One-time code and phone number ownership verification.
The Verify API allows you to easily build phone verification into your application or solution.
Typically, this is used for:
- Ensuring you have the correct phone number for a user.
- Two-factor authentication, either as part of the login process or after login but before performing actions that are considered privileged, for example, transferring money or closing an account.
- Spam protection, to prevent spammers from automating your user interface and performing bulk operations.
Workflow
To verify a phone number:
- The user supplies their phone number to your application. This may be during registration if you're implementing two factor authentication, or at the point of an operation in the form.
- A six digit PIN is sent to the phone in an SMS.
- The user enters the received PIN into your application.
- If the PIN validates successfully, your application continues with its flow.
Security
The REST API is offered as HTTPS only to ensure data privacy. We only use TLS 2048 bit encryption. We do not support SSL 2.0 or 3.0.
HTTP requests to the REST API are protected with HTTP Basic authentication using the Authorization HTTP header. Your credentials are secure as they are transmitted over HTTPS.
Timeout
We recommend specifying a timeout of at least 130 seconds to ensure you always receive a response from our servers. This allows for our internal timeout of 125 seconds plus a 5 second allowance for network and protocol overheads.