Customer Portal Security - https://console.plivo.com

  1. Choose a strong password with complexity, including at least 8 characters, upper case, lower case, special character and number. 

  2. Enable 2FA on your Plivo account to increase security, refer here.

  3. Leverage role-based access controls when adding new users to the account, refer here

  4. Do not use a group email when registering a new account. we strongly recommend using an individual email for your Plivo account sign-up.

  5. Use an email that is monitored regularly, so that you receive any alert or notification in a timely manner..

  6. Similar to your username and password, auth ID and auth tokens are required to trigger sms/calls. auth tokens should be treated as highly confidential and should not be published on open source platforms like GitHub. 


SMS Security

  1. Enable “Geo Permission” under SMS -> Settings -> Geo Permissions to whitelist countries where your users will receive SMS notifications from you.

  2. Enable “View Content Authorization” under SMS -> Settings ->  View Content Authorization to authorize the Plivo Customer Success team to view your SMS content, help you debug and detect any fraud activity more effectively

  3. Always redact incoming messages while creating a new application under SMS -> Application -> Add new application -> Redact incoming messages when making API requests to Plivo SMS


Voice Security

  1. Enable “Geo Permission” under Voice -> Settings -> Geo Permissions to whitelist countries where your users will receive Voice calls from you.


Zentrunk Security

  1. When creating a password for your trunk, choose a strong password with complexity, including at least 8 characters, upper case, lower case, special character and number. 

  2. Only whitelist the IPs from your PBX and be sure to update these IPs when the PBX IPs are changed.