Getting the Most Out of Your Twilio User Authentication & Identity Project

February 17, 2023
Written by
Twilio
Twilion

Getting the Most Out of Your Twilio User Authentication  & Identity Project

Twilio's User Authentication & Identity suite of products helps your business optimize conversions with customizable verification solutions. Our Verify and Lookup APIs validate user identities with possession factors and authoritative mobile carrier signals to accelerate verification throughout the customer journey. Whether you're building user verification from scratch or adding two-factor authentication (2FA), our solutions offer seamless multichannel consumer authentication to ensure account security.

And you can trust Twilio with your user verification—we already send over 4.8 billion verifications annually.

If you’re a developer, Twilio maintains extensive documentation and helper libraries in multiple coding languages. Check out our Verify API and Lookup API docs to get started.

We created this guide to walk you through the most common questions you might have while integrating User Authentication & Identity into your application. And it's a work in progress – we'll update this guide over time.

In this post, you'll find information on:


Use cases and how to build

Depending on what you want to build, you can get started with our API documentation for Lookup and Verify to turn your vision into a reality. Because account security is usually a supporting function to your business goals, most use cases will require integrating with an existing application and development resources.

Common use cases include:

  • Secure onboarding and activation with less friction
  • Secure logins and authentication
  • Identify compromised mobile numbers
  • Secure transactions
  • Account management (e.g. account changes and password resets)
  • Fraud mitigation

The following sections will help you find the proper technical support for your use case.

Finding development help

We designed the Lookup and Verify APIs to integrate into your existing applications and code bases seamlessly. While you’ll likely need a developer to help implement our APIs, they don’t need special expertise in security or authentication.

Additionally, we have quickstart guides and dozens of tutorials in multiple programming languages to suit your needs.

Working with a Consulting Partner

Twilio has a group of vetted consultants who can help you with your project if you don't have an in-house development team or want additional expertise. These partners have experience building solutions with Twilio's Lookup and Verify APIs.

Find a Consulting Partner who can support your implementation from start to finish, or learn more about the partner program here.

Are you a nonprofit organization or social enterprise? Twilio’s Impact Access Program provides discounted Twilio pricing and credits to kick-start your application. Contact our partner technical development teams for help building your use case. We recommend Dexterous Technology and Vision Point Systems for account security use cases.

Contracting with or hiring a developer

User verification and activation – whether at sign-up, login, or transaction time – is an important part of your overall application. If you already work with developers, they can help add a phone number lookup or user verification using the programming languages and tools you already have. And if you hire a developer specifically for this job, they should be comfortable with web application programming but don’t need special expertise in security or authentication.

Our documentation is extensive, and hundreds of customers have quickly implemented one-time passcode (OTP) verification via SMS, WhatsApp, and Email.

However, if you're considering solutions like Push Authentication (Push) or Silent Network Authentication (SNA), you’ll need a developer comfortable with mobile development (e.g., Android, iOS, or React Native). These solutions are best for companies with a strong mobile application user base, so talk to your mobile development partner about whether they can help add Push or SNA.

Architecting your account security application

Designing user verification involves more than just picking the right verification channel, and Twilio has supported thousands of customers rolling out verification and 2FA implementations. Our documentation provides recommendations for each step of the user verification process, from collecting phone numbers to account recovery.

Use Lookup and Verify together at sign-up to learn more about the end user before creating an account and verifying their phone number.

Whether you build your account security journey, work with one of Twilio's partners, or hire a consultant, Twilio’s Professional Services team can help guide you through every step.

From the planning stage to implementation and onboarding (and even after you launch), we can offer technical guidance, best practices, advice, and optimization help. Additionally, Professional Services can assist with account setup, sender ID management, trust and compliance, and other aspects of building and scaling your account security application when you need further help.


 

Sign-ups, upgrades, and how to fund your account

To start, you’ll need to sign up for a free trial account. While you’ll be able to see everything we have to offer in the Twilio Console, some trial limitations will apply until you upgrade. Upgrading your account (follow our step-by-step guide) is straightforward, and will require you to add a payment method and deposit a minimum balance of $20.

Doing so allows you to enable an automated recharge to prevent an interruption in your messages sending or access your current balance and add additional funds through the billing overview page.

After you sign up for an account, create a Verify Service in the Console to start sending verifications.


Geographic differences

The Lookup and Verify APIs work globally in most cases. And unlike with some Twilio products, you don’t always need to acquire country-specific sender numbers to send SMS verifications, as multiple-geography support comes with the API.

Verify

Verify software channels like WhatsApp or Email OTPs, Push, and TOTP aren’t subject to geographic restrictions or differences.

Geographic differences apply to SMS and Voice OTP use cases in the following situations:

Learn more about Verify countries and regions deliverability.

Lookup

Lookup package availability depends on the region — see coverage and availability in the documentation.

The following packages are available worldwide:


Pricing information

Verify

Verify OTP requests include a two-part billing:

  1. Verify software fee for completed verifications ("approved" status from the Verification Check end point)
  2. Standard channel rates for underlying communication (e.g., SMS, WhatsApp, email, and voice call)

See Verify pricing for up-to-date rates and information.

Lookup

The Lookup API supports a free basic lookup. However, rates for other Lookup API requests require per-request billing depending on the package requested. See Lookup pricing for updated information.

Fraud prevention

SMS pumping and toll fraud schemes commonly target phone verification forms. If you use SMS or voice verification, follow our best practices for preventing fraud.

To help fight these forms of fraud and deter this type of attack automatically, we built Verify Fraud Guard. Enable Fraud Guard in your Verify Service in the Console.


Compliance and regulatory considerations

Certain channels and packages will require additional approvals to use, including the following:


Building on Twilio

Hopefully, this post helped you determine how to add User Authentication & Identity with Twilio.

If you need help along the way, head over to the Console Support page to explore additional Support options.