An important part of any secure Twilio application is correctly performing request validation.
For a complete description of how request validation works, see the Twilio security documentation.
The basic idea is that Twilio builds a string based on the parameters sent to your server and then creates a hash of this string using your account's AuthToken (a shared secret).
Twilio sends this hash to your server as a header in its request.
You can then build the same string and create the same hash as Twilio did, and compare yours to the one Twilio sent to determine the authenticity of the request.
author | Aleksey Korzun |
---|---|
package | Library |
subpackage | Twilio\Utility |
link | http://www.twilio.com/docs/security#validating-requests |
__construct(string $token)
string
the secret key used to sign the token.
computeSignature(string $url, string[] $data) : string
string
string[]
string
validate(string $signature, string $url, string[] $data) : bool
string
expected signature
string
string[]
bool
$token : string