Many clients ask us how the can ensure security when we push replies and delivery reports over HTTP to their web server.
Here are a few tips:
We recommend that you setup and use https on your server
We post your user_id with every webhook. The user ID is unique to your account and fixed. You can check the body for this value.
When sending the SMS, you can supply a 'custom_string' parameter for each recipient (see the sms/send endpoint). We will pass this back with all replies. You can set this to anything and validate it when we post it back.
When setting up the inbound SMS rule, you can add a query string token to the end of your URL.
for example: https:// yourserver.com/incoming/sms.php?token=Fsk83jdiao2e
By adding a token to the end of the URL that only you know, you can verify that the script is coming from us.
We always post from the same pool of IP addresses. You can verify that it's coming from us.
If you prefer, we can post a SHA/MD5 hash of your API key along with the other posted variables. This way you can verify that the post if from us.
Our award-winning customer care team is here for you.Contact Support