Verify TOTP is in Pilot
This Verify feature is currently in the Pilot maturity stage, which means that:
1. We're actively looking for early-adopter customers to try it out and give feedback. That could be you!
2. You'll need to contact sales to request access to the API.
3. We're actively developing this feature and it could change/break unexpectedly; please only use in a test environment, not in production.
The data model does not require any PII (such as phone or email).
- Service: an organization or environment (e.g. stage, prod). Contains configurations for all verification methods available through the Verify platform (SMS OTP, Voice OTP, Email OTP, Push Verification, TOTP). A Twilio [sub]account can have multiple Services. Each Service contains multiple Entities that are not shared across Services.
- Entity: a user or other identity that needs verification. An Entity can contain multiple Factors.
- Factor: a verification method, which involves an exchange of secrets via a communication channel. For factor_type totp, which follows the RFC-6238 algorithm, the Factor contains the seed (Binding.Secret) that is used to generate the TOTP. A Factor contains multiple Challenges.
- Challenge: a single verification attempt of an Entity using a Factor. A single Factor has multiple Challenges.
Verify TOTP involves two main sequences that are shown in the diagrams below:
- Register a user by generating a unique TOTP seed and verify that they've correctly added it to their Authenticator App for generating TOTP codes.
- Verify a user by verifying that the TOTP code they've provided matches the TOTP code generated by the unique TOTP seed.
Check out the quickstart for step-by-step instructions.