# TwilioSignaturePlug

This is a Plug that verifies authenticity of Twilio requests

It is intended to be used in pipelines in the routes.ex of your Phoenix app

## Installation

add twilio_signature_plug to your mix.exs deps

defp deps do
    {:twilio_signature_plug, "~> 0.1.4"},

Add your Twilio **auth_token** to your `config.exs` (e.g. from the environment as exemplified here)

config :twilio_signature_plug,
  auth_token: System.get_env() |> Map.get("TWILIO_AUTH_TOKEN", "i am required")

## Example Usage

add the signature validation Plug to your Twilio Webhook pipeline like in this example:

pipeline :api_protected_twilio do
  plug :accepts, ["xml"]
  plug TwilioSignaturePlug, error_handler: TwilioSignatureErrorHandler

If you are using phoenix and want the Plug to immediately respond with errors in case the signature validation failed, you can just replace `TwilioSignatureErrorHandler` with your own implementation like so:

**Note:** This library comes without a dependency to Phoenix, hence this library will only set the correct status in the `Plug.Conn` struct and set it to `halted==true`

defmodule YourAppWeb.TwilioSignatureErrorHandler do
  use YourAppWeb, :controller
  alias Plug.Conn

  def call(conn, :not_authenticated) do
    |> put_status(401)
    |> json(%{error: %{code: 401, message: "Not authenticated"}})
  def call(conn, :bad_request) do
    |> put_status(400)
    |> json(%{error: %{code: 400, message: "Bad Request"}})

## License