-
How to use Authy for Offline, Transaction Specific, PSD2 Compliant Authentication
Read MoreOne of the best features about using Soft Tokens or Time-based One Time Passwords (TOTP) for authentication is that they are available offline. The European Payment Services Directive (PSD2) regulation requires Strong Customer Authentication (SCA) for all transactions over €30 by September 2019. Part of the regulation requires that SCA ties transaction-specific information to the authentication, called Dynamic Linking.
This post will show you how to use a new feature of the Authy API and application to implement a compliant offline solution for your application. For more detail on PSD2, SCA, and dynamic linking, check out this post. You can also build SCA with push authorization or SMS, which we show in this blog post.
Getting Started
To code along with this post, you’ll need:
- A Twilio account
- An Authy Application which you can create in the Twilio console. I named mine "Example Transactional TOTP"
- A recent version of ...
-
Who's Calling? How to Identify a Phone Number Carrier with Twilio Lookup
Read MoreSome bad actors use phone numbers from free online providers to create fake profiles to scam or spam. Twilio's Carrier Lookup API helps you identify the carrier behind the phone number to learn which users have real mobile numbers.
Lookup a carrier with Twilio
To lookup a phone number you will need:
- A free Twilio Account
- Your terminal or a tool like Postman
You can query the Twilio Lookup API for information about a phone number. There are two
Types of requests the API can perform:carrierandcaller-name. This example focuses oncarrier.The following request will return carrier information about a phone number. The phone number in the request URL must be in E.164 format like
+18557477626. Replace the credentials with your Account SID and Auth Token found in the console.In your terminal, run the following code:
curl -X GET \ 'https://lookups.twilio.com/v1 ...
-
Detect Robocalls with Twilio Lookup and the Nomorobo Spam Score Add-on
Read MoreTwilio's CEO Jeff Lawson recently wrote about the history of robocalls and what we're doing to eliminate them. Until that happens, we can build a tool that will help us identify a robocall with a bit of Python, the Twilio Lookup API, and the Nomorobo Spam Score Add-on.
Set Up
In order to code along with this post you'll want to start with the following:
Head to the Twilio Console and install the Nomorobo add-on. Look for the yellow logo and click through to "Install".
Leave the name as
nomorobo_spamscoreand "Save" the Add-On.Create a new file called
nomorobo.pyand add the following code.# Download the helper library from https://www.twilio.com/docs/python/install from twilio.rest import Client # Your Account Sid and Auth Token from twilio.com/console # DANGER! This is insecure. See ...
-
What I Learned About Security from Calling 35 Contact Centers
Read MoreWeb applications often have secure login systems—maybe even 2FA—but what happens when a customer calls the customer support phone number? Security teams and app developers have thought a lot about online authentication, but haven't applied the same rigor to designing systems for authenticating over the phone.
At Twilio, product and engineering teams have spent the last year thinking about this problem and how to make the experience better for both the customer and the call center agent. In that time, I've called dozens of contact centers to learn about how everyone from startups to Fortune 50 companies attempt to identify and authenticate the end user. This post will take a look at that research and outline best practices to use in call centers.
🔍Research Parameters
To test the over-the-phone authentication, I made a list of companies where:
- I have an existing account
- There is personal info tied to ...
-
Identifying a Phone Number's Line Type with Twilio Lookup and Python
Read MoreWhile the Twilio Messaging API won't charge you for attempting to send an SMS to a landline number, identifying the line type of a phone number can be useful for other reasons. A lot of businesses won't let users sign up with VoIP numbers, for example.
This post will show you how to identify a phone number's line type with Twilio Lookup and Python.
Set Up
In order to code along with this post you'll want to start with the following:
Create a new file called
lookup.pyand add the following code.# Download the helper library from https://www.twilio.com/docs/python/install from twilio.rest import Client # Your Account Sid and Auth Token from twilio.com/console account_sid = 'your_account_sid' auth_token = 'your_auth_token' client = Client(account_sid, auth_token) phone_number = client.lookups.phone_numbers('+15108675310').fetch(type='carrier') print(phone_number ...
