Register by 10/16 for $250 off the on-site price.

Twilio Verify Phone Verification Java Servlets Quickstart

Phone Verification is an important, high-confidence step in a registration flow to verify that a user has the device they claim to have. Adding Twilio Verify to your application to validate new accounts will greatly reduce your number of fraudulent registrations and protect future application users from having their numbers registered by scammers.

This quickstart guides you through creating a Java, JDKServlets and AngularJS app that requires a Phone Verification step to create an account. Two channels of Phone Verification are demoed: SMS and Voice.

Ready to add Twilio Verify to a demo app and keep the bad actors away?

Sign Into (or Create) a Twilio Account

Either sign up for a free Twilio trial, or sign into an existing Twilio account.

Create a New Account Security Application

Once logged in, visit the Authy Console. Click on the red 'Create New Aplication' (or big red plus ('+') if you already created one) to create a new Authy application then name it something memorable.

Authy create new application

Twilio will redirect you to the Settings page next:

Account Security API Key

Click the eyeball icon to reveal your Production API Key, and copy it somewhere safe. You will use the API Key during the application setup step below.

Clone and Setup the Verification Application

Start by cloning our Servlets repository. Enter the directory and use gradle to install all of our dependencies:

gradle build
  1. Open the file .env.example
  2. Change ACCOUNT_SECURITY_API_KEY to the API Key from the above step
  3. Now, save the file as .env
  4. Source the env file:
    source .env

In Windows, set the ACCOUNT_SECURITY_API_KEY variable manually.

Loading Code Samples...
Language
# You can get/create one here :
# https://www.twilio.com/console/authy/applications
ACCOUNT_SECURITY_API_KEY=ENTER_SECRET_HERE
Enter the API Key from the Authy console and optionally change the port.
Enter an Application API Key

Enter the API Key from the Authy console and optionally change the port.

That's all the setup you'll need.

Now, launch the application with:

gradle appRun

Assuming your API Key is correctly entered, you'll soon get a message that the app is up!

Use the Java Servlets Twilio Verify Demo

Keeping your phone at your side, vist the Phone Verification page of the demo at http://localhost:8080/verification/

Enter a Country Code and Phone Number, then choose which channel to request verification over, 'SMS' or 'CALL' (Voice). Finally, hit the blue 'Request Verification' button and wait.

Phone Verification by SMS or Voice

You'll either receive a phone call or an SMS with the verification token. If you requested a phone call, as an additional security feature you may need to interact to proceed (enterg a number on the phone keypad).

Loading Code Samples...
Language
package com.twilio.accountsecurity.services;

import com.authy.AuthyApiClient;
import com.authy.api.Params;
import com.authy.api.Verification;
import com.twilio.accountsecurity.exceptions.TokenVerificationException;
import com.twilio.accountsecurity.servlets.requests.CheckPhoneVerificationRequest;
import com.twilio.accountsecurity.servlets.requests.StartPhoneVerificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static com.twilio.accountsecurity.config.Settings.authyId;

public class PhoneVerificationService {

    private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);

    private AuthyApiClient authyApiClient;

    public PhoneVerificationService(AuthyApiClient authyApiClient) {
        this.authyApiClient = authyApiClient;
    }

    public PhoneVerificationService() {
        this.authyApiClient = new AuthyApiClient(authyId());
    }

    public void start(StartPhoneVerificationRequest request) {
        Params params = new Params();
        params.setAttribute("code_length", "4");
        Verification verification = authyApiClient
                .getPhoneVerification()
                .start(request.getPhoneNumber(),
                       request.getCountryCode(),
                       request.getVia(),
                       params);

        if(!verification.isOk()) {
            logAndThrow("Error requesting phone verification. " +
                    verification.getMessage());
        }
    }

    public void check(CheckPhoneVerificationRequest request) {
        Verification verification = authyApiClient
                .getPhoneVerification()
                .check(request.getPhoneNumber(),
                        request.getCountryCode(),
                        request.getToken());

        if(!verification.isOk()) {
            logAndThrow("Error verifying token. " + verification.getMessage());
        }
    }

    private void logAndThrow(String message) {
        LOGGER.warn(message);
        throw new TokenVerificationException(message);
    }
}
This function allows you to send the verification code over SMS or Voice depending on the 'via' variable.
Send a Phone Verification via SMS or Voice

This function allows you to send the verification code over SMS or Voice depending on the 'via' variable.

Either way you requested the passcode, enter the token into the Verification entry form and click 'Verify Phone':

