Twilio Account Security

Twilio has a collection of account security APIs, SDKs and pre-built mobile and desktop apps that allow you to address three important steps in the lifecycle of user accounts in your application:

  • Verify. Ensure real humans are behind new account requests while reducing fraud and spam.
  • Authenticate. Either add a second factor to the username/password with 2FA or replace a password entirely.
  • Recover. Make it easy to re-authenticate users when they forget a password or lose a trusted authentication device.

Ready to build now? Dive into our Two-factor Authentication, Phone Verification, or Phone Lookup Quickstart and start your evaluation in under 20 minutes!

Not sure which product to implement?  We've written up the most important best practices to follow and things to consider in our Choosing Your Account Security Implementation guide.

Account Security APIs, SDKs and apps

With our RESTful APIs, you are able to integrate account security features deeply into your application. You'll keep control over branding, flow and user experience while avoiding the hassle of building the security logic and scaling the platform. The APIs are:

  • Twilio Lookup API - Real time data on phone numbers to filter out high risk accounts.
  • Twilio Verify API - Phone verification via SMS & voice using API calls.
  • Twilio Authy API - Fully featured 2FA API supporting SMS, voice, soft tokens and push authentication.

For authentication, while SMS and voice is widely available for most users, it's advisable to go with the more secure options of app-generated soft tokens or push authentication. We've written up the main differences between Authy and Verify here. To save developer time, we've already built an authentication app for iOS, Android, Windows and MacOS. The app, called Authy, is an essential link between your users and their trusted devices, allowing them to self-serve account recovery when locked out. 

SDKs & Helper Libraries

The free Authy app is great if you'd like to avoid building your own apps. If you do choose to build your own mobile app, you can also elect to integrate the account security SDKs. These SDKs can also be used simultaneously with the Authy app if you choose.

Helper Libraries speed up your Twilio security integration. We continuously release and support Helper Libraries targeting PHP, Python, C#, Ruby, Java and Node.js (JavaScript).

Shared APIs

Account Security consists of a number of shared APIs that expose activity and data from across both the Verify and Authy APIs.

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.