Validating Tropo's HTTP Request
https://stackoverflow.com/questions/12615653
-
04-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
Whenever you launch a Tropo Session, it will send the session information to the URL attached with the token.
I would like validate this session dump request from my server end. For Twilio you will get "x-twilio-signature" header. I am curious to know all the http headers that tropo sending with the above request.
Thanks for any suggestions / help.
-San
Lösung 2
Further to post here I have raised a ticket in Tropo forum. They are pretty good in response time. Here is the thread for any ref on this question : https://www.tropo.com/ticket/1855216
Thanks for all your comments and ideas.
Andere Tipps
San,
You are able to pass any arbitrary data in the API call to the Tropo API. This data would then be present in the session object which is then posted to your backend, so it should be pretty simple to pass your own validation token this way and then validate it server side.
-John
IP ranges are obviously a no-go, because we need to maintain the list of their IPs. Can they (I mean, Tropo devs) at least add reverse-ip domain, so we could check it using dns system?
So right now I see that the only way is to have a unique URL for incoming messages like http://example.org/incoming/sms/850ce611d5c889aac5535b206737c3fa.json which is kept secret. That's ugly, but should work.
