One Time Code and phone number ownership verification
The Verify API allows you to easily build phone verification into your application or solution. Typically this used for:
- Ensuring you have the correct phone number for a user
- Two factor authentication, either as part of the login process or after login but before performing actions that are considered privileged, e.g. transferring money, closing an account
- Spam protection, to prevent spammer from automating your user interface and performing bulk operations
Workflow
To verify a phone number
- The user supplies their phone number to your application, this may be during registration if you're implementing two factor authentication or at the point of an operation in the form
- A 6 digit PIN is sent to the phone via SMS
- The user enters the received PIN into your application
- If the PIN validations successfully, your application continues with its flow
Security
The REST API is offered as HTTPS only to ensure data privacy. We only use TLS 2048 bit encryption. We do not support SSL 2.0 or 3.0.
HTTP requests to the REST API are protected with HTTP Basic authentication using the Authorization HTTP header. Your credentials are secure as they are transmitted via HTTPS.
We recommend specifying a timeout of at least 130 seconds to ensure you always receive a response from our servers. This allows for our internal timeout of 125 seconds plus a 5 second allowance for network and protocol overheads.