Send an SMS verification code in 5 minutes

Blog header: Send an SMS verification code in under 5 minutes

One-Time Passcodes (OTPs) are a simple and effective way to verify someone's phone number at sign up for ongoing login verification, preventing bots, ensuring deliverability to the right person, and more.

Phone number verification can decrease fraud and increase deliverability and trust. Luckily the Twilio Verify API makes it easy to send and check OTPs. Let's see how to get started with Verify in under 5 minutes.

Prerequisites for sending One-Time Passcodes

Before you can send an OTP you'll need:

A Twilio account - sign up or sign in
A Verify Service which you can create in the Twilio console. The Service Name will appear in the SMS body but you can always edit it later.

Copy your Service SID (starts with VA).

verify service creation flow in the twilio console.

Send the SMS OTP

Copy the following code for the Verifications endpoint and replace the placeholders with:

Your Verify Service SID created above
Your phone number for testing
Your Twilio Account SID and Auth Token (located on the main page of the Console)

# code samples in more languages: twilio.com/docs/verify/api/verification

curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/Verifications" \
--data-urlencode "To=$YOUR_PHONE_NUMBER" \
--data-urlencode "Channel=sms" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Execute the request and you will receive an SMS OTP.

SMS one time passcode on a mobile device

Check the SMS OTP

Verify makes it easy to both send and check the OTP. Copy the following code for the VerificationCheck endpoint and replace the placeholders with:

Your Verify Service SID created above
The phone number you used in the last step
The code you received
Your Twilio Account SID and Auth Token (located on the main page of the Console)

# code samples in more languages: twilio.com/docs/verify/api/verification-check

curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/VerificationCheck" \
--data-urlencode "To=$YOUR_PHONE_NUMBER" \
--data-urlencode "Code=1234567" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Execute the request; you should see status: "approved" with the correct OTP. The status will remain "pending" if you provide an incorrect OTP.

It's really that easy!

[Optional] Quick Deploy a Twilio Verify application

Make sure you're logged in to Twilio and head over to Twilio's Code Exchange for the One-Time Passcode verification project and paste in your Verify Service SID:

twilio quick deploy steps 1 through 3, including the field to input your verify service sid and the submit button to deploy my application

Next, click "Deploy my application". After a few seconds you should see a button to launch the live application: click that to go to your new Verify application.

code exchange otp project home page

Enter your phone number and hit Verify to test it out -- now you have a sample application to share and play around with!

How to use Verify OTPs in your application

You might have noticed that this doesn't actually protect anything, but if you're like me, you love having code to copy and modify. These examples give you the following building blocks:

International telephone input (more details in this post)
Sending an OTP
Checking an OTP

You could use this as the basis to send and check verifications in your own application. The email channel requires a smidge more setup but all of the instructions are outlined in the documentation.

Learn more about getting started with Verify with the following resources:

I can't wait to see what you build and secure!

Rate this post

1 2 3 4 5

Authors

Kelley Robinson