Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free
  • By Kelley Robinson
    3 façons d'implémenter les critères du PSD2 sur l'authentification forte des clients 3 façons implémenter PSD2 authentification fort clients

    La régulation européenne des Directives sur les Services de Paiement (PSD2) exige une Authentification Forte du Client (SCA) lorsqu’un client :

    • Initie un paiement électronique de plus de 30€*
    • Accède à son compte bancaire en ligne
    • Effectue n’importe quelle autre action à distance “qui puisse comporter un risque de fraude ou d’abus”.

    Ceci s’applique à :

    • Les entreprises et/ou les clients au sein de l’Espace Economique Européen
    • Les transactions en ligne ou sans la présence de carte de débit ou de crédit.

    Initialement, la date limite pour se conformer à cette nouvelle réglementation était en septembre 2019 mais elle a été rallongée jusqu’au 30 décembre 2020 (la date limite de la SCA au Royaume-Uni est maintenant fixée au 14 septembre 2021).

    Il y a trois façons d’utiliser Twilio lors de la mise en place de la SCA pour les transactions dans votre application:

    1. Pour la vérification des mots de passe …
    Read More
  • By Kelley Robinson
    Vérifier son téléphone Serverless avec Twilio Verify et Twilio Functions vérifier son téléphone serverless

    Mise à jour en Juin 2020 - ce projet utilise maintenant la boîte à outils/toolkit Twilio Serverless et l’API Functions.

    La sécurité est au cœur des préoccupations de tout un chacun. La vérification par téléphone est un moyen simple de sécuriser votre application et aide à éviter les comptes de bots/robots. L’envoi de mots de passe à usage unique sur le téléphone d’un utilisateur - afin de valider qu’ils ont bien l’appareil et qu’il leur appartient - est un outil de sécurité répandu, utilisé lorsque les personnes s’inscrivent ou vous donnent leur numéro de téléphone pour la première fois.

    La confiance en les numéros de téléphones de vos utilisateurs fait diminuer les fraudes et augmente la fiabilité des notifications.

    Regardons ensemble comment vérifier les numéros de téléphone à partir d’une application web qui utilise les fonctions serverless de Twilio et l’API Twilio Verify.

    Liens rapides :

    • Allez …
    Read More
  • By Kelley Robinson
    International Telephone Input + Twilio International telephone input blog header

    Phone number input is an essential part of many sign up forms that enable Twilio use cases like:

    The international telephone input JavaScript plugin makes it easy to build this into your application.

    gif showing international telephone input plugin transforming a valid number to E.164 format and detecting an invalid number

    Sign up for Twilio and learn more:

    1. Quick Deploy: international telephone input (seen above)
    2. How to build international phone number input in HTML and JavaScript
    3. How to Validate Phone Number Input in HTML and JavaScript
    4. A Phone Number Input Field for Flask Forms
    Read More
  • By Kelley Robinson
    Migrating from Authy to Verify for SMS 2FA Migrating from Authy to Verify for SMS 2FA

    The Verify API is an evolution of the Authy API with continued support for SMS, voice, and email one-time passcodes, an improved developer experience and new features. The Authy API will be maintained for the time being, but new development will be on the Verify API.

    Some of the exciting features of the Verify API include:

    • Twilio helper libraries in JavaScript, Java, C#, Python, Ruby, and PHP
    • Push authentication SDKs embeddable in your mobile app
    • Programmable rate limits
    • Improved visibility and insights

    ...and more!

    This article applies to the Authy API. The Authy app is not going away. We are committed to growing, developing, and supporting the Twilio Authy app as a consumer application and as a complement to our work on the Verify API.

    This guide provides an introduction to the Verify API and a set of guidelines to migrate your application from Authy to Verify.

    Verify Base API …

    Read More
  • By Kelley Robinson
    5 reasons SMS 2FA isn't going away 5 reasons SMS 2FA isn't going away

    Every security solution is a delicate balance between protecting some kind of value and providing usable access to the right people. We're all constantly evaluating the tradeoffs and calculating risk in order to find the right balance of security and usability. When there's more at stake, people are willing to add additional friction and protections. In the physical world that could mean a personal apartment has a simple deadbolt while a jewelry store invests in an alarm system.

    For online business, SMS authentication has long been a popular choice for securing consumer accounts. It's an easy and familiar channel to deploy and SMS two factor authentication (2FA) usage has even grown 9% in the last two years. While the SMS channel has legitimate security concerns, businesses should consider their threat model and offer a spectrum of 2FA options. Offering more secure channels like authenticator apps and push authentication is especially …

    Read More
  • By Kelley Robinson
    Tester son App iOS sur un Vrai Téléphone tester-app-ios-vrai-telephone

    Le simulateur iOS de XCode est très pratique la plupart du temps, mais dans certains cas il n’est pas possible d’y tester certaines fonctionnalités

    Si vous voulez tester le fonctionnement de votre application avec l'appareil photo du téléphone ou envoyer un SMS à partir de votre application, vous devrez tester et déboguer votre application avec un vrai device.

