General

1. How do I change my phone number?

1. Log in to the Plivo Console.
2. Navigate to Account > Settings > Security > Two-Factor Authentication.
3. Click 3 dots next to Phone Verification.

4. Click Change Number.

5. Enter the code received on your default authentication method (or a recovery code if you have already generated it). 

6. Enter your new phone number and verify it with the OTP sent to the new number.

2. How do I set up 2FA using an authenticator app?

1. Log in to the Plivo Console.
2. Go to Account > Settings > Security > Two-Factor Authentication.
3. Click Add next to Authenticator App.

4. Enter the OTP sent to your registered phone number (or use a recovery code if you have that option set up). 

5. Scan the displayed QR code using an authenticator app such as Google Authenticator, 1password or Authy. If you face issues in scanning QR, you can also use the setup key.

6. Enter the six-digit code generated by your app.

7. Click Verify to complete the setup.
8. Optionally, set the authenticator app as your default 2FA method.

3. How do I change my authenticator app?

1. Log in to the Plivo Console.
2. Navigate to Account > Settings > Security > Two-Factor Authentication.
3. Click the 3 dots next to Authenticator App
4. Click Change next to Authenticator App if an existing app is linked.

5. Enter the code received on your default authentication method (or a recovery code if you have existing generated). 

6. Follow the steps under How do I set up 2FA using an authenticator app? to link a new app.

4. How do I remove my authenticator app?

1. Log in to the Plivo Console.
2. Navigate to Account > Settings > Security > Two-Factor Authentication.
3. Click 3 dot next to Authenticator App.

4. Click on Remove

5. Enter the code received on your default authentication method (or a recovery code if you have existing generated). 

6. Your account will revert to using the Phone Number (OTP) or Recovery Codes for 2FA.

5. How do I generate and use recovery codes?

1. Log in to the Plivo Console.
2. Navigate to Account > Settings > Security > Two-Factor Authentication.
3. Under Recovery Codes, click Generate Codes.

4. Enter the code received on your default authentication method (or a recovery code if you have existing generated). 

5. You will receive 12 alphanumeric codes.  These codes can be used if you lose access to other 2FA methods.

6. Click Download to save a .txt file of these codes.
7. Click Copy to copy all codes to your clipboard.
8. Click on “I’ve saved it” to activate the displayed Recovery codes
9. Each code can be used only once.

6. Can I view recovery codes again after the initial setup?

No, for security reasons, recovery codes are only shown once during setup. If you lose them, you must generate a new set by following the same process. 

1. What is two-factor authentication (2FA)?

Two-factor authentication (2FA) is an added layer of security that requires users to verify their identity using a second method in addition to their password. Plivo supports using SMS/Voice OTPs, authenticator apps, and recovery codes to complete 2FA.  

2. Why is 2FA mandatory for my Plivo account?

2FA is mandatory for all users to enhance security. This measure helps protect accounts from unauthorized access and improves the security of your data.

3. What are the available 2FA methods?

• Phone number (OTP) – A one-time password (OTP) sent via SMS/Call to your registered phone number.
• Authenticator app – A time-based code generated by third-party authenticator apps like Google Authenticator, 1password, Microsoft Authenticator, or Authy.
• Recovery codes – A set of pre-generated codes that can be used as a backup if you lose access to your primary 2FA method.

4. What are recovery codes?

Recovery codes are one-time-use alphanumeric codes that serve as a backup 2FA method. They can be used when you cannot access your phone number or authenticator app. You can generate 12 codes and store them for a one-time future use. 

5. Can I remove my phone number from 2FA?

No. For security purposes, it is mandatory to link a phone number to your Plivo account. 

6. Is there a way to share OTPs or authenticator codes with my team?

We do not advise sharing your 2FA methods with others. However, if you wish to have a shared login for internal teams, platforms like 1Password help you share authenticator app codes securely with a specific group of people.

1. What is the Inactive Account Management Policy?
Plivo’s Inactive Account Management Policy is designed to protect your account and our platform from security risks associated with dormant accounts. These risks include unauthorized account takeovers (especially for accounts with stored payment cards) and the potential misuse or sale of inactive accounts.

2. Why are we implementing this policy?

• Security risks: Inactive accounts with saved payment methods can be vulnerable to takeover and fraud.
• Data protection: Accounts without payment cards can be sold on the dark web, increasing the risk of misuse.
• Cost efficiency: Managing inactive accounts helps optimize storage, processing, and invoicing costs.

