Verify SMS Overview
SMS is the most popular channel for phone number verification and two-factor authentication (2FA). That's because most people can receive text messages and onboarding is seamless. Plus, SMS 2FA works: Google found that SMS 2FA helped block "100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks."
After starting a Verification with SMS, you'll want to validate if the code a user provided was correct with the Verification Check API.
- API Reference
- SMS Phone Verification on CodeExchange
- Send an SMS verification code in 5 minutes
Consent and opt-in policy
Before sending a recipient’s first Verify SMS verification, you must obtain opt-in consent from the user to receive OTP messages. You must keep a record of this consent and be able to provide it to Twilio on request. For example, you could add a notice in the sign-up flow that indicates to the user that they are requesting OTP messages to be sent to their provided number and then record a timestamp of when the user completed the sign-up flow.
Verify SMS follows the Twilio Messaging Policy, please see the policy for more detailed information on consent and opt-in rules.
- SMS Verification: What It Is & How It Works
- 5 reasons SMS 2FA isn't going away
- What is SMS pumping?
- Verify Fraud Guard: A feature that prevents SMS related fraud on Verify by automatically blocking the prefix of the destination of the suspected fraud.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.