API Dashboard
Vonage.com
Pricing
Support
Documentation
Blog
Code Hub
View All docs
Messages API
Overview
Discover & Test
Technical Details
API Reference
Messages API Reference
Channel Manager API Reference
WhatsApp Template Management API Reference
WhatsApp Provisioning API Reference
External Accounts API Reference
Try it out
Use Cases
Receive product information automatically via Facebook Messenger
Real-time data feed into multiple channels using Messages API
Pricing
Related Blog Posts
Build Your Solution
Getting Started
Working with Vonage APIs
Concepts
Authentication
Glossary
OpenAPI
Signing Messages
Webhooks
Tools
JWT generator
Ngrok
Postman
Prism
Concepts
Overview
Messages API Concepts
Understanding SMS messaging
Understanding RCS messaging
Understanding WhatsApp messaging
Understanding Facebook messaging
Understanding Viber messaging
External Accounts
Custom objects
Secure Inbound Media
Messages API Sandbox
Guides
Overview
Messages API Guides
WhatsApp v0.1 to v1 Migration Guide
WhatsApp Interactive Messages
Working with WhatsApp Interactive Messages
WhatsApp Product Messages
WhatsApp Outbound Reply Messages
Using WhatsApp Stickers
WhatsApp Template Management API
RCS
RCS Custom Messages
RCS Device Capability Check
RCS Message Revocation
SMS
SMS Concatenation and Encoding
SMS Sender Identity
SMS Country-specific Features
WhatsApp Provisioning API
Provision a WhatsApp deployment
Manage WhatsApp Business profile
Code Snippets
Before you Begin
Install Vonage CLI
Create a Vonage Messages and Dispatch Application
Install Server SDK
Configure Webhooks
Inbound Message Webhook
Message Status Webhook
Facebook Messenger
Send an Audio Message
Send a File Message
Send an Image Message
Send a Message Template
Send a Text Message
Send a Video Message
MMS
Send an MMS
RCS
Send a RCS Text Message
Send a RCS Image Message
Send a RCS Video Message
Send a RCS File Message
Send a RCS Suggested Reply Message
Send a RCS Suggested Action (Open a URL) Message
Send a RCS Suggested Action (Dial a Number) Message
Send a RCS Suggested Action (View a Location) Message
Send a RCS Suggested Action (Share a Location) Message
Send a RCS Suggested Action (Create Calendar Event) Message
Send a RCS Suggested Action (Multiple Actions) Message
Send a RCS Standalone Rich Card Message
Send a RCS Rich Card Carousel Message
Revoke an Outbound RCS Message
SMS
Send an SMS
Viber Business Messages
Send a Text Message
Send an Image Message
Send a File
Send a Video
WhatsApp
Send a Message Template (MTM)
Send an Authentication Template
Send a Media Message Template
Mark as Read
Send an Audio Message
Send a Link Button
Send a Quick Reply Button
Send a Contact
Send a File Message
Send an Image Message
Send a Location
Send a Multiple Item Product Message
Send a Single Item Product Message
Send a Reaction
Use a Sticker ID to Send a Sticker
Use a Sticker URL to Send a Sticker
Send a Text Message
Send an Unreaction
Send a Video Message
Tutorials
Sending a Facebook Messenger message
Sending an SMS message
Sending a Viber message
Sending a WhatsApp message
API Reference
Messages API Reference
Channel Manager API Reference
WhatsApp Template Management API Reference
WhatsApp Provisioning API Reference
External Accounts API Reference
Manage & Support
10 DLC
Overview
Technical Details
10 DLC registration on the Vonage API Developer Dashboard
10 DLC Brand Overview
Filtering 10 DLC results
10 DLC Brand Vetting Overview
10 DLC Campaigns Overview
Linking Numbers to 10 DLC Campaigns
API Reference
Logs
Billing and payments
Troubleshooting & error codes
Get help with ideas & development

Secure Inbound Media

The Messages API now offers businesses the option to enhance security for protecting media files sent to them by their end users. Examples of end users' media files are images, videos, and PDFs. Depending on the use case, these could contain sensitive images or information that businesses and their customers would like to protect.

Standard vs. Enhanced inbound media security

Standard

Inbound Media files are uploaded to our centralized media servers with a unique URL. This unique URL is valid for 48 hours to allow the business time to download the file. There may be some minor risks associated with this. For example:

  • A brute force attack could reveal the URL
  • Anyone with possession of the URL could access the file without the requirement of any additional account credentials

Enhanced

With Enhanced inbound media security, businesses can only access media files using a JWT (JSON Web Token) generated using their account credentials. Enabling this feature adds a layer of security when accessing media. To ensure backward compatibility, we have made this feature optional.

Setting up

To access this, they will need to:

  1. Create a Vonage Application
  2. Link their number to the application
  3. Generate a JWT from the application
  4. Turn on the Messages capability and switch on "Secure Inbound Media."

More information about applications is available here.

Accessing secured media

When an end user sends a message with a media file, the business receives a callback with a URL to the media file. Accessing the media will require a GET request to the URL with an Authorization header with a value set as a JWT generated using the Application ID and Private Key associated with the same Vonage application where the webhook which received the inbound message has been set up.

Here is an example cURL request with the token:

curl --location --request GET 'https://api-us.nexmo.com/v3/media/1b456509-974c-458b-aafa-45fc48a4d976' \--header 'Authorization: Bearer '$JWT

If the request is successful, then you'll see a 200 code and the media file. If it is unsuccessful, then you'll see an unauthorized response.

Navigation

Secure Inbound Media
Standard vs. Enhanced inbound media security
Standard
Enhanced
Setting up
Accessing secured media