How to test Twilio Verify without getting rate limited

How to test Twilio Verify without getting rate limited

Twilio Verify offers built in rate limits to help protect your business and its customers from account takeover and toll fraud attacks to your verification flows. This is helpful once you're in production, but can be frustrating during development and testing.

Unfortunately, we do not offer a free testing sandbox since we have to pay underlying carrier fees for every message sent on our platform and Twilio's test credentials are not compatible with the Verify API.

You still need to test your project though, so this guide will cover:

• Common issues like rate limits and expired verifications
• Best practices for verification testing
• How to quickly spin up a testing interface during development

Common Verify API errors during testing

Error 60203: Max send attempts reached

For more details, check out the official Twilio docs for Error 60203.

The API triggers this rate limit after starting 5 verification attempts to the same entity (email or phone number) within 10 minutes. We don't lift the rate limit for testing, but you can use any of the following solutions to work within the rate limits:

1. Complete a verification lifecycle by calling the Verification Check endpoint
2. Wait for the verification to expire (in 10 minutes)
3. Manually cancel the verification by calling the Verification Update endpoint

404 Verification/VerificationCheck resource not found

Twilio deletes the verification SID once:

• it expires
• it's approved
• the max attempts to check a code have been reached

If any of these occur, verification checks will return a 404 Not Found error. The solution is usually to start a new verification.

If you’d like to double check what happened with a given verification - please use the logs found in the Twilio Console under your Verification Service:

Run a Verify testing dashboard during development

This interface is intended to be used during development to test and troubleshoot your verification workflow. We strongly encourage you to only run the dashboard and Twilio functions locally to help protect against potential abuse.

To set up the dashboard you will need:

• A Twilio account
• The Twilio CLI - follow installation instructions here
• A Verify Service which you can create in the Twilio console

Make note of your Service SID (starts with VA)

Install the Twilio CLI for your operating system and login to your Twilio account:

Next, install the Serverless toolkit. This will help us clone a template and easily set up our project.

Initiate a new project using the Verify Testing Dashboard function template:

Edit the included .env file and add your VERIFY_SERVICE_SID as a variable (find or create a Verify service in the console). Make sure the ACCOUNT_SID and AUTH_TOKEN are populated, the Serverless toolkit will configure those if you run twilio login. Your .env file should look something like this:

Start the application locally:

Navigate to http://localhost:3000/index.html to see your dashboard! The dashboard includes the ability to:

• Send verifications via SMS, voice, and email
• Check a pending verification
• Cancel a verification
• See the status of an individual verification

Reminder: while the dashboard makes it very easy to test and reset verifications during development, we don't recommend deploying the dashboard since it could also enable abuse.

Next steps

If you have other questions or issues about the Verify API, please let us know. I'll update this blog post if we encounter other common issues and make sure our product team gets the feedback to improve the product itself.

Make sure to check out our latest addition to the Verify API: Verify Push.

Some additional resources for working with Verify include:

• Serverless phone verification
• Build one-click email verification "magic links" with Verify
• Verify documentation

I can't wait to see what you build and secure!