Twilio's new Verify API is currently available as a Public Beta product. Some features are not yet implemented and others may be changed before the product is declared as Generally Available. Public Beta products are not covered by a Twilio SLA.
Phone verification is an essential first step in your online relationship with a user. By verifying that a new registree on your website has the device, they claim in his or her possession (and the provided number is accurate) you reduce spam and fraud while signaling your concern for the user's security.
We've come up with some best practices and practical guidelines that can assist you while implementing phone verification. These best practices are also built into our Verify quickstart - we suggest running through it to see some implementation details.
Phone verification is an important first step when signing up a user, but should be considered holistically in your application's registration and usage flow. Checking that a phone number is legitimate, associated with a device, and in possession of a new registrant will cut down on spam sign-ups before you even grant a new user an account.
Our currently suggested signup and usage flow are as follows (only proceed to the next step if the previous step is successful):
Our currently suggested signup and usage flow is as follows (only proceed to the next step if the previous step is successful):
- Use Phone Verification to determine if the user has the device they claim currently in possession.
- If your customer relationship will continue:
- Register the user for continuous Two-factor Authentication usage.
- Require Twilio Two-factor Authentications to protect any combination of log-ins, high-risk operations, and high-value transactions.