How to Validate Requests from Twilio
Turn on SSL on the server associated with your Twilio development., Set your Twilio account to use HTTPS urls., Retrieve the signature Twilio has sent to your application in an HTTP header titled “X-Twilio-Signature”. , Create a string from your URL...
Step-by-Step Guide
-
Step 1: Turn on SSL on the server associated with your Twilio development.
Twilio will assemble a request to your web application, which includes any POST fields and the final URL.
Twilio also signs it with your AuthToken as a key and with HMAC-SHA1.
This signature is then sent as “X-Twilio-Signature” in an HTTP header. ,, Sort any POST parameters alphabetically using Unix-style case-sensitive sorting order, if your request is a post.
Append the variable value and name to the end of the URL with no delimiters. ,,, -
Step 2: Set your Twilio account to use HTTPS urls.
-
Step 3: Retrieve the signature Twilio has sent to your application in an HTTP header titled “X-Twilio-Signature”.
-
Step 4: Create a string from your URL with a full query string.
-
Step 5: Sign the URL string with HMAC-SHA1 and use your AuthToken as the key.
-
Step 6: Encode the resulting hash value in Base64.
-
Step 7: Retrieve the “X-Twilio-Signature” header and compare its hash to the Base64 encoding of the hash value.
Detailed Guide
Twilio will assemble a request to your web application, which includes any POST fields and the final URL.
Twilio also signs it with your AuthToken as a key and with HMAC-SHA1.
This signature is then sent as “X-Twilio-Signature” in an HTTP header. ,, Sort any POST parameters alphabetically using Unix-style case-sensitive sorting order, if your request is a post.
Append the variable value and name to the end of the URL with no delimiters. ,,,
About the Author
Emma Brown
With a background in education and learning, Emma Brown brings 12 years of hands-on experience to every article. Emma believes in making complex topics accessible to everyone.
Rate This Guide
How helpful was this guide? Click to rate: