SIP Digest Authentication - Monobot CX docs

Overview

SIP Digest Authentication is a security mechanism that verifies access to your SIP endpoint using a username and password.

This method uses a secure challenge-response mechanism, meaning the password is not sent in plain text.

Digest Authentication protects your system from:

Only systems with valid credentials can connect.

SIP Digest Authentication uses a challenge-response mechanism to securely verify credentials.

Client sends initial request (without authentication)
Server responds with:
- 401 Unauthorized
- a nonce (challenge value)
Client generates a secure response using:
- SIP Username
- SIP Password
- Server-provided nonce
Client sends the request again with the computed response
Server validates the response:
- If valid → access granted
- If invalid → access denied

   Client → REGISTER → Server
Server → 401 Unauthorized + nonce → Client
Client → REGISTER (with auth response) → Server
Server → 200 OK → Client

The password is never sent directly. Instead, a hashed value is calculated using the password and server challenge.

Each authentication request uses a unique nonce, which prevents replay attacks.

Provide the following credentials:

These credentials must match the configuration on your SIP provider or PBX.

Use SIP Digest Authentication when:

Username: sip-user-001
Password: ********

Use strong, unique passwords and avoid sharing credentials publicly.

Incorrect credentials will result in failed call connections.

For maximum security, combine Digest Authentication with IP Whitelisting when possible.