Twilio Verify offers built in rate limits to help protect your business and its customers from account takeover and toll fraud attacks to your verification flows. This is helpful once you're in production, but can be frustrating during development and testing.
Unfortunately, we do not offer a free testing sandbox since we have to pay underlying carrier fees for every message sent on our platform and Twilio's test credentials are not compatible with the Verify API.
You still need to test your project though, so this guide will cover:
- Common issues like rate limits and expired verifications
- Best practices for verification testing
- How to quickly spin up a testing interface during development
Common Verify API errors during testing
Error 60203: Max send attempts reached
For more details, check out the official Twilio docs for Error 60203.
The API triggers this rate limit after starting 5 verification attempts to the same entity (email or phone number) within 10 minutes. We don't lift the rate limit for testing, but you can use any of the following solutions to work within the rate limits:
- Complete a verification lifecycle by calling the Verification Check endpoint
- Wait for the verification to expire (in 10 minutes)
- Manually cancel the verification by calling the Verification Update endpoint
Jump ahead to learn about our Verify Testing Dashboard to easily manage pending verifications.
404 Verification/VerificationCheck resource not found
Twilio deletes the verification SID once:
- it expires
- it's approved
- the max attempts to check a code have been reached
If any of these occur, verification checks will return a 404 Not Found error. The solution is usually to start a new verification.
If you’d like to double check what happened with a given verification - please use the logs found in the Twilio Console under your Verification Service:
This interface is intended to be used during development to test and troubleshoot your verification workflow. We strongly encourage you to only run the dashboard and Twilio functions locally to help protect against potential abuse.
To set up the dashboard you will need:
- A Twilio account
- The Twilio CLI - follow installation instructions here
- A Verify Service which you can create in the Twilio console
Make note of your Service SID (starts with VA)
Install the Twilio CLI for your operating system and login to your Twilio account:
twilio login
Next, install the Serverless toolkit. This will help us clone a template and easily set up our project.
twilio plugins:install @twilio-labs/plugin-serverless
# See a list of available commands:
twilio serverless
Initiate a new project using the Verify Testing Dashboard function template:
twilio serverless:init verify-testing-dashboard --template=verify-dashboard && cd verify-testing-dashboard
Edit the included .env
file and add your VERIFY_SERVICE_SID
as a variable (find or create a Verify service in the console). Make sure the ACCOUNT_SID
and AUTH_TOKEN
are populated, the Serverless toolkit will configure those if you run twilio login
. Your .env
file should look something like this:
ACCOUNT_SID=ACxxx
AUTH_TOKEN=g41xxx
VERIFY_SERVICE_SID= VAxxx
Start the application locally:
twilio serverless:start
Navigate to http://localhost:3000/index.html to see your dashboard! The dashboard includes the ability to:
- Send verifications via SMS, voice, and email
- Check a pending verification
- Cancel a verification
- See the status of an individual verification
Reminder: while the dashboard makes it very easy to test and reset verifications during development, we don't recommend deploying the dashboard since it could also enable abuse.
Next steps
If you have other questions or issues about the Verify API, please let us know. I'll update this blog post if we encounter other common issues and make sure our product team gets the feedback to improve the product itself.
Make sure to check out our latest addition to the Verify API: Verify Push.
Some additional resources for working with Verify include:
- Serverless phone verification
- Build one-click email verification "magic links" with Verify
- Verify documentation
I can't wait to see what you build and secure!