Build Simple Phone Verification with Twilio, Python, and Authy

Screen Shot 2018-02-06 at 9.16.13 AM

Security is at the top of everyone’s mind and phone verification is a super simple way to secure your application. Confidence in your users’ phone numbers decreases fraud and increases reliability of notifications. Let’s take a look at how to verify phone numbers using Python, Flask, and the Authy Phone Verification API.

What you’ll need

To code along with this post, you’ll need:

Setting up

Navigate to the Twilio Console and grab your Authy App API Key (found under Settings).

In a new project folder, I named mine phone_verification, create a config file called and add your API Key like so:

Create a requirements.txt file. This file will help you manage your dependencies in a Python project. We have two dependencies for this project; add the following to your requirements.txt file:

In your terminal, spin up your virtualenv with the following:

This is all the setup we should need to get our app started.

Phone Verification made easy with Authy

In order to do phone verification, our app will follow the following workflow:

  • The user enters three bits of information to our application
  • Phone number
  • Country code
  • Whether they want to verify by voice or SMS
  • Our application makes a request to the Authy API to initiate the verification
  • The user receives a call or text message with a 4 digit code
  • The user then enters that code into a form in the application
  • The application sends the code off to the Authy API, with their phone number and country code again, to verify
  • If it is correct then the user has verified their number

With just two API calls and two web pages, you’ll be able to verify your users’ phone numbers. Let’s create our application.

Creating the Flask Application

Our app will begin with a basic web form to accept user input to demonstrate the above steps. Start by creating a file called and add the following code:

This code will act as our controller and route requests to the right place. Let’s start by updating the phone_verification route.

We need to collect the user’s phone number and country code so we can send them a verification request.

Create a folder called templates and add a file called phone_verification.html. We only want to accept valid country codes, and thankfully the Authy team has some handy form helpers to aid us.

Now we can add the following code to the phone_verification.html file. This will create our HTML form that can accept user input of phone numbers, country codes, and their preferred method of contact.

Back in our controller, let’s wire up this template to our route with the highlighted changes:

Fire up the server by running python from your terminal and navigate to http://localhost:5000/phone_verification. You should see a page that looks like this:

Sweet, we’re making progress! Clicking ‘Verify’ won’t do anything yet. Let’s set that up now.

Our form submits a POST request to the phone_verification endpoint. We can add the following code to process that request in our file:

Now that we’ve grabbed our inputs from the form, we have everything we need to send a phone verification request to the user. This one line of code in our phone_verification route makes that API call:

Validating the Token

The code we just added will send the user a text message or call with a 4 digit token. Next we need to add a view where the user can input the token for validation.

Add a new route in our document below our /phone_verification route:

Add a new template in our template folder called verify.html and populate it with the following code:

Now we’ll update our verification request to redirect to this page so that the user can validate their token. In

Next we need to check the token. We’ll do that by POSTing to the /verify endpoint which will call the Authy API. The check requires the phone number, country code, and token, but we don’t want to ask the user for their phone number again. We will use Flask sessions to store that information.

First, set a secret key so our session can be initialized. This can be any random string:

Update the /phone_verification route to save the country_code and phone_number to the user session.

We can grab those in our /verify endpoint and only require the token in the form. Update your verify endpoint with the following code:

Finally add the SDK call to check the verification token:

To run this app, fire up the server with the following command:

Navigate to http://localhost:5000/phone_verification to test it out!

Verify All The Things!

With just two API calls and two web pages, you’ve now validated that a user has a real phone number and access to that number, which will help prevent a lot of fraudulent accounts and ensure that your users can receive other text or voice notifications from your app.

After verifying a user you’d want to save the user’s phone number with a flag that it had been verified.

You can check out the full code on Github. If you have any questions about phone verification or account security, please leave a comment or contact me on Twitter.

  • Eti Uthakima.

    Just can’t believe how easy this is. Will definitely implement this on a project am working on.