Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Integrating Twilio Verification SDK for Android using your own backend

Once you integrated the Twilio Verification SDK for Android in your app using the sample backend, you can move forward and implement the token service in your own backend.

In order for you to allow devices to start verifications, you will need to provide a JWT to the devices.

The only functionality that your server needs to provide is a transformation of the user phone number into a signed JWT.

Here's a ruby/sinatra example

require 'jwt'

post "/verify/token" do
  param :phone_number, String, required: true

  payload = {
    app_id: ENV["APP_ID"],
    phone_number: params[:phone_number],

  jwt_token = JWT.encode(payload, ENV["AUTHY_API_KEY"], "HS256")

  respond_with status: 200, body: {jwt_token: jwt_token}

For more information and a working example, please refer to the Sample Backend in github

This is the full list of parameters that can be crafted inside the JWT payload

Required parameters

app_id integer The id of your app
phone_number string User phone number, in E.164 format
iat integer Issued at epoch timestamp

Optional parameters

code_length integer Optional value to change the number of verification digits sent. Default is 4. Allowed values are 4-10.
via string This parameter will override the one used by the SDK to force verification method. This can be used to make server-side decision based on a any given context such as countries, user, retries, device, etc.Either "sms" or "call".
locale string The language of the message received by user. If no locale is given, Authy will try to autodetect it based on the country code. In case that no locale is autodetected, English will be used. Supported languages include: English (en), Arabic (ar), Catalan (ca), Danish (da), German (de), Spanish (es), Greek (el), Finnish (fi), French (fr) , Hebrew (he), Hindi (hi), Hungarian (hu), Indonesian (id), Italian (it), Japanese (ja), Korean (ko), Norwegian (nb), Dutch (nl), Polish (pl), Portuguese (pt), Romanian (ro), Russian (ru), Swedish (sv), Thai (th), Tagalog (tl), Turkish (tr), Vietnamese (vi), Mandarin (zh-CN),Cantonese (zh-HK). We support the format country-region as described in IETF's BPC 47. If no region is given (or supported), there will be a default by country
custom_message string Not enabled by default. Overwrites the default message sent sms or phone call. To request access please contact Authy sales with a business use case that requires a nonstandard message. You can inject a phone verification code in the message by using the string {{code}} were you'd like to insert it. IMPORTANT: If the via parameter is set to "call", the locale parameter is mandatory. The following languages are supported for call custom_messages: English (en), Spanish (es), Portuguese (pt), German (de), French (fr),Italian (it), Daniesh (da),German (de),Finish (fi), Japanese (ja), Korean (ko), Norwegian (nb), Deutch (nl), Polish (pl), Russian (ru), Swedish (sv), Mandarin (zh-CN),Cantonese (zh-HK). We support the format country-region as described in IETF's BPC 47. If no region is given (or supported), there will be a default by country
exp integer Epoch timestamp to set the expiration time for this token. Default and maximum value is 1 hour. For security reasons the API will reject JWT expired, also taking into account issued at date
Lucas Vidal Jan Dusek Paul Kamp

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.