Verify Silent Network Auth Overview

What is Verify Silent Network Auth (SNA)?

Silent Network Auth (SNA) is the next generation SIM-based authentication method that confirms phone number possession in real-time without compromising security. Authenticate real, unique end-users without impacting the customer experience. Read What is Silent Network Authentication? on the Twilio Blog for more information on how it works under the hood.

SNA is now available natively through the Verify API.

Start building

1. Request access to the API and Live Test Number feature.

2. Complete the carrier registration form to start the 2-4 week approval process.

3. Plan your implementation starting with the Technical Overview and Verifications API Reference documentation.

Pricing

• Verify Silent Network Auth is priced per country as a single, all-inclusive fee.
• For testing use, the first 1,000 SNA verification attempts are free per enabled Account SID. This usage limit is for the life of the Account SID. An Error 20429 will be returned when this limit is reached.
• For production use and to have the usage limit removed on the Account SID, a sales contract (order form) specifying per-country pricing needs to be executed with Twilio Sales, who can be reached via this interest form.

FAQ

What are the best practices for error handling?

Always check the error code on the API response at each step. SNA errors begin with 605xx. In general, you can failover to SMS OTP for all error codes except 60540. Comprehensive best practices for error handling can be found in the documentation.

Where does SNA work?

Twilio Verify SNA is live in 10 countries, including the US, Canada, UK, Germany, France, Spain, India, Indonesia and more. Reach out to learn more about our coverage.

How long does SNA take?

2-4 seconds.

The main source of latency for SNA is invoking the sna.url on the device. This step usually takes around 2-3 seconds but may take up to 4 seconds. This is where Twilio is making a request directly with the carrier to confirm the data session is live.

You may receive Error 60519 if you try to check the verification status before the carrier verification is complete.

The additional API requests to obtain the sna.url and check the verification each take less than 100ms.

How much data is sent with the sna.url invocation?

40 bytes.

What is the TTL of the sna.url?

10 minutes by default but this can be configured.

What triggers a billing event for SNA?

A billing event is triggered after you have invoked the sna.url and the verification is approved or you receive an error code of 60500 (SNA Phone Number Mismatch) or 60540 (SNA Carrier Identified Invalid Phone Number). Other errors will not trigger a billing event. See Pricing for pricing structure details.

Does SNA work with spoofed phone numbers?

No. The request will fail with the service provider when they perform the underlying GSM authentication.

Does SNA work if the user is roaming?

It depends on the user’s carrier and where they are roaming.

Does SNA work with Google Fi?

Google Fi uses the T-mobile network and the US Cellular network. When the device is on the T-mobile network SNA will work. When on the US cellular network SNA will fail as US cellular does not support the SNA service.

Does SNA work for a phone number that is setup with call forwarding?

Yes. SNA uses the data session, whereas call forwarding is only for voice and text. If an SNA transaction is initiated on a device which has call forwarding enabled, the data session on the device will be used and the carrier will detect the number on that device. SNA does not detect if the phone number is enabled for call forwarding.

Does SNA work with eSIM?

Yes! The SIM function doesn't change whether a physical or eSIM is used.

Is SNA susceptible to PIN-jacking?

No. Once you've implemented SNA for authenticating user logins, consider making this information visible to your customer support team. This way, they do not erroneously issue credits to a user who claimed that their account was taken over due to "Authentication PIN stolen", since SNA does not provide a PIN.

Should I only request SNA verification for mobile numbers that match specific carriers or MNC-MCCs in a given country?

No. In a given country, carriers and their associated MNC-MCCs that support SNA can change over time. Therefore, we recommend requesting SNA verification for all mobile numbers. If the mobile number belongs to an unsupported carrier, you’ll get a non-billable error (like Error 60008) when you make the Verification call, and you can fall back to a different verification channel at that point.

How does SNA encryption work to keep phone numbers secure?

• Access to your Twilio account is protected via IP whitelisting.
• All interactions between Twilio and your server application or the carrier APIs are over HTTPS TLS 1.2+.
• All interactions between the end user’s phone and Twilio or the carrier do not include the phone number.
• While different carriers use different methods to achieve SNA, including the use of encrypted tokens, in all cases the phone number is never inserted in plain text and the token is always dynamic per-session.
• Our database only stores encrypted phone numbers using AES 256 encryption and has strict access requirements and limitations.