堆栈内存溢出
  简体   繁体   English

如何使用oAuth / http标头用户名和密码保护Nexmo回调URL

[英]How to secure Nexmo Callback URL using oAuth/ http header username and password

 原文  2014-06-03 22:24:06       java/ sms/ nexmo

问题描述

I have been looking into Nexmo documentation ( https://docs.nexmo.com/index.php/sms-api/handle-inbound-message ) for inbound messages and have a query. 我一直在研究Nexmo文档( https://docs.nexmo.com/index.php/sms-api/handle-inbound-message ),以了解入站消息并进行查询。

I want to make sure that the URL is being called from Nexmo and Nexmo alone. 我想确保仅从Nexmo和Nexmo调用URL。 So in order to secure my end-point how do I specify token or username and password parameters/ http headers so that its secure? 因此,为了保护我的端点,如何指定令牌或用户名和密码参数/ http标头,以确保其安全?

Any help is appreciated. 任何帮助表示赞赏。

Thanks 谢谢

2 个解决方案

解决方案1
 2  2015-04-07 15:03:25

Rohit, I understand what you're looking for but that is not supported by their API. Rohit,我知道您在寻找什么,但是他们的API不支持。 Another option for you is to use the messageId sent to you and then go get the message details yourself via the Message Search API, https://docs.nexmo.com/index.php/developer-api/search-message . 您的另一种选择是messageId发送给您的messageId ,然后自己通过Message Search API https://docs.nexmo.com/index.php/developer-api/search-message获取消息详细信息。

So if you get a call something like: 因此,如果您接到电话,例如: 

?msisdn=19150000001&to=12108054321&messageId=000000FFFB0356D1&text=This+is+an+inbound+message&type=text&message-timestamp=2012-08-19+20%3A38%3A23

Then you can turn around and call: 然后,您可以转身致电: 

https://rest.nexmo.com/sms/json/search/message/{api_key}/{api_secret}/000000FFFB0356D1

Since you authenticate yourself to Nexmo and fetch the information yourself you can trust it at this point, rather than trusting what was sent to your endpoint. 由于您已向Nexmo进行身份验证并自己获取信息,因此您现在可以信任它,而不是信任发送到端点的内容。 That way if someone sends you a junk messageId you'll find out when Nexmo tells you it is invalid. 这样,如果有人向您发送垃圾邮件ID,您将在Nexmo告诉您无效时查明。

解决方案2
 0  2015-09-04 10:04:29

You can append custom query parameters to your request, so you should be able to pass in security credentials that way. 您可以将自定义查询参数附加到您的请求中,因此您应该能够以这种方式传递安全凭证。 You should of course be sure to use HTTPS in that case. 在这种情况下,您当然应该确保使用HTTPS。

https://help.nexmo.com/hc/en-us/articles/203806548-Can-I-Append-Custom-Parameters-to-the-Callback-URL- https://help.nexmo.com/hc/en-us/articles/203806548-Can-I-Append-Custom-Parameters-to-the-Callback-URL-

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Nexmo入站回调URL - Nexmo inbound callback URL 如何以安全的方式存储用户名和密码 - How to store username and password in a secure way Android中的安全用户名和密码 - Secure username and password in Android 使用HTTP Basic时如何检查登录时用户名和密码是否正确? - How to check if username and password is correct on login when using HTTP Basic? HTTP错误401.2尝试使用DefaultHttpClient调用具有用户名和密码的URL - HTTP Error 401.2 When trying to call an URL with username and password using DefaultHttpClient 使用Springboot在https url中的用户名和密码 - Username and password in https url using Springboot 如何在安全模块Play 1.2.5中对用户名和密码进行硬编码 - How to hard code username and password in Secure module Play 1.2.5 在Twitter中使用Scribe库for Oauth和回调网址 - Using Scribe library for Oauth in Twitter with callback url 如何将密码和用户名从servlet传递到其他安全 - how to pass password and username from servlet to other secure 通过Nexmo API将回调URL分配给短信号码 - Assign callback URL to the sms number via Nexmo API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM