Rate this page:

Account Verification with Authy, Java and Servlets

For new development, we encourage you to use the Verify API instead of the Authy API. The Verify API is an evolution of the Authy API with continued support for SMS, voice, and email one-time passcodes, an improved developer experience, and new features including:

  • Twilio helper libraries in JavaScript, Java, C#, Python, Ruby, PHP, and Go.
  • Access via the Twilio CLI.
  • Improved visibility and insights.
  • A push authentication SDK embeddable in your own application.

You are currently viewing the Authy API. New features and development will be added only to the Verify API. Check out the FAQ for more information and the migrating to Verify guide to get started.

Ready to implement user account verification in your application? Here's how it works at a high level:

  1. The users begin the registration process by entering their data, including a phone number, into a signup form.
  2. The authentication system sends a one-time password to the user's mobile phone to verify the possession of that phone number.
  3. The user enters the one-time password into a form before completing registration.
  4. The user opens a success page and receives an SMS indicating that their account has been created.

Building Blocks

To get this done, you'll be working with the following Twilio-powered APIs:


  • Authy Docs: Find quick starts, documentation, and all about the helper libraries.


  • Messages Resource: We will use Twilio directly to send our user a confirmation message after they create an account.

        Deployment descriptor


        Let's get started!

        Click here to move on to the next step!

        The User Model

        The User Model for this use-case is pretty straightforward and JPA offers us some tools to make it even simpler. If you have already read through the 2FA tutorial this one probably looks very similar. We need to make sure that our User model contains a phone number, country code so that the user can be verified with Authy.


              User model definition and JPA mappings


              Next we will see how to handle the new user form.

              Create a new user

              New User Form

              When we create a new user, we ask for a name, e-mail address, and a password. In order to validate a new account we also ask the user for a mobile number with a country code. We will use Authy to send a one-time password via SMS to this phone number.

              It is now the servlet's responsibility to verify that the user provides the necessary information to create a new user. If the user is created successfully, they will be logged into the system automatically.


                    Handle registration of new accounts


                    Now the user is logged in but not verified. In the next steps we'll learn how to verify the user using Authy.

                    Configure your application to work with Authy

                    Configuring Authy

                    In .environment we list configuration parameters for the application. These are pulled from system environment variables, which is a helpful way to access sensitive values (like API keys). This prevents us from accidentally checking them into source control. We use the System.getenv method to load the key and inject the AuthyApiClient into the RegistrationServlet class.

                    Now we need our Authy production key (sign up for Authy here). When you create an Authy application the production key is found on the dashboard.

                    Authy dashboard


                          Register your AuthyAPIClient with your Authy API key


                          Now let's check out the Servlet handling a new user registration and see how it sends a token upon account creation.

                          Send a token to our new user

                          Sending a Token on Account Creation

                          Once the user has an authyId we can actually send a verification code to that user's mobile phone using the Java Client for Authy.

                          When our user is created successfully via the form we implemented, we send a token to the user's mobile phone to verify their account in our servlet.


                                Handle registration of new accounts


                                When the code is sent we redirect to another page where the user can enter the token they received, therefore completing the verification process.

                                Let's check out the code for token verification!

                                Verifying the Code

                                This servlet method handles the submission form. It needs to:

                                • Get the current user.
                                • Verify the code that was entered by the user.
                                • If the code entered was valid, flip a boolean flag on the user model to indicate the account was verified.

                                Verifying the Code

                                The Authy client provides us with a verify() method that allows us to pass a user id and a token. In this case we just need to check that the API request was successful and, if so, set the User's verified field to true.


                                      Verify an Authy code


                                      That's all for token verification! However, our verification form wouldn't be very usable if there wasn't a way to resend a verification code if the message didn't arrive at the end user's handset.

                                      Re-send a missing verification code

                                      Re-sending the Code

                                      Since the form for re-sending the code is very simple, we're going to skip that for this tutorial. Let's just look at the servlet.

                                      This method loads the user associated with the request and then uses the same Authy API method we used earlier to resend the code.


                                            Re-send an Authy verification code


                                            To wrap things up, let's implement the last step where we confirm that the user's account has been verified with a text message.

                                            Send a confirmation SMS to a verified user

                                            Sending the Confirmation Message

                                            In this example, we create a single instance of the Twilio REST API helper, called client.

                                            Then we need to get the account, the messageFactory, and finally use its sendMessage method in order to send an SMS to the user's phone.


                                                  Send a confirmation with a TwilioRestClient wrapper


                                                  Congratulations! You've successfully verified new user accounts with Authy. Where can we take it from here?

                                                  What's next?

                                                  Where to Next?

                                                  If you're a Java developer working with Twilio, you might want to check out these other tutorials:


                                                  Put a button on your web page that connects visitors to live support or salespeople via telephone.

                                                  Automated Survey

                                                  Instantly collect structured data from your users with a survey conducted over a voice call or SMS text messages.

                                                  Did this help?

                                                  Thanks for checking out this tutorial! If you have any feedback to share with us, we'd love to hear it. Reach out to us on Twitter and let us know what you build!

                                                  Kelley Robinson Hector Ortega Kat King Samuel Mendes Paul Kamp
                                                  Rate this page:

                                                  Need some help?

                                                  We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.


                                                        Thank you for your feedback!

                                                        Please select the reason(s) for your feedback. The additional information you provide helps us improve our documentation:

                                                        Sending your feedback...
                                                        🎉 Thank you for your feedback!
                                                        Something went wrong. Please try again.

                                                        Thanks for your feedback!

                                                        Refer us and get $10 in 3 simple steps!

                                                        Step 1

                                                        Get link

                                                        Get a free personal referral link here

                                                        Step 2

                                                        Give $10

                                                        Your user signs up and upgrade using link

                                                        Step 3

                                                        Get $10

                                                        1,250 free SMSes
                                                        OR 1,000 free voice mins
                                                        OR 12,000 chats
                                                        OR more