Milestones For Onboarding your Verify Project to Twilio

Time to read: 5 minutes

October 30, 2024
Written by
Kelley Robinson
Twilion
Reviewed by
Dellaena Maliszewski
Twilion
Paul Kamp
Twilion

Milestones For Onboarding your Verify Project to Twilio

Whether you are a small or medium-sized business, a large enterprise, or an ISV, Twilio can support user verification on your web or mobile applications.

As part of Twilio's user authentication and identity offerings, the Twilio Verify API is a turnkey API that verifies users over multiple channels at scale.

Verify allows you to quickly and easily add authentication across channels like SMS, email, WhatsApp, and TOTP or implement frictionless verification with Passkeys or Silent Network Authentication (SNA). Whether you’re using Verify for signup verification, login protection, or transaction security, we’re here to help you get started.

In this guide, we will share the milestones that we track while supporting a customer to build and deploy using the Verify API. By the end of this article, you’ll have a straightforward checklist of actions that will help you validate your users in real-time.

Defining the success of a launch

Your use case and business goals will be key drivers in what success looks like and therefore each project will be unique.

Overall, we define success to mean that you can:

  • Set up your account
  • Select the verification method and channel(s) most appropriate for your business
  • Configure Verify with fraud prevention and cost effectiveness in mind
  • Successfully verify your users on one or more of your channels

Before you get started, consider a few success criteria for your implementation. This could include any of the following:

  • Account Takeover (ATO) reduction
  • SMS pumping fraud reduction
  • Support cost reduction
  • Overall cost reduction
  • Conversion rate improvement
  • Time to convert improvement
  • Other types of fraud reduction

Our guide How to Validate Success of your Verify Implementation will help you measure success.

Milestone 1: Set up Your Account

Before you can start verifying users you will need to do a few configuration steps first. Required steps for sending SMS verifications take as little as 5 minutes to complete.

Required setup

Create a Verify Service. Your Verify Service is a collection of configuration options including SMS templates, email integrations, and more. Create a Verify Service in the Twilio Console.

Select Your Verification Channel[s]. Only enable and configure the verification channels you plan to use. Read this overview of available channels and their pros and cons to help determine which are right for your application. Channels are set and configured per-Service.

Certain channels require additional setup:

Strongly recommended setup

While these steps aren't strictly required, both take less than 2 minutes to complete.

Set geographic permissions. Geo-permissions help mitigate fraud. Only enable countries where you expect to send verification messages. Enable permissions in the console.Geo-permissions are enabled at the account level and must be configured separately from other Twilio products (e.g., Messaging).

Tune Your FraudGuard Preferences. FraudGuard helps prevent SMS Pumping attacks and can be configured to one of three levels based on your risk tolerance. Choose between:

  1. Basic Protection - Cautious blocking with low false positives (fewer than 0.1%)
  2. Standard Protection - Moderate blocking with minimal false positives (fewer than 1%)
  3. Max Protection - Aggressive blocking with higher false positives (fewer than 2%)
Learn more about SMS pumping and how Fraud Guard helps prevent attacks in our documentation.

Optional set up

Set up multiple accounts or services for different environments. Different accounts or services will allow you to isolate development, staging, and production environments. Different accounts can have different geo-permissions and different services can have different Fraud Guard settings.

Bring your own sender ID . Providing a branded sender ID can minimize spam blockage and improve brand recognition and trustworthiness.

Milestone 2: Send and check verifications

Once you have your account set up, it's time to start sending and approving verifications.

The Verify API has two important steps for one-time passcode (OTP) channels like SMS and WhatsApp:

  1. Sending the verification
  2. Checking the verification

These steps are represented with two different API endpoints and simplify your code by providing stateless OTP management.

Send an SMS verification with code

Want to see Verify in action without writing code? Check out our Verify Quick Deploy application in Code Exchange.

To send an SMS OTP, execute the following cURL command, replacing the VERIFY_SERVICE_SID with the SID of your Verify Service you created in the first milestone and YOUR_PHONE_NUMBER with your personal phone number for testing. Learn more in this quick start or in the documentation. 

# code samples in more languages: twilio.com/docs/verify/api/verification
curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/Verifications" \
--data-urlencode "To=$YOUR_PHONE_NUMBER" \
--data-urlencode "Channel=sms" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Once you receive the code, check the verification with another API call: 

# code samples in more languages: twilio.com/docs/verify/api/verification-check
curl -X POST "https://verify.twilio.com/v2/Services/$VERIFY_SERVICE_SID/VerificationCheck" \
--data-urlencode "To=$YOUR_PHONE_NUMBER" \
--data-urlencode "Code=1234567" \
-u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN

Serving production traffic and troubleshooting common issues

Once you've completed your initial testing it's time to integrate Verify into your application code and start testing with production traffic. Here are some tips for productionalizing your Verify application:

Test without getting rate limited. Once you start testing at higher volumes, ensure you don't get blocked by otherwise helpful rate limits. Learn more about how to test Verify in this blog post and take advantage of our support center for common issues. Verify rate limits and error codes can be found in the documentation.

Implement verification best practices. Reference our developer best practices for tips on the best user experience for verification and two-factor authentication implementations.

Milestone 3: Review Insights and tune your application

Once you have significant traffic running through your application, it's time to track the performance of the application.

Here are some tips for monitoring your application performance:

Integrate logs into your logging tools. Our Verify Attempts API allows you to query results like deliverability by country. There is a slight delay for this option but it is the quickest to implement. Verify Events will stream events in real time and can integrate directly with your existing tools like Amazon Kinesis or to a webhook.

Track verification attempts and add retry delays. Attempts include the number of OTPs sent to a user before they verified a code. You can track attempts and success rates for your Verification Service in the Console or programmatically with Verify Events or Verify Attempts. We also recommend adding retry delays before a user is allowed to resend an OTP to improve conversion.

Measure other success criteria. Whether you want to lower SMS pumping cost or reduce time to convert, follow the recommendations in this blog post for how to measure success of your Verify application.

Milestone 4: Implement Production Support Processes

Once your application is up and running, you'll want to think about how your team can support user verification long term.

Enable real-time monitoring using Verify Events. This allows you to track authentication events and user interactions from OTP deliverability to verifications approved.

Set up custom alerts for unusual spikes in fraud by setting a threshold for failed authentications. If your ratio of verification attempts / verifications approved falls, alert your team to investigate potential fraud.

Create centralized dashboards for internal teams to visualize the system's health and performance in real time. Give support agents the tools to investigate common issues like undelivered messages (usually due to network availability) so they can confidently assist your customers.

Conclusion

We understand the process of setting up your Twilio Verify solution comes with a few complexities. Using the milestones we’ve outlined here, you will be able to plan, build, deploy, and monitor your new Twilio Verify solution efficiently.

For more Verify best practices:

Kelley Robinson works on the User Authentication & Identity team at Twilio, helping developers manage and secure customer account security. She has over 10 years of experience as a software engineer in a variety of API platform and data engineering roles at startups. As a writer and educator, she believes in the power of good documentation and is passionate about making security accessible to new audiences. Kelley lives in the Hudson Valley with her partner and dog where she is an avid home cook and mediocre woodworker.

Related Posts

Related Resources

A newspaper article

Twilio Docs

From APIs to SDKs to sample apps

API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
An Open book

Resource Center

The latest ebooks, industry reports, and webinars

Learn from customer engagement experts to improve your own communication.
User group reactions

Ahoy

Twilio's developer community hub

Best practices, code samples, and inspiration to build communications and digital engagement experiences.