3. Which accounts are affected?

The policy applies to all accounts regardless of the product, as “usage” is defined across all Plivo products (not just SMS or Voice).

4. How are inactive accounts categorized?
Accounts are segmented into three categories based on their inactive status. 

• Category A: No usage in the last three months (with prior usage noted between four and six months ago).
• Category B: No usage in the last six months (with prior usage noted between seven and 12 months ago).
• Category C: No usage in the last 12 months or more.

5. What happens to Category A accounts?
We take the following steps for accounts with no activity in the last three months. 

• Initial Notification: You’ll receive an email indicating that your account has been inactive for 90 days.
• Pending Changes: If no usage occurs within the next 30 days, the following actions will be taken:
  • Auth Token Reset: Your auth token will be changed.
  • Geo-Permission Restrictions:
    • SMS: Access will be limited to the United States (US) and India (IN).
    • Voice: Access will be limited to the US and IN. (with no outbound calls permitted to the US).
    • Numbers: Access will be limited to US numbers (and IN if you are registered in India). 
• Follow-Up: A confirmation email will be sent once these changes are implemented.

6. What happens to Category B accounts?

We take the following steps for accounts with no activity in the last six months:

• Initial Notification: You’ll receive an email stating that your account has been inactive for 180 days.
• Pending Changes: If no activity occurs within the next 30 days, these actions will be implemented:
  • Auth Token Reset.
  • Geo-Permission Restrictions:
    • SMS: Access will be limited to the United States (US) and India (IN).
    • Voice: Access will be limited to the US and IN. (with outbound calls for the US restricted).
    • Numbers: Restricted to US numbers (and IN if you are registered in India).
• Follow-Up: A confirmation email will be sent after the changes take effect.

7. What happens to Category C accounts?

We take the following steps for accounts with no activity in the last 12 months or more.  

• Initial Notification: You’ll receive an email notifying you that your account has been dormant for over a year.
• Pending Action: If no activity is recorded in the next 30 days:
  • Account Closure: Your account will be closed, and any remaining balance will be refunded.
• Follow-Up: A confirmation email will be sent once your account is closed.    

8. What if I don't want my account to be subject to this policy?

You can opt out of this policy from the user setting tab under the Security section in your User settings on your Plivo console. Every account is by default opted-in to this policy.

Misuse that occurs as a result of opting out will be the account owner’s responsibility. Plivo is not liable for any fraudulent activities that may arise from accounts that have opted out of this policy.

This FAQ will be updated as necessary to reflect any changes to the policy or additional questions from our users. Thank you for helping us maintain a secure and efficient platform!

Plivo supports user authentication using single sign-on (SSO) managed by your company’s preferred identity provider. You can enable SSO through any identity provider (IDP) that supports SAML.

Once you configure SSO for a domain, you can use Plivo’s Team feature to ensure that users authenticate using SSO.

To configure SSO on your account, follow these steps.

1. Click on the Account icon at the bottom of the navigation menu, then Settings > Security.
2. In the Configure SSO widget, click Configure. You'll be redirected to an SSO configuration guide with a list of supported IDPs.
3. Select your preferred IDP and click Get Started, then follow the instructions on the configuration guide screens.

Once you’ve completed the process and reviewed the connection, click Back to Plivo in the top left corner to return to the console. The Configure SSO widget should then indicate an Active status.

If you exit from configuration before completing the steps, you can resume the process by clicking the Resume button.

Only email addresses with the domain configured for SSO will be authenticated with SSO. If an invited user’s email address contains a domain that is not configured for SSO, the user will be asked to provide a password.

You can delete an SSO connection by clicking Send Delete Request.

Plivo provides voice and messaging communication services in more than 190 countries, each of which has local laws about telecommunication services, and we partner with carriers worldwide whose policies we need to be compliant with. To ensure compliance with regulations, and prevent scenarios of SMS phishing and unsolicited voice calls, we have put measures in place to proactively verify account signups on the Plivo platform.

Why was my Plivo account signup put on hold?

Plivo is required to comply with local laws for telecommunication services around the globe. To ensure compliance with such regulations globally, we perform a risk assessment on all signups from new potential customers. If our assessment indicates a high risk, we may put a business on a hold list, indicating that we are unable to provide service to them at this time. Unfortunately, we are unable to disclose the specific reasons or parameters considered during our evaluation.

How can I get my account off the hold list?

Our evaluation process is thorough, and decisions made by our team are final. We are unable to re-evaluate or reconsider account eligibility decisions.

