I am creating outbound SMS communication and need to set a cookie so I can track the conversation thread. I'm using the Twilio-charp client and did not see a way to set a cookie or and http header. Is this possible or do I need to pursue a different route?
Edit:
I need to elucidate here. In my scenario I need to set a cookie with a transaction id that needs to included in the originating outbound message. For example I will be creating an SMS message that will request a response from the user: "Text (1) to approve, (2) to decline".
The Twilio sample code details a page that receives a message, checks for a cookie, then creates one if it does not already exist. In my scenario I need the cookie to be in the outbound message.
I contacted support at Twilio and they stated that cookies can not be sent with their REST API. Cookies can be exchanged from the response endpoint that you create where you set the http header.
This means that you must wait for the user to reply to your first message before you can insert cookies to the http headers.
You can definitely set a cookie to track the conversation thread. Details and sample code can be found here under Twilio's .NET (C#) quickstarts: http://www.twilio.com/docs/quickstart/csharp/sms/tracking-conversations
Related
https://github.com/TwilioDevEd/voice-javascript-sdk-quickstart-node
I have referred to the standard Twilio example to make a call from the browser, I was able to implement calling.
const call = await device.connect({ params });
where params are the body of the post request, But is there any way where we can attach a header to this post request?
Twilio developer evangelist here.
Using the SDK to start a call isn't an HTTP request. It results in a webhook request from Twilio to your application, but that is different to the initial request from the SDK. You can use the SDK to pass POST request parameters as you have seen, but you cannot pass headers.
If you are trying to pass an Authorization header, then I assume you are trying to ensure that only requests from Twilio are accepted by your application. There's already a way to do this.
Twilio sends an X-Twilio-Signature header with each webhook request. The signature is made up of the contents of the request signed with your Twilio auth token. You can read how this works in depth here.
Alternatively, you can add username:password# to the start of the webhook URL and Twilio will authenticate via HTTP authentication.
Before someone marks this question as duplicate,
Yes I know audit log is a thing.
No I won't use it because it requires permission.
Yes it's easier to find out server owner
No I need to know exactly who invited my bot
I want to:
Find out who invited my bot the server (user-guild id pair) using invite link redirection.
I read about the OAuth2 API but didn't quite undertstand it due to my lack of background knowledge.
All I understand is that bot invite links can have redirect uri,
and some infos are transfered to it after authentication.
Is it possible to get user/guild id from this?
I tried:
Setting up http server using python -m http.server,
add my IP to redirect uri list in dev page & generate a invite link containing redirect to my IP.
But I didn't get redirected to my http server after inviting my bot using that link,
and nothing got printed on the http server console either.
Things to note:
A. Don't reveal your client secret or your bot token for any purpose. If you do so, immediately regenerate them from the developer portal.
B. Code and token have different meanings in the answer below.
C. This is not for absolute beginners and you are expected to have a general understanding of web requests(specifically GET and POST requests). You might also need to host the site handling redirect URL.
D. This does not cover security issues in any shape, way or form.
In the bot tab of the developer portal, enable the REQUIRES OAUTH2 CODE GRANT option. This prevents the bot from joining a server unless step 4 is completed.
Then use the OAuth tab to generate an OAuth URL with identity and bot scopes. This is important to get user info in step 5.
When someone visits the URL, logs in, and selects a server, they are redirected to your redirect URL. This URL receives a single-use code as URL parameter ie the URL will be <base_url>&code={code}<other stuff>. It is up to you (and probably outside the scope of any SO answer; google is your friend here) to set up a web server and handle requests.
This code can then be used to get a token. This link explains how to exchange code for token. It involves sending a post request with your application's client id and secret. Both are available from discord's developer portal. The response will also have information about the guild along with the token in fields "guilds" and "access_token" respectively.
Send a get request to https://discord.com/api/v9/users/#me with a header containing Authorization: Bearer ${token} where the token is obtained in step 4. The response is in JSON format and contains user data specified here. Note: The link above is for the latest API version v9 which may change in future versions.
Edit:
It is possible to manually modify the URL to remove identity scope from URL. The bot would still join the server as long as you make a request to exchange the code for the token. In this case, the request to /users/#me would fail and you would have no access to the user object. It should be easy to make the bot leave the server if the request fails with the status code corresponding to unauthorized.
We are using twilio to send/receive SMS messages. We have a webhook configured to receive the messages sent by a customer. We want to validate if the request infact originated from twilio. I was going through the documentation and found that there is a method called validated in twilio sdk. For some reason we are not using the sdk. So we want to validate it by ourself. Can anyone please tell me how to validate?
You can do it yourself without the SDK if you wish.
In short, you'll have to use https for your webhooks when configuring at Twilio, and, on your server side, validate a signature which Twilio sends as a header X-Twilio-Signature when making the request.
Computing the signature means to re-assemble the request data and compute a hash using your Twilio account AuthToken.
This is explained in more details on Twilio's docs here:
https://www.twilio.com/docs/usage/security#validating-requests
In the inbound emails second, it said in the docs that when an email is received, it will forward the email through a POST request, so I should have an endpoint that will receive these POST requests. The thing is, we want the POST request sent by mandrill to have specific header values, possibly a token to verify it's from mandrill. Otherwise, I think anyone will be able spam us with fake POST requests. Is it possible to add a custom header?
It's not currently possible to add a custom header for POSTs. Mandrill, does, however, offer webhook authentication so you know it's coming from Mandrill and hasn't been modified.
When a user calls my number, Twilio makes a request of the format https://username:password#www.myserver.com/my_secure_document to my servers, which are protected by HTTP Basic Auth. This works great - Twilio logs in, sees an Enqueue verb, and remains logged in as it follows the waitURL.
However, after the user is dequeued by the other person hanging up (in this case, a Twilio Client), the Enqueue action URL is getting 401 Not Authorized responses. Is this a bug in Twilio? The docs say that "Twilio will authenticate to your web server using the provided username and password and will remain logged in for the duration of the call". Shouldn't following the action of an Enqueue count as part of the call?
Well, here's the workaround that worked for me: convert the action URL from a relative path to an absolute path, and provide the HTTP basic auth credentials again.