Skip to content

Plivo Auth Tokens

Service Name: Plivo

Service Description: Plivo is a cloud communications platform that provides APIs for voice calls, SMS messaging, and other communication services. It enables businesses to build and integrate voice and messaging capabilities into their applications.

Service Address: https://www.plivo.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Plivo's security settings.

Secret Access Scope: Plivo auth tokens grant access to Plivo's API services, allowing users to make voice calls, send SMS messages, manage phone numbers, and access other communication services.

Secret Revokement URL: https://console.plivo.com/dashboard/settings/security/

Secret Example: Y2M5ZjVkYWZiZDUxNGJmYzg0ZTRlZDJjNGQ5NzUy

Suspicious Activity Investigation Instructions:

  • Review the Plivo dashboard for unusual activity, including unexpected voice calls or SMS messages.
  • Check API logs for unauthorized access or unusual API calls.
  • Monitor billing for unexpected charges or usage spikes.
  • Review IP addresses that have accessed your Plivo account.
  • Check for changes in account settings or configurations.

Mitigation Instructions:

  • Log in to your Plivo console at https://console.plivo.com/

  • Navigate to Settings > Security

  • Generate a new auth token to replace the compromised one.
  • Update all applications and services using the old token with the new one.
  • Consider implementing IP restrictions to limit access to your Plivo account.
  • Enable two-factor authentication for additional security.
  • Review and update API access permissions if necessary.
  • Monitor account activity for a period to ensure no further unauthorized access.