Introducing Nexmo Rack Middleware
Published on May 18, 2021

Behind every great web framework is infrastructure that makes it all possible. Whether you are building with Ruby on Rails, Sinatra or other Ruby based web frameworks, you are most likely utilizing Rack.

Rack makes it possible to build a customizable interface between your favorite framework and your application server. This will allow you to introduce middleware into your program.

Rack middleware are succinct applications that are called upon during a web application's request and response lifecycle.

So, whether you are looking to middleware for security, logging, serving static files or more, you can do so in a relatively straightforward process.

Introducing Nexmo Rack

DT API Account

To complete this tutorial, you will need a DT API account. If you don’t have one already, you can sign up today and start building with free credit. Once you have an account, you can find your API Key and API Secret at the top of the DT API Dashboard.

This tutorial also uses a virtual phone number. To purchase one, go to Numbers > Buy Numbers and search for one that meets your needs.

If you are working on a Nexmo based application written in Ruby now you can take advantage of the newly released nexmo_rack to incorporate Nexmo API functionality into your middleware stack.

Nexmo Rack Middleware is our latest offering in our growing Ruby toolkit, which already includes a Ruby SDK and a Rails initializer gem.

We released the Nexmo Rack middleware at RubyConf 2019 with its first use-case of verifying signed SMS messages. This is a very relevant area for Rack middleware. If you are working with SMS in your application, then this first feature of nexmo_rack is something that could benefit your development.

Signed SMS messages is a way to verify that the message originated from its claimed source, that it has not been tampered with and to protect against message interception.

With Nexmo you can use signatures for both outbound and inbound messaging. We support a variety of signing algorithms, including MD5, SHA-256, SHA-512 and others. You must set and use a SIGNATURE SECRET to encrypt and decrypt signed SMS messages. Your SIGNATURE SECRET can be set in your Nexmo Dashboard.

Get Started With Nexmo Rack

To use the Nexmo Rack middleware, you need to install the gem. If you are building a Rails application, you can include it in your project's Gemfile:

gem 'nexmo_rack'

To install the gem in a standalone Ruby application, you can simply install it on your system by running gem install nexmo_rack from the command line.

After installing the gem, you must provide it your signature secret, and the desired signature hashing method.

Provide Your Credentials

Nexmo Rack supports both environment variables and Rails Credentials, and you are welcome to use whichever you prefer when providing the gem with your API credentials. Regardless of your chosen method, it is always advisable to not commit your credentials to version control.

If you are using environment variables, open up your .env file and add two new entries for your Nexmo signature secret and the desired signing algorithm:

NEXMO_SIGNATURE_SECRET = 'your_secret_key'
NEXMO_SIGNATURE_METHOD = 'md5hash'

If you are using the Rails Credentials system, you must first open up your decrypted Rails Credentials by executing EDITOR="code --wait" rails credentials:edit from your command line. You can replace the value for the EDITOR= variable with your preferred code editor.

Once the credentials file is open, you can add the signature secret and signature method with the following namespacing:

nexmo:
  signature_secret: your_secret_key
  signature_method: md5hash

Using The Middleware

Once Nexmo Rack is properly credentialed in your application you can go ahead and use it. One of the best features of Rack middleware is its usage simplicity.

The VerifySignature functionality will inspect every incoming request for a sig key, and will seek to verify the signature of those messages that have the sig key. If the message is verified it will pass it to the next item in your stack, and if the message is not verified it will return a 403 Forbidden status. You can enable this functionality in either a standalone Ruby application or a Rails application.

Mounted Into a Rails Application

Add the Nexmo Rack middleware into your config/application.rb file to initialize it within your application:

config.middleware.use Nexmo::Rack::VerifySignature

As a Standalone Application

Add the Nexmo Rack middleware into your config.ru Rack configuration file:

use Nexmo::Rack::VerifySignature

That is all you have to do to start taking advantage of seamless signed SMS validations using Nexmo Rack!

Do you have any questions or comments? We would love to hear what you are building with Nexmo Rack or any of our Ruby tooling. You can join the Nexmo Developer Relations team on Slack, send us an email or connect with us on Twitter.

Further Reading

Interested in discovering more?

Ben GreenbergVonage Alumni

Ben is a second career developer who previously spent a decade in the fields of adult education, community organizing and non-profit management. He worked as a developer advocate for Vonage. He writes regularly on the intersection of community development and tech. Originally from Southern California and a long time resident of New York City, Ben now resides near Tel Aviv, Israel.

Ready to start building?

Experience seamless connectivity, real-time messaging, and crystal-clear voice and video calls-all at your fingertips.