Phone Verification Entry Box

Loading Code Samples...
Language
package com.twilio.accountsecurity.services;

import com.authy.AuthyApiClient;
import com.authy.api.Params;
import com.authy.api.Verification;
import com.twilio.accountsecurity.exceptions.TokenVerificationException;
import com.twilio.accountsecurity.servlets.requests.CheckPhoneVerificationRequest;
import com.twilio.accountsecurity.servlets.requests.StartPhoneVerificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static com.twilio.accountsecurity.config.Settings.authyId;

public class PhoneVerificationService {

    private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);

    private AuthyApiClient authyApiClient;

    public PhoneVerificationService(AuthyApiClient authyApiClient) {
        this.authyApiClient = authyApiClient;
    }

    public PhoneVerificationService() {
        this.authyApiClient = new AuthyApiClient(authyId());
    }

    public void start(StartPhoneVerificationRequest request) {
        Params params = new Params();
        params.setAttribute("code_length", "4");
        Verification verification = authyApiClient
                .getPhoneVerification()
                .start(request.getPhoneNumber(),
                       request.getCountryCode(),
                       request.getVia(),
                       params);

        if(!verification.isOk()) {
            logAndThrow("Error requesting phone verification. " +
                    verification.getMessage());
        }
    }

    public void check(CheckPhoneVerificationRequest request) {
        Verification verification = authyApiClient
                .getPhoneVerification()
                .check(request.getPhoneNumber(),
                        request.getCountryCode(),
                        request.getToken());

        if(!verification.isOk()) {
            logAndThrow("Error verifying token. " + verification.getMessage());
        }
    }

    private void logAndThrow(String message) {
        LOGGER.warn(message);
        throw new TokenVerificationException(message);
    }
}
This function verifies the token for a user delivered over the Voice or SMS channel.
Verify a Token

This function verifies the token for a user delivered over the Voice or SMS channel.

And with that, your demo app is protected with Twilio's Phone Verification! You can now log out to try the untried channel.

What's Next?

Your demo app is now keeping fraudulent users from registering with your business and polluting your database. Next, check out all of the variables and options available to you in the Phone Verification API Reference. Also, to protect your customers in an ongoing manner (with this same codebase) try the Java Servlets Authy Two-Factor Authentication Quickstart.

After that, visit the Docs for more Account Security demos and tutorials and web applications using all of Twilio's products.

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.

Loading Code Samples...
# You can get/create one here :
# https://www.twilio.com/console/authy/applications
ACCOUNT_SECURITY_API_KEY=ENTER_SECRET_HERE
package com.twilio.accountsecurity.services;

import com.authy.AuthyApiClient;
import com.authy.api.Params;
import com.authy.api.Verification;
import com.twilio.accountsecurity.exceptions.TokenVerificationException;
import com.twilio.accountsecurity.servlets.requests.CheckPhoneVerificationRequest;
import com.twilio.accountsecurity.servlets.requests.StartPhoneVerificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static com.twilio.accountsecurity.config.Settings.authyId;

public class PhoneVerificationService {

    private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);

    private AuthyApiClient authyApiClient;

    public PhoneVerificationService(AuthyApiClient authyApiClient) {
        this.authyApiClient = authyApiClient;
    }

    public PhoneVerificationService() {
        this.authyApiClient = new AuthyApiClient(authyId());
    }

    public void start(StartPhoneVerificationRequest request) {
        Params params = new Params();
        params.setAttribute("code_length", "4");
        Verification verification = authyApiClient
                .getPhoneVerification()
                .start(request.getPhoneNumber(),
                       request.getCountryCode(),
                       request.getVia(),
                       params);

        if(!verification.isOk()) {
            logAndThrow("Error requesting phone verification. " +
                    verification.getMessage());
        }
    }

    public void check(CheckPhoneVerificationRequest request) {
        Verification verification = authyApiClient
                .getPhoneVerification()
                .check(request.getPhoneNumber(),
                        request.getCountryCode(),
                        request.getToken());

        if(!verification.isOk()) {
            logAndThrow("Error verifying token. " + verification.getMessage());
        }
    }

    private void logAndThrow(String message) {
        LOGGER.warn(message);
        throw new TokenVerificationException(message);
    }
}
package com.twilio.accountsecurity.services;

import com.authy.AuthyApiClient;
import com.authy.api.Params;
import com.authy.api.Verification;
import com.twilio.accountsecurity.exceptions.TokenVerificationException;
import com.twilio.accountsecurity.servlets.requests.CheckPhoneVerificationRequest;
import com.twilio.accountsecurity.servlets.requests.StartPhoneVerificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import static com.twilio.accountsecurity.config.Settings.authyId;

public class PhoneVerificationService {

    private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);

    private AuthyApiClient authyApiClient;

    public PhoneVerificationService(AuthyApiClient authyApiClient) {
        this.authyApiClient = authyApiClient;
    }

    public PhoneVerificationService() {
        this.authyApiClient = new AuthyApiClient(authyId());
    }

    public void start(StartPhoneVerificationRequest request) {
        Params params = new Params();
        params.setAttribute("code_length", "4");
        Verification verification = authyApiClient
                .getPhoneVerification()
                .start(request.getPhoneNumber(),
                       request.getCountryCode(),
                       request.getVia(),
                       params);

        if(!verification.isOk()) {
            logAndThrow("Error requesting phone verification. " +
                    verification.getMessage());
        }
    }

    public void check(CheckPhoneVerificationRequest request) {
        Verification verification = authyApiClient
                .getPhoneVerification()
                .check(request.getPhoneNumber(),
                        request.getCountryCode(),
                        request.getToken());

        if(!verification.isOk()) {
            logAndThrow("Error verifying token. " + verification.getMessage());
        }
    }

    private void logAndThrow(String message) {
        LOGGER.warn(message);
        throw new TokenVerificationException(message);
    }
}