API
- Twilio not including X-Twilio-Signature header in POST request to https address
- Twilio Webhooks, validating the genuine twilio Request
- How can you verify an incoming Twilio sms?