Twilio-X-Signature is a hashed value derived from a specific set of data. They are almost always unique, unless the Auth Token, URL and parm payloads are identical.
To generate the signature:
- Twilio Security Documentation
- Using nodejs Twilio SDK to generate signature example code
- Note on URL encoding:
- When Twilio calculates the signature, their input data isn’t URL encoded, for example, ‘+’ is not replaced with %2B in the URL (see security documentation)
- In form data, don’t replace space with the ‘+’ character.
- Postman pre-request script
const auth_token = "xxx" const crypto = (authToken, data) => { console.log(`Data: ${data}`); let signature = CryptoJs.HmacSHA1( CryptoJS.enc.Utf8.parse(data), authToken ) let base64 = CryptoJS.enc.Base64.stringify(signature); return base64 } function getSignature(authToken, url, params){ var data=Object.keys(params) //sort parameters .sort() //concatenate them to a string .reduce((acc, key)=>acc+key+params[key],url); } pm.environment.set("TWILIO_SIGNATURE"), getSignature(auth_token, request.url, request.data); - Validate a Twilio Authy Callback