Introducing Authentication for Call Recordings

Sep 2, 2018

Each call recording on Plivo is stored encrypted with a unique hard-to-guess URL. Users who have the proper access rights to the URL can download and listen to the call recordings. This setup works for most customers that need to share recordings with third-party service providers or applications for post processing, including voice analytics. Some customers, however, need to comply with industry guidelines or regional regulations for data protection, and therefore require a stronger security mechanism for accessing and sharing call recordings. Plivo’s new authentication for call recordings offers an additional layer of security.

When you log in to your Plivo console and navigate to Voice > Recordings, you can see that basic auth for recording URLs is disabled by default. We do this to ensure that we don’t break any of our customers’ console settings by enabling authentication as a default option.

Here are a few code samples to fetch call recordings when auth is disabled:

     curl -X GET \
        https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3 \
        -H 'cache-control: no-cache'

      OkHttpClient client = new OkHttpClient();
      Request request = new Request.Builder()
        .url("https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3")
        .get()
        .build();
      Response response = client.newCall(request).execute();
      FileOutputStream fos = new FileOutputStream("/var/tmp/file.mp3");
      fos.write(response.body().bytes());
      fos.close();

      import requests
      url = "https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3"
      r = requests.get(url, stream=True)
      with open(local_filename, 'wb') as f:
          for chunk in r.iter_content(chunk_size=1024):
              if chunk: # filter out keep-alive new chunks
                  f.write(chunk)
          return local_filename

      <?php
      $request = new HttpRequest();
      $request->setUrl('https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3');
      $request->setMethod(HTTP_METH_GET);
      try {
        $response = $request->send();
        echo $response->getBody();
      } catch (HttpException $ex) {
        echo $ex;
      }

      var request = require("request");
      var fs = require('fs');
      var url = "https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3";
      var file = fs.createWriteStream("file.mp3");
      var request = http.get(url, function(response) {
        response.pipe(file);
        file.on('finish', function() {
            file.close(cb); // close() is async, call cb after close completes.
            });
        }).on('error', function(err) { // Handle errors
            fs.unlink(dest); // Delete the file async. (But we don't check the result)
            if (cb) cb(err.message);
        });
      };

      require 'open-uri'
      download = open(https://media.plivo.com/AUTH_ID/Recording/RECORDING_UUID.mp3)
      IO.copy_stream(download, '~/my_file.mp3')

Enabling authentication for recordings

‍

When you enable basic auth for recordings, Plivo authenticates all API requests for the recording resources hosted on our platform, and you must use your Auth ID and Auth Token to access call recordings. As a best practice, we recommend you enable auth if you don’t have to share your media files publicly. Enabling this feature has other advantages, such as adhering to regulations and compliance for specific regions, providing secure access to authorized personnel, and protecting your media files from public access.

Account admins can enable or disable auth settings at any time.

Here are a few code samples to fetch call recordings once you enable basic auth:

          curl -i --user AUTH_ID:AUTH_TOKEN \
          https://media.plivo.com/v1/Account/AUTH_ID/Recording/RECORDING.mp3 \
          -H 'cache-control: no-cache'

          OkHttpClient client = new OkHttpClient.Builder().authenticator((route, response) -> {
              String credential = Credentials.basic("<auth_id>", "<auth_token>");
              return response.request().newBuilder().header("Authorization", credential).build();
          }).build();
          Request request = new Request.Builder()
                  .url("https://media.plivo.com/v1/Account/{AUTH_ID}/Recording/{RECORDING_UUID}.mp3")
                  .get()
                  .build();
          Response response = client.newCall(request).execute();
          FileOutputStream fos = new FileOutputStream("/var/tmp/file.mp3");
          fos.write(response.body().bytes());
          fos.close();

          import requests
          def download_file():    
            url = "https://media.plivo.com/v1/Account/AUTH_ID/Recording/RECORDING.mp3"
            local_filename = url.split('/')[-1]    
            r = requests.get(url, stream=True, auth=('AUTH_ID', 'AUTH_TOKEN'))
            with open(local_filename, 'wb') as f:
              for chunk in r.iter_content(chunk_size=1024):
                if chunk: # filter out keep-alive new chunks
                  f.write(chunk)
            return local_filename
          if __name__ == "__main__":
            download_file()

          <?PHP
          $request = new HttpRequest();
          $username = "<auth_id>";
          $password = "<auth_token>";
          $request->setUrl('https://media.plivo.com/v1/Account/AUTH_ID/Recording/RECORDING.mp3');
          $request->setMethod(HTTP_METH_GET);
          $request->setHeaders(array(
            'header' => "Authorization: Basic " . base64_encode("$username:$password")                 
          ));
          try {
            $response = $request->send();
    
            if ($r->getResponseCode() == 200) {
              file_put_contents('sample.mp3', $r->getResponseBody());
              }
          } catch (HttpException $ex) {
              echo $ex;
          }

          var fs = require('fs'),
          request = require('request');
    
          request
            .get('https://media.plivo.com/v1/Account/AUTH_ID/Recording/RECORDING.mp3', {
            'auth': {
              'user': 'AUTH_ID',
              'pass': 'AUTH_TOKEN',
            }
          })
            .on('error', function(err) {
              // handle error
            })
          .pipe(fs.createWriteStream('sample.mp3'));

          require 'open-uri'
          File.open('sample.mp3', "wb") do |file|
            file.write open('https://media.plivo.com/v1/Account/MAMTK2MGFHNTVINWQYZT/Recording/98b8aece-93d6-11e8-9476-06f687d7a22c.mp3',
              :http_basic_authentication => ['MAMTK2MGFHNTVINWQYZT', 'N2FmNzdhMTc2ZmY5MWEyNzhhMDk1YWEwODM4NzIx']).read
            puts 'file is downloaded'
          end

Authentication is applicable only to call recordings made after May 24. Earlier recordings cannot be authenticated.

For more information about call recordings, see our documentation.