Send an SMS verification code in 5 minutes

June 22, 2023
Written by
Reviewed by

One-Time Passcodes (OTPs) are a simple and effective way to verify someone's phone number at sign up for ongoing login verification, preventing bots, ensuring deliverability to the right person, and more.

Phone number verification can decrease fraud and increase deliverability and trust. Luckily the Twilio Verify API makes it easy to send and check OTPs. Let's see how to get started with Verify in under 5 minutes.

What is the purpose of an SMS verification code?

SMS one-time passcodes (OTPs), also known as verification codes, are a tool for protecting user accounts and ensuring users have access to a phone number associated with their account. They may be used for authentication during login or before other sensitive actions like account changes. SMS verification codes may also be used when a phone number is first added to an account for other purposes like ongoing notifications like appointment reminders.

Prerequisites for sending One-Time Passcodes

Before you can send an OTP you'll need:

Copy your Service SID (starts with VA).

 

verify service creation flow in the twilio console.

 

Send the SMS OTP

Copy the following code for the Verifications endpoint and replace the placeholders with:

  • Your Verify Service SID created above
  • Your phone number for testing
  • Your Twilio Account SID and Auth Token (located on the main page of the Console)
# code samples in more languages: twilio.com/docs/verify/api/verification

curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/Verifications" \
--data-urlencode "To=$YOUR_PHONE_NUMBER" \
--data-urlencode "Channel=sms" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Execute the request and you will receive an SMS OTP.

 

SMS one time passcode on a mobile device

 

Check the SMS OTP

Verify makes it easy to both send and check the OTP. Copy the following code for the VerificationCheck endpoint and replace the placeholders with:

  • Your Verify Service SID created above
  • The phone number you used in the last step
  • The code you received
  • Your Twilio Account SID and Auth Token (located on the main page of the Console)
# code samples in more languages: twilio.com/docs/verify/api/verification-check

curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/VerificationCheck" \
--data-urlencode "To=$YOUR_PHONE_NUMBER" \
--data-urlencode "Code=1234567" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Execute the request; you should see status: "approved" with the correct OTP. The status will remain "pending" if you provide an incorrect OTP.

It's really that easy!

[Optional] Quick Deploy a Twilio Verify application

Make sure you're logged in to Twilio and head over to Twilio's Code Exchange for the One-Time Passcode verification project and paste in your Verify Service SID:

 

twilio quick deploy steps 1 through 3, including the field to input your verify service sid and the submit button to deploy my application

Next, click "Deploy my application". After a few seconds you should see a button to launch the live application: click that to go to your new Verify application.

code exchange otp project home page

 

Enter your phone number and hit Verify to test it out -- now you have a sample application to share and play around with!

How to use Verify OTPs in your application

You might have noticed that this doesn't actually protect anything, but if you're like me, you love having code to copy and modify. These examples give you the following building blocks:

You could use this as the basis to send and check verifications in your own application. The email channel requires a smidge more setup but all of the instructions are outlined in the documentation

Learn more about getting started with Verify with the following resources:

I can't wait to see what you build and secure!