An important part of any secure Twilio application is correctly performing request validation.

For a complete description of how request validation works, see the Twilio security documentation.

The basic idea is that Twilio builds a string based on the parameters sent to your server and then creates a hash of this string using your account's AuthToken (a shared secret).

Twilio sends this hash to your server as a header in its request.

You can then build the same string and create the same hash as Twilio did, and compare yours to the one Twilio sent to determine the authenticity of the request.

author Aleksey Korzun
package Library
subpackage Twilio\Utility
link http://www.twilio.com/docs/security#validating-requests

 Methods

Class constructor

__construct(string $token) 

Parameters

$token

string

the secret key used to sign the token.

Compute signature

computeSignature(string $url, string[] $data) : string

Parameters

$url

string

$data

string[]

Returns

string

Validate signature

validate(string $signature, string $url, string[] $data) : bool

Parameters

$signature

string

expected signature

$url

string

$data

string[]

Returns

bool

 Properties

 

$token : string