At what stage does Plivo apply restrictions to an account?

Plivo may place restrictions on an account at the time of signup. Even after the signup our internal systems continuously review each account for anomalies. This may lead to your account being put under restrictions at a later time as well. If we apply restrictions to your account, we’ll send you an email detailing that and steps for you to raise a reassessment request.

How can I check whether my account has any restrictions?

You will be able to see an alert message when you log in to the Plivo console.

Plivo’s best-in-class security features include real-time payment and usage alerts, two-factor authentication at login, and geo permission restrictions for its services. However, you must take some actions yourself to protect your account and account credentials.

How do I check whether my account has been compromised?

Plivo sends out an email alert each time someone logs in to your account from a new device. Plivo also sends payment receipts each time a payment attempt is made, for both successful and failed attempts. Check your account email inbox or spam folder and compare any of these email messages to your recent behavior. 

Alternatively, you can log in to your account and check the payment section. You can also review your usage by navigating to individual product screens (voice, SMS, Zentrunk, etc.) from the Plivo console. Each screen will have a summary of recent usage that you can compare with your expected usage.

How should I protect my account if I find it has been compromised?

If you suspect your account has been compromised, Plivo recommends that you change your account settings immediately:

1. Reset your password here.
2. Change your Auth Token here.
3. Review your geo permissions for
• SMS
• Voice
• Zentrunk
4. Set up 2FA on your account.

What practices should I follow to protect my account?

Follow the advice in our security best practices document. Specifically, Plivo recommends that users:

• Use a strong password with at least 12 characters and avoid sharing it with other users.
  
• Plivo offers role-based access control that you can use to share certain tasks for your account with other team members at your organization.
• If you must share credentials with multiple users, be sure to use a password manager.
• Plivo APIs require a valid Authentication ID and Token. Your Auth Token should be stored securely and in an encrypted format. Make sure only authorized personnel can access it and avoid sharing it over public networks, public GitHub repositories, and web servers. 

This video walks you through the Plivo console, so you can see where to locate key functions for your day-to-day operations.

Looking to keep your account secure? Follow these recommended best practices to make sure your information stays safe.

Plivo console security (for https://console.plivo.com)

1. Choose a strong password that includes at least 12 characters: uppercase, lowercase, special characters, and numbers. 
2. Enable two-factor authentication on your Plivo account.
3. Leverage role-based access controls when adding new users to the account. 
4. Don't use a group email address when registering a new account. We strongly recommend using an individual email for your Plivo account signup.
5. Use an email account that's monitored regularly so that you receive alerts and security notifications in a timely manner.
6. Auth ID and Auth Tokens are required to trigger SMS messages and voice calls. Auth Tokens should be treated as highly confidential as passwords and should not be published on open-source platforms such as GitHub. 

SMS security

1. Enable Geo Permission under SMS > Settings > Geo Permissions to whitelist countries in which your users receive SMS notifications from you.
2. Enable the setting Authorization To View SMS/MMS Content under SMS > Settings > Other Settings to authorize the Plivo customer success team to view your SMS content, help you debug, and detect fraud activity more effectively.
3. Always redact incoming messages when creating a new application. Go to SMS > Applications > Add new application > Redact Incoming Messages to do that.

Voice security

1. Enable Geo Permission under Voice > Settings > Geo Permissions to whitelist countries in which your users receive voice calls from you.

Zentrunk security

1. When creating a password for your trunk, choose a strong password that includes at least 8 characters: uppercase, lowercase, special characters, and numbers.
   
2. Only whitelist the IP addresses from your PBX and be sure to update these addresses if the PBX IP addresses change.

Pricing for Plivo products varies by country. You can check the prices on the Plivo console. 

For pricing of inbound and outbound calls, click on Voice > Pricing.

You can select the country from the drop-down menu to see rates in the console or download a .csv file listing the inbound and outbound call rates for each country.

For pricing of inbound and outbound SMS text messages, click on Messaging > Pricing. You can select the country from the drop-down menu to see rates in the console or download a .csv file listing the inbound and outbound messaging rates for each country.

You can also check Plivo pricing using our API.

You can discontinue using Plivo’s services and close your account from the Plivo console. Navigate to Account > Service Address and click Close Account.
A pop-up will prompt you to enter your Plivo credentials to confirm that you want to close the account.

