stackoom
  简体   繁体   中英

Twilio Receive SMS Security

 原文  2016-01-05 07:06:21       python/ flask/ twilio

Question

I'm following the quickstart example here: Twilio Python Quickstart

How should the server authenticate that the request is actually coming from twilio?

I'm looking at the phone number config screen and this is what I see. I don't see an IP white list or a way to specify twilio's auth credentials.

It seems like anyone that knew the URL and response format could pretend to be twilio.

Thanks for the help :)

2 answers

solution1
 2  2016-01-09 09:30:10

Twilio developer evangelist here.

I know Akhil has answered this (thanks Akhil!) and you accepted the answer. However, there is one more, arguably better way to validate requests are coming from Twilio which I wanted to share with you too.

When Twilio makes a call to your SMS URL (or any other URLs that you have set up) it will sign the request using a combination of the URL, the parameters in the request and your account's Auth Token. The signature is then sent as the request header X-Twilio-Signature .

To verify the request was made by Twilio you can follow the same process to create the signature and then compare against the one sent by Twilio. If they match, you can guarantee that Twilio sent the request.

This is the high level view of it, if you want to read more, including the full description for the algorithm for creating the signature, check out Twilio's security page . If you're using Python, the Twilio Python library provides the RequestValidator to easily validate requests .

solution2
 1 ACCPTED  2016-01-05 09:06:06

When a particular twilio number receives a message, a request will be made to the SMS URL associated with that number. Along with the message body, Twilio will pass a number of parameters. A full list of parameters can be seen here ).

Now you can check if the AccountSid passed along the message is set and as same as your Account Sid for quick verification.

If you want higher level of reliability, then you can use the MessageSid parameter to query the Message resource using REST API and crosscheck between request and resource obtained from REST API .

(Refer here for twilio Message REST API )

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Receive and Print a Twilio SMS with Python How to receive an SMS in python and load in to variable with twilio Twilio trigger Python function on SMS receive Python Twilio SMS python sending sms with twilio Twilio SMS Repsonse Flask SMS with twilio error Twilio SMS/Python, trying to capture the body of an SMS Receiving and processing an SMS with Twilio in Python Twilio - how to handle inbound sms
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM