I am using Twilio programmable Fax api to send fax messages from my application. I am not facing any issue while sending faxes when I provide a public url with out any authentication as mediaUrl for sending the fax. But when I pass a url secured with basic authentication as the mediaUrl for the send fax api, the fax sending is getting failed.
"status": "failed",
I have debugged the code on the server on which the mediaUrl accesses, and could find that Twilio is not at all sending a request with "Authorization" header.
As per Twilio documentation,
You may provide a username and password via the following URL format.https://username:password@www.myserver.com/my_secure_document
Twilio will authenticate to your web server using the provided username and password and will remain logged in for the duration of the call. We highly recommend that you use HTTP Authentication in conjunction with encryption. For more information on Basic and Digest Authentication, refer to your web server documentation.
If you specify a password-protected URL, Twilio will first send a request with no Authorization header. After your server responds with a 401 Unauthorized status code, a WWW-Authenticate header and a realm in the response, Twilio will make the same request with an Authorization header
I am giving the mediaUrl in the same format as required by Twilio. But the fax is getting response as failed. Kindly provide your valuable suggestions to help me resolve the issue.
My server is sending the 401 response as given below when Twilio accesses the mediaUrl without Authorization header,
Http response header for 401
Status Code: 401 Unauthorized
Content-Length: 34
Content-Type: application/xml
Date: Wed, 30 Aug 2017 12:38:41 GMT
Server: Apache-Coyote/1.1
WWW-Authenticate: Basic realm="My Realm"
Response body
<message>Invalid credentials</message>
Update
Good news! Media URLs in Twilio Programmable Fax now support basic authentication. This has been implemented and deployed, so this should no longer be an issue.
Original answer
Twilio developer evangelist here.
After some internal investigation I've found out that this is a known issue.
It was in fact raised by your support ticket that you sent in. Good news is that since this is known it will be getting some attention and the team will contact you once it is sorted.