Skip to contentSkip to navigationSkip to topbar
Twilio Docs
On this page

Integrating Twilio Verification SDK for Android using your own backend

(warning)

Warning

The TwilioAuth SDK has been deprecated. This means that while we will continue to provide maintenance support for existing customers and their usage, we discourage new customers and new usage, as we may shut it down entirely in the future. We strongly recommend using the Verify Push SDK instead, which currently supports the Push channel, and will be enhanced to support the TOTP channel in the future.

Once you integrated the Twilio Verification SDK for Android in your app using the sample backend, you can move forward and implement the token service in your own backend.

In order for you to allow devices to start verifications, you will need to provide a JWT to the devices.

The only functionality that your server needs to provide is a transformation of the user phone number into a signed JWT.

Here's a ruby/sinatra example

1
require 'jwt'

2


3
post "/verify/token" do

4
  param :phone_number, String, required: true

5


6
  payload = {

7
    app_id: ENV["APP_ID"],

8
    phone_number: params[:phone_number],

9
    iat: Time.now.to_i

10
  }

11


12
  jwt_token = JWT.encode(payload, ENV["AUTHY_API_KEY"], "HS256")

13


14
  respond_with status: 200, body: {jwt_token: jwt_token}

15
end

For more information and a working example, please refer to the Sample Backend in github(link takes you to an external page)

This is the full list of parameters that can be crafted inside the JWT payload

Required parameters

required-parameters page anchor
PARAMETERTYPEDESCRIPTION
app_idintegerThe id of your app
phone_numberstringUser phone number, in E.164 format
iatintegerIssued at epoch timestamp

Optional parameters

optional-parameters page anchor
PARAMETERTYPEDESCRIPTION
code_lengthintegerOptional value to change the number of verification digits sent. Default is 4. Allowed values are 4-10.
viastringThis parameter will override the one used by the SDK to force verification method. This can be used to make server-side decision based on a any given context such as countries, user, retries, device, etc.Either "sms" or "call".
localestringThe language of the message received by user. If no locale is given, Authy will try to autodetect it based on the country code. In case that no locale is autodetected, English will be used. Supported languages include: English (en), Arabic (ar), Catalan (ca), Danish (da), German (de), Spanish (es), Greek (el), Finnish (fi), French (fr) , Hebrew (he), Hindi (hi), Hungarian (hu), Indonesian (id), Italian (it), Japanese (ja), Korean (ko), Norwegian (nb), Dutch (nl), Polish (pl), Portuguese (pt), Romanian (ro), Russian (ru), Swedish (sv), Thai (th), Tagalog (tl), Turkish (tr), Vietnamese (vi), Mandarin (zh-CN), Cantonese (zh-HK). We support the format country-region as described in IETF's BPC 47. If no region is given (or supported), there will be a default by country
expintegerEpoch timestamp to set the expiration time for this token. Default and maximum value is 1 hour. For security reasons the API will reject JWT expired, also taking into account issued at date

Next step: Register your app in Twilio Verification API

next-step-register-your-app-in-twilio-verification-api page anchor