Popular topics: How many characters can I send in an SMS? How to get started with ClickSend

Security for inbound web-hooks - replies and delivery reports

Many clients ask us how the can ensure security when we push replies and delivery reports over HTTP to their web server.

Here are a few tips:

Use HTTPS

We recommend that you setup and use https on your server

Verify User ID in the Post Body

We post your user_id with every webhook. The user ID is unique to your account and fixed. You can check the body for this value.

Use the custom_string parameter

When sending the SMS, you can supply a 'custom_string' parameter for each recipient (see the sms/send endpoint). We will pass this back with all replies. You can set this to anything and validate it when we post it back.

Add a token to the request

When setting up the inbound SMS rule, you can add a query string token to the end of your URL.

for example: https:// yourserver.com/incoming/sms.php?token=Fsk83jdiao2e

By adding a token to the end of the URL that only you know, you can verify that the script is coming from us.

Verify Our IP Address

We always post from the same pool of IP addresses. You can verify that it's coming from us.

We can post your API key

If you prefer, we can post a SHA/MD5 hash of your API key along with the other posted variables. This way you can verify that the post if from us.

Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.

Contact Support