Twilio Verify Node.js Phone Verification Quickstart
Warning
Verify v1 API has reached End of Sale. It is now closed to new customers and will be fully deprecated in the future.
For new development, we encourage you to use the Verify v2 API. v2 has an improved developer experience and new features, including:
- Twilio helper libraries in multiple languages
- PSD2 Secure Customer Authentication Support
- Improved Visibility and Insights
Existing customers will not be impacted at this time until Verify v1 API has reached End of Life. For more information about migration, see Migrating from 1.x to 2.x.
Phone verification is an important, high-confidence step in a registration flow to verify that a user has the device they claim to have. Adding phone verification to your application will greatly reduce your number of fraudulent registrations and protect future application users from having their numbers registered by scammers.
This quickstart guides you through creating a Node.js, AngularJS, and MongoDB app that requires a phone verification step to create an account. Two channels of phone verification are demoed: SMS and voice.
Ready to add phone verification to a demo app and keep the bad actors away? Enter stage left!
Either sign up for a free Twilio trial, or sign into an existing Twilio account.
Once logged in, visit the Authy Console. Click on the red 'Create New Application' (or big red plus ('+') if you already created one) to create a new Authy application then name it something memorable.
Twilio will redirect you to the Settings page next:
Click the eyeball icon to reveal your Production API Key, and copy it somewhere safe. You will use the API Key during the application setup step below.
While Twilio's Verify API doesn't return any user information you'll need to store, to continue working on the app after this Quickstart you'll want a database. For this demo, we built our user database on top of MongoDB.
Instructions for installing MongoDB vary depending on platform. Please follow the appropriate link for instructions on how to install MongoDB for your platform.
After you install MongoDB, launch it. On *NIX and OSX, this command may be as simple as:
_10mongod
Start by cloning our Node.js repository. Enter the directory and use npm to install all of our dependencies:
_10npm install
-
Open the file
.env.example -
Change
ACCOUNT_SECURITY_API_KEYto the API Key from the above step -
Now,
save
the file as
.env
Depending on your system, you need to set the environmental variables before you continue. On NIX, you can run:
_10source .env
On Windows, depending on your shell, you will have to use SET.
Alternatively, you could use a package such as autoenv to load it at startup.
Enter the API Key from the Account Security console and optionally change the port.
_10export ACCOUNT_SECURITY_API_KEY='ENTER_SECRET_HERE'_10export PORT=1337
And then... actually, that's all the setup you'll need.
Now, launch Node with:
_10node .
Assuming your API Key is correctly entered and MongoDB is running, you'll soon get a message that the app is up!
Keeping your phone at your side, visit the phone verification page of the demo at http://localhost:1337/verification/
Enter a Country Code and Phone Number, then choose which channel to request verification over, 'SMS' or 'CALL' (Voice). Finally, hit the blue 'Request Verification' button and wait.
You won't be waiting long - you'll either receive a phone call or an SMS with the verification token. If you requested a phone call, as an additional security feature you may need to interact to proceed (by entering a number on the phone keypad).
This function allows you to send the verification code over SMS or Voice depending on the 'via' variable.
_103var request = require('request');_103var VERSION = "0.1";_103_103_103module.exports = function (apiKey, apiUrl) {_103 return new PhoneVerification(apiKey, apiUrl);_103};_103_103function PhoneVerification(apiKey, apiUrl) {_103 this.apiKey = apiKey;_103 this.apiURL = apiUrl || "https://api.authy.com";_103 this.user_agent = "PhoneVerificationRegNode/" + VERSION + " (node " + process.version + ")";_103 this.headers = {};_103_103 this.init();_103}_103_103PhoneVerification.prototype.init = function () {_103 this.headers = {_103 "User-Agent": this.user_agent_103 };_103};_103_103/**_103 * Verify a phone number_103 *_103 * @param {!string} phone_number_103 * @param {!string} country_code_103 * @param {!string} token_103 * @param {!function} callback_103 */_103PhoneVerification.prototype.verifyPhoneToken = function (phone_number, country_code, token, callback) {_103_103 console.log('in verify phone');_103 this._request("get", "/protected/json/phones/verification/check", {_103 "api_key": this.apiKey,_103 "verification_code": token,_103 "phone_number": phone_number,_103 "country_code": country_code_103 },_103 callback_103 );_103};_103_103/**_103 * Request a phone verification_103 *_103 * @param {!string} phone_number_103 * @param {!string} country_code_103 * @param {!string} via_103 * @param {!function} callback_103 */_103PhoneVerification.prototype.requestPhoneVerification = function (phone_number, country_code, via, callback) {_103_103 this._request("post", "/protected/json/phones/verification/start", {_103 "api_key": this.apiKey,_103 "phone_number": phone_number,_103 "via": via,_103 "country_code": country_code,_103 "code_length": 4_103 },_103 callback_103 );_103};_103_103PhoneVerification.prototype._request = function (type, path, params, callback, qs) {_103 qs = qs || {};_103 qs['api_key'] = this.apiKey;_103_103 options = {_103 url: this.apiURL + path,_103 form: params,_103 headers: this.headers,_103 qs: qs,_103 json: true,_103 jar: false,_103 strictSSL: true_103 };_103_103 console.log(options.url);_103_103 var callback_check = function (err, res, body) {_103 if (!err) {_103 if (res.statusCode === 200) {_103 callback(null, body);_103 } else {_103 callback(body);_103 }_103 } else {_103 callback(err);_103 }_103 };_103_103 switch (type) {_103 case "post":_103 request.post(options, callback_check);_103 break;_103_103 case "get":_103 request.get(options, callback_check);_103 break;_103 }_103};
Either way you requested the passcode, enter the token into the Verification entry form and click 'Verify Phone':
This function verifies the token for a user delivered over the Voice or SMS channel.
_103var request = require('request');_103var VERSION = "0.1";_103_103_103module.exports = function (apiKey, apiUrl) {_103 return new PhoneVerification(apiKey, apiUrl);_103};_103_103function PhoneVerification(apiKey, apiUrl) {_103 this.apiKey = apiKey;_103 this.apiURL = apiUrl || "https://api.authy.com";_103 this.user_agent = "PhoneVerificationRegNode/" + VERSION + " (node " + process.version + ")";_103 this.headers = {};_103_103 this.init();_103}_103_103PhoneVerification.prototype.init = function () {_103 this.headers = {_103 "User-Agent": this.user_agent_103 };_103};_103_103/**_103 * Verify a phone number_103 *_103 * @param {!string} phone_number_103 * @param {!string} country_code_103 * @param {!string} token_103 * @param {!function} callback_103 */_103PhoneVerification.prototype.verifyPhoneToken = function (phone_number, country_code, token, callback) {_103_103 console.log('in verify phone');_103 this._request("get", "/protected/json/phones/verification/check", {_103 "api_key": this.apiKey,_103 "verification_code": token,_103 "phone_number": phone_number,_103 "country_code": country_code_103 },_103 callback_103 );_103};_103_103/**_103 * Request a phone verification_103 *_103 * @param {!string} phone_number_103 * @param {!string} country_code_103 * @param {!string} via_103 * @param {!function} callback_103 */_103PhoneVerification.prototype.requestPhoneVerification = function (phone_number, country_code, via, callback) {_103_103 this._request("post", "/protected/json/phones/verification/start", {_103 "api_key": this.apiKey,_103 "phone_number": phone_number,_103 "via": via,_103 "country_code": country_code,_103 "code_length": 4_103 },_103 callback_103 );_103};_103_103PhoneVerification.prototype._request = function (type, path, params, callback, qs) {_103 qs = qs || {};_103 qs['api_key'] = this.apiKey;_103_103 options = {_103 url: this.apiURL + path,_103 form: params,_103 headers: this.headers,_103 qs: qs,_103 json: true,_103 jar: false,_103 strictSSL: true_103 };_103_103 console.log(options.url);_103_103 var callback_check = function (err, res, body) {_103 if (!err) {_103 if (res.statusCode === 200) {_103 callback(null, body);_103 } else {_103 callback(body);_103 }_103 } else {_103 callback(err);_103 }_103 };_103_103 switch (type) {_103 case "post":_103 request.post(options, callback_check);_103 break;_103_103 case "get":_103 request.get(options, callback_check);_103 break;_103 }_103};
And with that, your demo app is protected with Twilio Verify! You can now log out to try the other channel.
Your demo app is now keeping hordes of fraudulent users from registering with your business and polluting the database. Next, you should check out all of the variables and options available to you in the Verify API Reference. Also, for protecting your customers in an ongoing manner (with this same codebase) try the Node.js Authy Two-Factor Authentication Quickstart.
After that, take a stroll through the Docs for more Account Security demos and tutorials - as well as sample web applications using all of Twilio's products. Encore!