1

Whenever you launch a Tropo Session, it will send the session information to the URL attached with the token.

I would like validate this session dump request from my server end. For Twilio you will get "x-twilio-signature" header. I am curious to know all the http headers that tropo sending with the above request.

Thanks for any suggestions / help.

-San

Kevin Burke
  • 61,194
  • 76
  • 188
  • 305
San
  • 542
  • 6
  • 21

3 Answers3

0

San,

You are able to pass any arbitrary data in the API call to the Tropo API. This data would then be present in the session object which is then posted to your backend, so it should be pretty simple to pass your own validation token this way and then validate it server side.

-John

John T Dyer
  • 156
  • 3
  • 4
  • Yes, one more method I was thinking is add some sort of static key to the URL when attaching to the token. so that I can verify the key from query string. I dont want to parse the posted json for verification right? – San Sep 28 '12 at 06:01
0

Further to post here I have raised a ticket in Tropo forum. They are pretty good in response time. Here is the thread for any ref on this question : https://www.tropo.com/ticket/1855216

Thanks for all your comments and ideas.

San
  • 542
  • 6
  • 21
0

IP ranges are obviously a no-go, because we need to maintain the list of their IPs. Can they (I mean, Tropo devs) at least add reverse-ip domain, so we could check it using dns system?

So right now I see that the only way is to have a unique URL for incoming messages like http://example.org/incoming/sms/850ce611d5c889aac5535b206737c3fa.json which is kept secret. That's ugly, but should work.

alex
  • 11,935
  • 3
  • 30
  • 42