-
How to Build a Galentine's Day Compliment Generator with Python, Flask, and Twilio
Read MoreHappy Galentine's Day, you opalescent tree shark! The holiday dedicated to waffles and your best gal-pals only happens once a year, so I built an SMS-based bot that can generate compliments Leslie Knope would be proud of anytime. Send a text to (765) 234-3009 for a preview of what we're going to build in this short tutorial.
Getting started
Before we dig into some code, make sure that your Python and Flask development environment is setup. If you haven't done so already:
- Create a Twilio account
- Buy a phone number
- Install Python 3
- Install Ngrok to make your Flask app visible from the internet so Twilio can send requests to it
- Set up your Python development environment
If you're new to Python and Flask check out this handy guide for more information on getting started.
We also need to install Flask to respond to incoming web requests.
pip3 install Flask ... -
PSD2 Compliant Authorization: Verifying Sensitive Actions with Python, Flask and Authy
Read MoreAdding two-factor authentication (2FA) to your login process increases the security of your user's data. We can extend that to validate sensitive actions like sending money from your account, changing your shipping address, or confirming a medical appointment. Even though the user should be already logged in with a username and password, we want to make sure that they authorize every payment. This blog post will show you how to secure payment actions using Python, Flask, a bit of Javascript, and the Authy API.
PSD2 & SCA
The European Payment Services Directive (PSD2) regulation requires Strong Customer Authentication (SCA) for all transactions over €30 by September 2019. This post will show you how to implement a compliant solution for your application. For more detail on PSD2, SCA, and dynamic linking, check out this post.
The solution in this post is useful regardless of regulatory requirements. For example, Gemini uses push ...
-
What is Public Key Cryptography?
Read MoreFrom TLS to authentication, “crypto” is used for a lot more than just currencies. Security should be part of every developer's toolkit and cryptography a fundamental building block for the libraries and tools we use to protect our data and applications. This post will dive into modern cryptography, an overview of how it works, and its everyday use cases — including how Twilio uses public-key crypto in our Authy application and to secure our API.
Let's start with some context and history.
Meet Alice and Bob
Alice and Bob have a history of illicit dealings. We're not really sure what they're up to, but they don't want us, or the ever-curious Eve, to know. Before the internet, Alice and Bob could pass secret messages by encrypting text with an agreed upon cipher. Maybe that was through letter substitution or shifting or other sophisticated methods. They agreed on the method in advance ...
-
Build an Emojidex with Python and the Twilio WhatsApp API
Read MoreIf you've ever wondered about the story behind your favorite emoji, this app is for you. We'll build an interactive bot to give us more information about just what 💁 is doing. With the Twilio API for WhatsApp and Emojipedia 👌😍 we can easily query this information on demand.
🌅 Getting started
Before we can dig into some code, make sure that your Python and Flask development environment is setup. If you haven't done so already,
- Install Python 3
- Install Ngrok to make your Flask app visible from the internet so Twilio can send requests to it
- Set up your Python development environment
If you're new to Python and Flask check out this handy guide for more information on getting started.
I've started the project off, so clone or download the repo from GitHub and checkout the
getting-startedbranch.git clone -b getting-started git@github.com:robinske/emojimon-whatsapp.git💬 Setting Up Twilio API ...
-
How to Test Your iOS Application on a Real Device
Read MoreThere are some features of iOS apps that don’t work from the iOS simulator. Maybe you want to test how your application works with the device camera or send an SMS message from your application. For these examples and more you’ll need to test and debug your app using a real device.
This post will walk through how to run the Xcode simulator on your iPhone or other iOS device and show you how to fix some common errors you’ll see along the way.
How to select your iPhone as the “Simulator” Device
Simulator is in quotes here since this will create an actual app on your phone; it’s no longer a simulation. Open up a project in Xcode and click on the device near the Run ▶ button at the top left of your Xcode screen.
Plug your iPhone into your computer. You can select your ...
By