Twilio has a collection of account security APIs, SDKs and pre-built mobile and desktop apps that allow you to address three important steps in the lifecycle of user accounts in your application:
- Verify. Ensure real humans are behind new account requests while reducing fraud and spam.
- Authenticate. Either add a second factor to the username/password with 2FA or replace a password entirely.
- Recover. Make it easy to re-authenticate users when they forget a password or lose a trusted authentication device.
With our RESTful APIs, you are able to integrate account security features deeply into your application. You'll keep control over branding, flow and user experience while avoiding the hassle of building the security logic and scaling the platform. The APIs are:
- Twilio Lookup API - Real-time data on phone numbers to filter out high-risk accounts.
- Twilio Verify API - Phone verification via multiple channels using API calls.
- Twilio Authy API - Older version of the Verify API. Please use Verify for new use cases, except those requiring Authy App push.
For authentication, while SMS and voice is widely available for most users, it's advisable to go with the more secure options of app-generated soft tokens or push and silent device approval authentication. To save developer time, we've already built an authentication app for iOS, Android, Windows and MacOS. The app, called Authy, is an essential link between your users and their trusted devices, allowing them to self-serve account recovery when locked out.
The free Authy app is great if you'd like to avoid building your own apps. If you do choose to build your own mobile app, you can also elect to integrate the Verify Push Client Library.
Account Security consists of a number of shared APIs that expose activity and data from across both the Verify and Authy APIs.