问题
We are using twilio to send/receive SMS messages. We have a webhook configured to receive the messages sent by a customer. We want to validate if the request infact originated from twilio. I was going through the documentation and found that there is a method called validated in twilio sdk. For some reason we are not using the sdk. So we want to validate it by ourself. Can anyone please tell me how to validate?
回答1:
You can do it yourself without the SDK if you wish.
In short, you'll have to use https for your webhooks when configuring at Twilio, and, on your server side, validate a signature which Twilio sends as a header X-Twilio-Signature when making the request.
Computing the signature means to re-assemble the request data and compute a hash using your Twilio account AuthToken.
This is explained in more details on Twilio's docs here:
https://www.twilio.com/docs/usage/security#validating-requests
来源:https://stackoverflow.com/questions/55379748/how-to-validate-x-twilio-signature