Verify v1 Phone Verification Java/Spring Quickstart

(warning)

Warning

Verify v1 API has reached End of Sale. It is now closed to new customers and will be fully deprecated in the future.

For new development, we encourage you to use the Verify v2 API. v2 has an improved developer experience and new features, including:

Twilio helper libraries in multiple languages
PSD2 Secure Customer Authentication Support
Improved Visibility and Insights

Existing customers will not be impacted at this time until Verify v1 API has reached End of Life. For more information about migration, see Migrating from 1.x to 2.x.

Phone Verification is an important, high-confidence step in a registration flow to verify that a user has the device they claim to have. Adding Twilio Verify phone verification to your application will greatly reduce your number of fraudulent registrations and protect future application users from having their numbers registered by scammers.

This quickstart guides you through creating a Java, Spring and AngularJS app that requires a phone verification step to create an account. Two channels of phone verification are demoed: SMS and Voice.

Ready to add Twilio Verify to a demo app and keep the bad actors away? Enter stage left!

Sign Into (or Create) a Twilio Account

Either sign up for a free Twilio trial, or sign into an existing Twilio account.

Create a New Authy Application

Once logged in, visit the Authy Console. Click on the red 'Create New Application' (or big red plus ('+') if you already created one) to create a new Authy application then name it something memorable.

Twilio will redirect you to the Settings page next:

Click the eyeball icon to reveal your Production API Key, and copy it somewhere safe. You will use the API Key during the application setup step below.

Clone and Setup the Application

Start by cloning our Spring repository. Enter the directory and use npm to install all of our dependencies:

gradle build

Open the file .env.example
Change ACCOUNT_SECURITY_API_KEY to the API Key from the above step
Now, save the file as .env
Source or otherwise set the environment variable in your environment

Enter an Application API Key

Enter the API Key from the Authy console and optionally change the port.

1# You can get/create one here :
2# https://www.twilio.com/console/authy/applications
3export ACCOUNT_SECURITY_API_KEY=ENTER_SECRET_HERE

And that's all the setup you'll need!

Now, launch the application with:

gradle appRun

Assuming your API Key is correctly entered you'll soon get a message that the app is up!

Use the Java-Spring Verify Phone Verification Demo

Keeping your phone at your side, visit the phone verification page of the demo at http://localhost:8080/verification/

Enter a Country Code and Phone Number, then choose which channel to request verification over, 'SMS' or 'CALL' (Voice). Finally, hit the blue 'Request Verification' button and wait.

You won't be waiting long - you'll either receive a phone call or an SMS with the verification token. If you requested a phone call, as an additional security feature you may need to interact to proceed (by entering a number on the phone keypad).

Send a Phone Verification via SMS or Voice

This function allows you to send the verification code over SMS or Voice depending on the 'via' variable.

1package com.twilio.accountsecurity.services;
2
3import com.authy.AuthyApiClient;
4import com.authy.api.Params;
5import com.authy.api.Verification;
6import com.twilio.accountsecurity.exceptions.TokenVerificationException;
7import org.slf4j.Logger;
8import org.slf4j.LoggerFactory;
9import org.springframework.beans.factory.annotation.Autowired;
10import org.springframework.stereotype.Service;
11
12@Service
13public class PhoneVerificationService {
14
15    private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);
16
17    private AuthyApiClient authyApiClient;
18
19    @Autowired
20    public PhoneVerificationService(AuthyApiClient authyApiClient) {
21        this.authyApiClient = authyApiClient;
22    }
23
24    public void start(String countryCode, String phoneNumber, String via) {
25        Params params = new Params();
26        params.setAttribute("code_length", "4");
27        Verification verification = authyApiClient
28                .getPhoneVerification()
29                .start(phoneNumber, countryCode, via, params);
30
31        if(!verification.isOk()) {
32            logAndThrow("Error requesting phone verification. " +
33                    verification.getMessage());
34        }
35    }
36
37    public void verify(String countryCode, String phoneNumber, String token) {
38        Verification verification = authyApiClient
39                .getPhoneVerification()
40                .check(phoneNumber, countryCode, token);
41
42        if(!verification.isOk()) {
43            logAndThrow("Error verifying token. " + verification.getMessage());
44        }
45    }
46
47    private void logAndThrow(String message) {
48        LOGGER.warn(message);
49        throw new TokenVerificationException(message);
50    }
51}

Either way you requested the passcode, enter the token into the Verification entry form and click 'Verify Phone':

Verify a Token

This function verifies the token delivered over the Voice or SMS channel.

1package com.twilio.accountsecurity.services;
2
3import com.authy.AuthyApiClient;
4import com.authy.api.Params;
5import com.authy.api.Verification;
6import com.twilio.accountsecurity.exceptions.TokenVerificationException;
7import org.slf4j.Logger;
8import org.slf4j.LoggerFactory;
9import org.springframework.beans.factory.annotation.Autowired;
10import org.springframework.stereotype.Service;
11
12@Service
13public class PhoneVerificationService {
14
15    private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);
16
17    private AuthyApiClient authyApiClient;
18
19    @Autowired
20    public PhoneVerificationService(AuthyApiClient authyApiClient) {
21        this.authyApiClient = authyApiClient;
22    }
23
24    public void start(String countryCode, String phoneNumber, String via) {
25        Params params = new Params();
26        params.setAttribute("code_length", "4");
27        Verification verification = authyApiClient
28                .getPhoneVerification()
29                .start(phoneNumber, countryCode, via, params);
30
31        if(!verification.isOk()) {
32            logAndThrow("Error requesting phone verification. " +
33                    verification.getMessage());
34        }
35    }
36
37    public void verify(String countryCode, String phoneNumber, String token) {
38        Verification verification = authyApiClient
39                .getPhoneVerification()
40                .check(phoneNumber, countryCode, token);
41
42        if(!verification.isOk()) {
43            logAndThrow("Error verifying token. " + verification.getMessage());
44        }
45    }
46
47    private void logAndThrow(String message) {
48        LOGGER.warn(message);
49        throw new TokenVerificationException(message);
50    }
51}

And with that, your demo app is protected with Twilio's Verify! You can now log out to try the other channel.

What's Next?

Your demo app is now keeping hordes of fraudulent users from registering with your business and polluting the database. Next, check out all of the variables and options available to you in the Verify API Reference. Also, for protecting your customers in an ongoing manner (with this same codebase) try the Java Spring Authy Two-Factor Authentication Quickstart.

After that, take a stroll through the Docs for more Account Security demos and tutorials - as well as sample web applications using all of Twilio's products.