This process is irreversible. Once you close your Plivo account:

• Plivo will permanently delete all of the account's applications, phone numbers, endpoints, and logs.
• Credits remaining in the account will be refunded back to your card within 20 business days. Kindly note that the remaining credits can be refunded only if the recharge is made in the last 90 days.
• Credits in trial accounts are not refunded.
• Users invited to manage the account will no longer be able to access the closed account.

Once a Plivo account is closed, a user with the same email address and phone number will no longer be able to sign up for a Plivo account. You must use a different email address and a phone number if you wish to create a new Plivo account.

Plivo is legally required to retain all identifying information and proof of address provided by customers, including email address and phone number information, even after an account is closed. 

You can change your password from the Plivo console. Click on Account > Settings > Security. Enter your old password for authentication and your new password twice, then Save Changes.

If you’ve forgotten your password and are unable to log in to your Plivo account, click on Forgot Password on the console login page. This will trigger an email to your registered email address. Click on the link provided in the email to enter a new password and log in.

Plivo uses the email address associated with your account to send important updates and notifications, so it's important to make sure the address is correct. Only the owner of an account can update the email address.

To update the email address associated with your Plivo account:

1. Log in to your Plivo account.
2. Click on Accounts > Settings > User Profile.
   
3. Click Update Email, enter the new email address, then click Update.
4. If there are no errors in the email address, you'll be prompted to authenticate your account.
5. Once the account is authenticated, Plivo will send a one-time password to your email address.
6. Go to your email inbox to receive the message with the OTP. 
7. Enter the OTP to validate and update the email address.
   

Plivo uses Auth ID and Auth Token credentials to authenticate the account from which an API request is triggered: 

• Auth ID acts as your username.
• Auth Token acts as your password.

To keep your account secure and uncompromised, please keep your Auth ID and AUTH token private at all times.

Where can I find my Auth ID and Auth Token?

You can find your Auth ID and Auth Token at the top of the home page of the Plivo dashboard. Click on the eye icon next to the Auth Token to make it visible.

How can I change my Auth ID or Auth Token?

The Auth ID of any Plivo account cannot be changed. However, you can change the Auth Token by clicking to Account > Settings > Credentials and choosing either of the two options listed.

When you click Generate Auth Token, Plivo will generate a new Auth Token that you can use as a password to authenticate your API requests.

If you suspect your Plivo account has been compromised, immediately change your Auth Token and your Plivo account password. On the Account Credentials page where you change your password, you can also set up two-factor authentication for increased security.

You can sign up for Plivo with a valid work email address and a phone number. We don’t allow signups from personal email domains (such as @gmail.com or @hotmail.com) or disposable email addresses, and you must not use a VPN to access Plivo’s console during the onboarding process. You’ll be asked to enter your name, and that name will appear on your invoices going forward. You’ll also need to set a password.

Activate your email address

Once you complete the signup form, we’ll send an activation link to your registered email address. By clicking on that link, you can activate your account. If you don’t receive an email, check your spam or trash folder. Also check your mail server settings to make sure it’s not blocking emails from Plivo. You can try resending the verification link from the console.

Verify your phone number

Plivo account registration requires a unique phone number to be linked with the account. You won’t be able to access your account until you complete the phone verification process. We use this number for two-factor authentication — we send a unique verification code to the number every time you log in to your account for enhanced security. You must use a valid, SMS-enabled, non-VoIP number, and the number country should match the region you’re signing up from. Also, the number should not be associated with any other existing Plivo account. You can change the phone number associated with your account at any time after you complete onboarding.

We’ll send a one-time password (OTP) to the number to complete the phone verification process. If you’re unable to receive a code from Plivo via text message, you can select the option to receive a code via phone call. 

Provide your expected monthly volumes and primary use case

To complete the registration process, you'll need to provide information about your expected monthly volumes and the primary use case for which you plan to use Plivo. This information helps us tailor your experience and ensure that we provide the best possible service for your needs.

Once you complete these steps, you'll have successfully registered your account. After registering, you can use your account to try out Plivo's products using the free credits provided.

If you face any issues while signing up, please reach out to our support team for assistance. Learn more about our services from our documentation.

To create a support ticket, start by navigating to the Plivo support homepage and clicking on Create New Ticket.

This brings you to a page that asks for:

• Your email address 
• A subject line that describes your query or issue
• A description of the query or issue
• The category of the query (to be selected from a drop-down menu)
• The priority of the ticket (another drop-down)

You can also add attachments. Click on Create a New Ticket to create the ticket. A member of our support team will investigate your request and reach out as soon as possible. You can check the status of a previous ticket from the support homepage by clicking on Check Ticket Status.