We provide an application-level flag to control whether message content or source numbers from incoming messages to Plivo phone numbers should be redacted from Plivo debug logs and databases.
When message redaction is enabled for an application, we make three kinds of redactions:
- The content of incoming messages to Plivo phone numbers associated with the application are redacted from all internal Plivo server logs and the debug logs available on the Plivo console.
- The last three digits of the source number from which the SMS originated are redacted from all internal Plivo server logs and the debug logs available on the Plivo console.
- The last three digits of the source number from which the SMS originated are redacted from the Message Detail Record (MDR) generated for the message. Fetching MDRs for such messages would then return the redacted source numbers.
Configuring message redaction for Plivo applications
Turning message redaction on or off from the Plivo console
Visit Messaging > XML Applications and select the application you're interested in. Toggle the Redact Incoming Messages checkbox to enable and disable redaction for incoming messages to phone numbers associated with the application.
Turning message redaction on or off using the Application XML object
Use the log_incoming_messages attribute of the application resource to enable or disable message redaction.
When creating a new application, set the log_incoming_messages attribute to false in the Create Application API request to enable message redaction. The default value for this attribute is true, which means that message redaction is disabled.
You can enable or disable message redaction for any application at any time using the Update Application API.
How does message redaction impact the message URL payload?
Message redaction offer you control over message details that may be logged in Plivo systems for debugging purposes.
If a message_url has been configured, Plivo will attempt to post the nonredacted message content and the nonredacted source number to it.
For enhanced security, we recommend that you configure secure HTTPS endpoints for message URLs.