Skip to content

Plivo Auth ID

Service Name: Plivo

Service Description: Plivo is a cloud communications platform that enables businesses to integrate voice, SMS, and other communication capabilities into their applications through APIs.

Service Address: https://www.plivo.com/

Validation Type: API Auth

IP Allow list: IP whitelisting is available at the account level through Plivo's security settings.

Secret Access Scope: Grants access to Plivo's communication APIs, allowing sending/receiving SMS messages, making/receiving voice calls, and managing communication resources.

Secret Revokement URL: https://console.plivo.com/dashboard/settings/security/

Secret Example: MAODHJMMFKYZJLNZG3OD

Suspicious Activity Investigation Instructions:

  • Review Plivo dashboard logs for unusual API calls or communication activities
  • Check for unexpected SMS or voice call volumes that could indicate unauthorized usage
  • Monitor for changes in account settings or API configurations
  • Review billing information for unexpected charges or usage spikes
  • Examine IP addresses that have accessed the account for unfamiliar locations

Mitigation Instructions:

  • Log in to the Plivo Console at https://console.plivo.com/
  • Navigate to Settings > API Credentials

  • Regenerate the Auth ID and Auth Token pair

  • Update the new credentials in all legitimate applications
  • Enable IP whitelisting in the security settings to restrict access
  • Enable two-factor authentication for the Plivo account
  • Review and update webhook URLs to ensure they point to legitimate endpoints
  • Consider implementing additional monitoring for API usage patterns