All requests made by Plivo to your server URLs consist of a X-Plivo-Signature-V2 and X-Plivo-Signature-V2-Nonce HTTP headers. To validate the request and to verify that the request to your server has originated from Plivo, you must generate the signature at your end and compare it with X-Plivo-Signature-V2 parameter in the HTTP header and check whether they are identical.

Generating and Validating the Signature

You can generate the signature by calculating the Keyed-Hash Message Authentication Code (HMAC) with the following parameters:

  • Key - Your Plivo Auth Token
  • Message - Base URI appended with X-Plivo-Signature-V2-Nonce.
  • Hashing Function - SHA256

For example, if the base URI is “http://foo.com/answer/” and X-Plivo-Signature-V2-Nonce is “05429567804466091622”, the message will be “http://foo.com/answer/05429567804466091622”

Validating signatures using the latest server-side SDKs