Skip to contentSkip to navigationSkip to topbar
Twilio Docs
On this page

Verify TOTP Technical Overview

Data model

data-model page anchor

The data model does not require any PII (such as phone or email).

Verify TOTP data model.

Resource definitions

resource-definitions page anchor
  • Service: an organization or environment (e.g. stage, prod). Contains configurations for all verification methods available through the Verify platform (SMS OTP, Voice OTP, Email OTP, Push Verification, TOTP). A Twilio [sub]account can have multiple Services. Each Service contains multiple Entities that are not shared across Services.
  • Entity: a user or other identity that needs verification. An Entity can contain multiple Factors.
  • Factor: a verification method, which involves an exchange of secrets via a communication channel. For factor_type totp, which follows the RFC-6238(link takes you to an external page) algorithm, the Factor contains the seed (Binding.Secret) that is used to generate the TOTP. A Factor contains multiple Challenges.
  • Challenge: a single verification attempt of an Entity using a Factor. A single Factor has multiple Challenges.

Sequence Diagram

sequence-diagram page anchor

Verify TOTP involves two main sequences that are shown in the diagrams below:

  1. Register a user by generating a unique TOTP seed and verify that they've correctly added it to their Authenticator App for generating TOTP codes.
  2. Verify a user by verifying that the TOTP code they've provided matches the TOTP code generated by the unique TOTP seed.

Register a user and TOTP seed

register-a-user-and-totp-seed page anchor
register-user-public-docs-sequence-diagram-Verify_TOTP_Sequence_Diagram 4.

Verify a user

verify-a-user page anchor
verify-user-public-docs-sequence-diagram-Verify_TOTP_Sequence_Diagram 3.

Ready to start building?

ready-to-start-building page anchor

Check out the quickstart for step-by-step instructions.