Migrating from the Authy API to the Verify API for SMS 2FA
Time to read: 4 minutes
The Verify API is an evolution of the Authy API with continued support for SMS, voice, and email one-time passcodes, an improved developer experience and new features. As of November 2022, Twilio no longer provides support for Authy SMS/Voice-only customers. Customers who were also using Authy TOTP or Push prior to March 1, 2023 are still supported.
Some of the exciting features of the Verify API include:
- Push authentication SDKs embeddable in your mobile app
- Programmable rate limits
- Improved visibility and insights
curl -XPOST https://verify.twilio.com/v2/Services \
-d FriendlyName=MyServiceName \
-u '[YOUR ACCOUNT SID]:[YOUR AUTH TOKEN]'
Unlike the Authy API, Twilio helper libraries support the Verify API. You no longer need the separate Authy helper libraries. We officially support libraries for C#, Java, PHP, Python, Ruby, Node.js, and Golang [Pilot].
For code examples of migrating SMS 2FA from Authy to Verify, check out these code diffs:
Verify uses Services for configuration. With the Authy API you created an Authy Application and used that API Key to manage verifications. In Verify you need both your Twilio Credentials and a Service SID. You can create and update a Service in two ways:
Legacy Applications were shared between Verify and Authy, so you may see an "application" in the Verify console. Services are the new method for configuration and you should be within the Services tab to get started with Verify V2.
Only available with our new Verify API, view the status of your verifications in the console including telephony delivery status.
Verify error codes are different from Authy error codes and can be found in the documentation. Common errors include:
- Error 60200 - Invalid parameter. For example, an invalid phone number.
- Error 60203 - Max send attempts reached. See the blog post on How to test Twilio Verify without getting rate limited.
Authy IDs were used as the parameter to send SMS verifications with the Authy API.
Use Lookup to convert phone numbers to E.164 format
The free Lookup formatting API call will give you two pieces of useful information:
- The phone number in E.164 format. Required format for ongoing verification.
- The country code in ISO 3166 alpha-2 format (e.g.
BR, etc.). This is necessary to build an allow list or block list of countries.
Store both the E.164 formatted phone number and the country in your database for future use.
Learn more in the Lookup documentation.
Define allowed countries
If you have a global user base, you can allow all countries. If you are only expecting traffic from a handful of countries then you can create an allow list to help mitigate fraud. On the flipside, you can also create a block list if there are countries you do not expect traffic from.
Delete the Authy user from your application
After migrating a single user, we recommend removing the Authy user from the legacy application. You can find instructions on how to remove Authy Users in the documentation.
What if we only stored the Authy ID and don't have the user's phone number?
We have an API for that! Learn more in the Export API documentation.
If you need any assistance, please reach out and we can walk you through your options.
Why am I getting the same code with new verification requests using Verify?
Are rate limits different in Verify?
There are subtle differences in rate limits for Verify compared to Authy.
Rate limits for Verify SMS include:
- 5 send verification attempts within 10 minutes [more info].
- 5 check verification attempts [more info].
Please reach out to sales or support for more information on rate limits. Most customers find the default rate limits for Verify sufficient, but you can also protect your application with additional service rate limits.
How do I test Verify without getting rate limited?
See the blog post on How to test Twilio Verify without getting rate limited.
Does Verify support TOTP?
Does Verify support Push?
Does Verify have a reporting API?
From APIs to SDKs to sample apps
API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
The latest ebooks, industry reports, and webinars
Learn from customer engagement experts to improve your own communication.
Twilio's developer community hub
Best practices, code samples, and inspiration to build communications and digital engagement experiences.