    Cet article  vous explique comment tester vos applications en cours de développement directement sur votre iPhone ou autre appareil iOS et vous expliquera comment corriger certaines erreurs courantes que vous rencontrerez probablement en cours de route.

    Comment sélectionner votre iPhone comme appareil "Simulateur"

    “Simulateur” est entre guillemets ici car en fait on va créer une vraie application sur votre téléphone ; ce n'est plus une simulation.

    Ouvrez un projet dans Xcode et cliquez sur l'appareil près du bouton ▶ en haut à gauche de votre écran Xcode.
    localisation de l'appareil dans xcode

    Branchez votre iPhone sur votre …

    Read More
  • By Kelley Robinson
    Detect browser support for WebAuthn Detect browser support for WebAuthn

    Browser support for WebAuthn is growing rapidly. As of writing, 87.39% of internet users should have support. You can check for WebAuthn support by checking for PublicKeyCredential in JavaScript:

    if (window.PublicKeyCredential) {
      console.log("Supported.");
    } else {
      console.log("Not supported.");
    }
    

    What is WebAuthn?

    WebAuthn (short for Web Authentication) is a relatively new browser API for strong, scoped, passwordless authentication. Instead of a password, an authenticator uses public key cryptography to create a key pair (known as a credential) for a website. It's part of the FIDO2 specification written bythe W3C and the FIDO Alliance, a group of security researchers interested in abolishing passwords.

    WebAuthn is an incredibly promising API because it reduces the web's reliance on passwords. Because credentials are tied to a website, it also prevents phishing attacks. Once a credential is generated, only the public key is sent to a website's servers. This means that databases are less vulnerable …

    Read More
  • By Kelley Robinson
    How to Validate Phone Number Input in HTML and JavaScript Validate phone number input in HTML and JavaScript without Regex

    If you Googled "phone number regex" and regretted it you're in the right place. There are a lot of valid phone number formats, but fortunately there are free tools that you can use to help make sure a phone number is valid.

    This post will walk through two ways to check a phone number's validity: the Twilio Lookup API and the intl-tel-input JavaScript plugin. This builds on How to build international phone number input in HTML and JavaScript, which you can reference for more details on building the nice-looking phone number input field I'm using below.

    You can find the finished code on my GitHub.

    Why you should validate phone number input

    You want to validate phone numbers so that you can help prevent sign up spam and fraud and also catch simple errors like typos. We'll include recommendations for phone verification and some more account security best …

    Read More
  • By Kelley Robinson
    How to build international phone number input in HTML and JavaScript Build internation phone number input in HTML and JavaScript

    Phone numbers are standardized in an international format known as E.164 which combines country codes and subscriber numbers in a format like this: +14155552671. This format is required by many APIs (including Twilio's) and means that you don't have to store country codes and phone numbers in two separate database columns.

    However, you probably don't want your users to have to type in a + sign and country code when they provide their phone number to:

    • Register a new account
    • Enable SMS 2FA
    • Request a callback from customer service
    • Sign up for marketing notifications

    This blog post will walk through how to build a phone number input field to process and parse phone numbers using basic HTML, JavaScript, and the intl-tel-input plugin. We'll include recommendations for phone verification and fraud prevention.

    You can find the finished code on my GitHub.

    What can the intl-tel-input plugin do?

    This project …

    Read More
  • By Kelley Robinson
    Understanding push authentication understanding push authentication

    Push authentication is one of the most secure and easy to use forms of user authentication. When a company issues an authentication challenge, the user only has to tap allow or deny when they receive the push notification on their phone—much easier than typing in a one-time password (OTP).

    push authentication gif showing a user logging in on desktop, receiving a notification on their mobile phone, tapping approve, and the desktop login succeeding.

    Using push authentication means a company can also add useful context about the authentication event. Think of things like payments: instead of just sending a code, the authentication request can include information about the payment like the amount and recipient. Even better, because it's one of the few forms of authentication that lets the user deny an authentication attempt, companies can take advantage of that information to identify real time phishing attacks or other malicious activity.

    Push authentication also uses public key cryptography under the hood to link a single device (like a user's phone) to their identity. That makes it …

    Read More
  • Newer
    Older
    Sign up and start building
    Not ready yet? Talk to an expert.