Making your API connection secure


Use https:// when making the API calls, never http://

This makes sure that connection is encrypted and eavesdropping communication between your server and Messente is impossible.

Whitelisting IP addresses

Make sure that the IP addresses are whitelisted and not to disable the IP address validation by global whitelist if possible.

Validating Omnichannel API callbacks

Messente provides every request with signature calculated using HMAC.

For Delivery Reports (DLR), the signature is calculated using the Password of the HTTP API Key used to deliver the message.

For Inbound Messages, the signature is calculated using the Shared Secret, available in the Inbound Numbers section of the Developers view.

Calculated signature is provided in the HTTP headers called X-Messente-Signature.

Signature calculation formula:

HMAC_SHA256("$secret", "$http_request_body")