The data model does not require any PII (such as phone or email).
Resource definitions
Service
: an organization or environment (e.g. stage, prod). Contains configurations for all verification methods available through the Verify platform (SMS OTP, Voice OTP, Email OTP, Push Verification, TOTP). A Twilio [sub]account can have multiple Services. Each Service contains multiple Entities that are not shared across Services.
Entity
: a user or other identity that needs verification. An Entity can contain multiple Factors.
Factor
: a verification method, which involves an exchange of secrets via a communication channel. For factor_type
totp
, which follows the
RFC-6238
algorithm, the Factor contains the seed (Binding.Secret) that is used to generate the TOTP. A Factor contains multiple Challenges.
Challenge
: a single verification attempt of an Entity using a Factor. A single Factor has multiple Challenges.
Sequence Diagram
Verify TOTP involves two main sequences that are shown in the diagrams below:
Register a user by generating a unique TOTP seed and verify that they've correctly added it to their Authenticator App for generating TOTP codes.
Verify a user by verifying that the TOTP code they've provided matches the TOTP code generated by the unique TOTP seed.
Register a user and TOTP seed
Verify a user
Ready to start building?
Check out the quickstart for step-by-step instructions.