How to add Silent Network Authentication to your application

October 27, 2022
Written by
Reviewed by

How to add Silent Network Authentication to your application

Silent Network Authentication (SNA) is a new way of verifying users with their mobile carriers without requiring any user input. This authentication method uses GSM authentication under the hood to provide strong security assurance without the added friction of entering a one-time passcode or downloading a special authentication app.

The basic user experience looks like this: the user enters their phone number, the application performs the authentication in the background and verifies the user without any additional passcodes or other input.

4 step user experience of SNA showing phone number input and then a few screens that show background progress of authentication before the user is logged in.

Learn more about how SNA works on the blog or start using the API by following the tutorial below.

Prerequisites for building with Silent Network Authentication

To follow along with this tutorial you will need to:

  1. Sign up for or sign in to your Twilio account.
  2. Request access to the API and Live Test Number feature (24 hour turnaround).
  3. Add your personal phone number in the console for testing (see supported carriers).
  4. Create a Verify Service in the Twilio Console.

For production usage, carriers require additional approval. Start the 2-4 week process by submitting this form.

How to verify users with SNA

There are 3 main steps to verifying users with SNA:

  1. Start the verification process
  2. Invoke the sna.url on a mobile device. This is the key feature of SNA that activates the background verification by talking directly to the mobile carrier.
  3. Check the verification status

Step 1: start the verification process to get the sna.url

Replace the phone number in the To parameter with your personal phone number for testing (see supported carriers). This is the same API you would use to send an SMS, WhatsApp, or email verification.

curl -X POST https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/Verifications \
--data-urlencode "Channel=sna" \
--data-urlencode "To=$MY_PHONE_NUMBER" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Grab the nested sna.url from the response:

{
  "sid": "VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "service_sid": "VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "to": "+15017122661",
  "channel": "sna",
  "status": "pending",
  "valid": false,
  "date_created": "2015-07-30T20:00:00Z",
  "date_updated": "2015-07-30T20:00:00Z",
  "send_code_attempts": [
    {
      "time": "2015-07-30T20:00:00Z",
      "channel": "sna",
      "attempt_sid": "VLXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    }
  ],
  "sna": {
    "url": "https://mi.dnlsrv.com/m/id/ANBByzx7?data=AAAglRRdNn02iTFWfDWwdTjOzM8o%2F6JB86fH%2Bt%2FFftUPj0pFA0u8%2FibWuYwzmMeMOtdTwYlsO8V%2FXF%2BJmngMhbeGKYhHeTOF2H9VrGEYKcEEklPxHgb5GgL3XtYa33j3lIU%2By6InvoV%2FowWHBzA0QeFPBh6vmJ8LoUPJqGE7q0PRz618Z4ym1AGq%2BaomSq9PlP4rCduv9Cmtxu%2FrvPSBwocs0GCWDE8seK8t9epmPQW7gwODxkAiKr9UxhJd9KvmBVuAQPf%2BoFQVo86USXkhXqTvUzB2bNUYY9FCy3CWgZFTOa1D3H1CVxf1eHzYIswNA7SmOzP%2FBX8g6%2B0hkzwMRkcit3gBNs4evAVJiqAgYvUlrtGwwv9bFx4X7jWSHY4%3D&cipherSalt=yANeDq09bwM38SJs"
  },
  "url": "https://verify.twilio.com/v2/Services/VAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/Verifications/VEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

Reference the documentation.

Step 2: invoke the sna.url from a mobile device

Because SNA uses network authentication, disconnect from Wi-Fi before invoking the URL from a mobile browser.

For testing purposes, send yourself the sna.url via email or something like AirDrop then click on the link from your mobile device. You should see ErrorCode=0 in the browser.

If you embed SNA in your mobile application, you can force the request to use mobile data without needing to turn Wi-Fi off. Learn more.

Step 3: check the verification

Finally, check the status of the verification with the following command. If the network authentication was successful, the status will be "approved".

curl -X POST https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/VerificationCheck \
--data-urlencode "To=$MY_PHONE_NUMBER" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

This API request will generate a response that looks like the following. Note the approved status. If the status is still pending the verification was unsuccessful.

{
  "status": "approved",
  "payee": null,
  "date_updated": "2022-10-26T17:11:53Z",
  "account_sid": "ACxxx",
  "to": "+14151234567",
  "amount": null,
  "valid": true,
  "sid": "VExxx",
  "date_created": "2022-10-26T17:08:24Z",
  "service_sid": "VAxxx",
  "sna_attempts_error_codes": [],
  "channel": "sna"
}

Reference the documentation.

If the verification status is approved, you can proceed to log in the user, validate a transaction, or complete whatever other trusted process you were gating with the verification process.

SNA error handling

Always check the error code on the API response at each step. SNA errors begin with 605xx and will be available at the check verification step. Check out the documentation for more error handling guidance. In general, you can failover to SMS OTP for all error codes except 60540.

How to take SNA into production

Once you've tested SNA you'll want to start the carrier approval process in order to make requests on customer data - this is required by carriers in order to query the real-time connectivity information that powers SNA behind the scenes. Reach out to our sales team if you have any questions about this process.

Then, check out the best practices for SNA guide for more information on how to handle implementation details, do error handling, manage edge cases, and scale the solution globally.

Like any verification solution, you will want to consider backup channels. The multi-channel Verify API has you covered with SMS, WhatsApp, Email, Push, and more. I can't wait to see what you build and secure!