We’ve introduced an application-level flag to control whether message content or source numbers from incoming messages to Plivo phone numbers should be redacted from Plivo debug logs and databases.
When Message Redaction is enabled for an application, the following changes take place:
- The content of incoming messages to Plivo phone numbers associated with the application are redacted from all internal Plivo server logs, as well as the debug logs available on the Plivo Console.
- The last three digits of the source number from which the SMS originated are redacted from all internal Plivo server logs, as well as the debug logs available on the Plivo console.
- The last three digits of the source number from which the SMS originated are redacted from the Message Detail Record (MDR) generated for the message. Fetching MDRs for such messages would return the redacted source numbers.
Note that Message Redaction has been disabled for all your existing Plivo applications by default. Please read more below to learn how to turn on message redaction for your application.
Configuring message redaction for Plivo applications
Turning message redaction on or off from the Plivo Console
Select the application from the SMS Applications page. Check the ‘Redact Incoming Messages’ checkbox to enable redaction for incoming messages to phone numbers associated with the application.
Turning message redaction on or off using the application API
The log_incoming_messages attribute of the application resource can be used to enable or disable message redaction.
When creating a new application, set the log_incoming_messages attribute to false in the Create Application API request to enable message redaction. The default value for this attribute is true, which means that message redaction is disabled unless explicitly enabled.
Message redaction may be enabled/disabled for any application at any time using the Update Application API.
How does message redaction impact the message URL payload?
The feature is designed to offer our customers control over message details that may be logged in Plivo systems for debugging purposes.
If a message_url has been configured, Plivo will attempt to post the non-redacted message content and the non-redacted source number to it.
For enhanced security, we recommend our customers to configure secure HTTPS endpoints for their message URLs.