Verify SMS Overview
SMS is the most popular channel for phone number verification and two-factor authentication (2FA). That's because most people can receive text messages and onboarding is seamless. Plus, SMS 2FA works: Google found that SMS 2FA helped block "100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks."
1// Download the helper library from https://www.twilio.com/docs/node/install2const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";34// Find your Account SID and Auth Token at twilio.com/console5// and set the environment variables. See http://twil.io/secure6const accountSid = process.env.TWILIO_ACCOUNT_SID;7const authToken = process.env.TWILIO_AUTH_TOKEN;8const client = twilio(accountSid, authToken);910async function createVerification() {11const verification = await client.verify.v212.services("VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")13.verifications.create({14channel: "sms",15to: "+15017122661",16});1718console.log(verification.sid);19}2021createVerification();
Response
1{2"sid": "VEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",3"service_sid": "VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",4"account_sid": "ACaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",5"to": "+15017122661",6"channel": "sms",7"status": "pending",8"valid": false,9"date_created": "2015-07-30T20:00:00Z",10"date_updated": "2015-07-30T20:00:00Z",11"lookup": {},12"amount": null,13"payee": null,14"send_code_attempts": [15{16"time": "2015-07-30T20:00:00Z",17"channel": "SMS",18"attempt_sid": "VLaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"19}20],21"sna": null,22"url": "https://verify.twilio.com/v2/Services/VAaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/Verifications/VEaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"23}
After starting a Verification with SMS, you'll want to validate if the code a user provided was correct with the Verification Check API.
Before you send an OTP (one-time password) message through Verify, you must obtain the recipient's opt-in consent. Treat any recipient who has not opted in as opted out by default. You must store evidence of each consent event and provide it to Twilio on request.
For example, include a notice in your application's sign-up or two-factor authentication (2FA) flow that states the user will receive an OTP message at the phone number they provide. Then record the timestamp of the user's confirmation.
Verify SMS follows the Twilio Messaging Policy, please see the policy for more detailed information on consent and opt-in rules.
- SMS Verification: What It Is & How It Works
- 5 reasons SMS 2FA isn't going away
- What is SMS pumping?
- Verify Fraud Guard: A feature that prevents SMS related fraud on Verify by automatically blocking the prefix of the destination of the suspected fraud.