We’ve introduced an application level flag to control whether message content and source numbers of incoming messages to Plivo phone numbers should be redacted from Plivo debug logs and databases.
When Message Redaction is enabled for an Application, the following changes take place:
The content of incoming messages to Plivo phone numbers associated with the Application are redacted from all internal Plivo server logs, as well as the debug logs available on the Plivo console.
The last 3 digits of the source number from which the SMS originated are redacted from all internal Plivo server logs, as well as the debug logs available on the Plivo console.
The last 3 digits of the source number from which the SMS originated are redacted from the Message Detail Record (MDR) generated for the message. Fetching MDRs for such messages would return the redacted source numbers.
Note that Message Redaction has been disabled for all your existing Plivo Application by default. Read below to learn how to turn message redaction on for your Application.
Configuring Message Redaction For Plivo Applications
Turning Message Redaction Of/Off From The Plivo Console
You can select the Application from the SMS Applications page, and check the ‘Redact Incoming Messages’ checkbox to enable redaction for incoming messages to phone numbers associated with the application. Turning Message Redaction On/ Off From Using Application API The log_incoming_messages attribute of the Application resource can be used to enable / disable message redaction.
When creating a new Application, set the log_incoming_messages attribute to false in the Create Application API request to enable message redaction. The default value for this attribute is true, which means that message redaction is disabled unless explicitly enabled.
Message Redaction may be enabled/disabled for an Application at any time using the Update Application API.
Impact Of Message Redaction On Payload To Message URL
The feature is designed to offer our customers control over message details that may be logged in Plivo systems for debugging purposes.
If a message_url has been configured, Plivo will attempt to post the non-redacted message content and the non-redacted source number to it.
For enhanced security, we recommend our customers to configure secure HTTPS endpoints for their message URLs.