This is a Plug that verifies authenticity of Twilio requests
It is intended to be used in pipelines in the routes.ex of your Phoenix app
add twilio_signature_plug to your mix.exs deps
defp deps do
[
...
{:twilio_signature_plug, "~> 0.1.6"},
...
]
end
Add your Twilio auth_token to your config.exs
(e.g. from the environment as exemplified here)
config :twilio_signature_plug,
auth_token: System.get_env() |> Map.get("TWILIO_AUTH_TOKEN", "i am required")
add the signature validation Plug to your Twilio Webhook pipeline like in this example:
pipeline :api_protected_twilio do
plug :accepts, ["xml"]
plug TwilioSignaturePlug, error_handler: TwilioSignatureErrorHandler
end
If you are using phoenix and want the Plug to immediately respond with errors in case the signature validation failed, you can just replace TwilioSignatureErrorHandler
with your own implementation like so:
Note: This library comes without a dependency to Phoenix, hence this library will only set the correct status in the Plug.Conn
struct and set it to halted==true
defmodule YourAppWeb.TwilioSignatureErrorHandler do
use YourAppWeb, :controller
alias Plug.Conn
def call(conn, :not_authenticated) do
conn
|> put_status(401)
|> json(%{error: %{code: 401, message: "Not authenticated"}})
end
def call(conn, :bad_request) do
conn
|> put_status(400)
|> json(%{error: %{code: 400, message: "Bad Request"}})
end
end