All URLs are now callable by anyone. How can we authorize?
This is not a problem with the current small implementation but will be needed before implementing the full dialplan because the twml will contain secrets like phone numbers.
URLs are called directly from programmable voice twiml apps and sip domains.
Could put a secret in the URL arguments, one secret per installation.
Could make a redirect on the twilio side which adds auth, that would probably create a bad delay.
All URLs are now callable by anyone. How can we authorize?
This is not a problem with the current small implementation but will be needed before implementing the full dialplan because the twml will contain secrets like phone numbers.
URLs are called directly from programmable voice twiml apps and sip domains.
Could put a secret in the URL arguments, one secret per installation.
Could make a redirect on the twilio side which adds auth, that would probably create a bad delay.
Both those solutions are nonoptimal.