SMS Verify API - Get started

This page explains the basic usage of Telesign SMS Verify API and directs you to instructions for sending your first request.

📘

What is Telesign SMS Verify API?

Telesign SMS Verify API delivers phone-based verification and multi-factor authentication (MFA) using a limited duration, one-time passcode (OTP) sent over SMS. Telesign SMS Verify API allows you to:

  • Send an OTP to a user's phone number to complete a sign in process after they have entered their password.
  • Send an OTP to a user's phone number to verify their identity.
  • Send an OTP to a phone number provided by a user to verify their ownership of the number.
  • Send an OTP to a user's phone number to validate critical interactions.

General requirements

  • Resource: rest-ww.telesign.com/v1/verify/sms
  • Authentication: Basic (easiest to implement) or Digest
  • Encoding: Accepts only UTF-8 unicode characters as inputs.
  • Accepts: application/x-www-form-urlencoded
  • Responds with: application/json
  • Required headers: Content-Type - application/x-www-form-urlencoded

Basic usage

Verify with Telesign-generated OTP

  1. USER initiates an action on your application, like trying to sign in.
  2. YOU send a request to TELESIGN’s SMS Verify API resource that includes:
  • USER’s phone number (PN)
  1. TELESIGN sends an HTTP response to YOU confirming that the message send is in progress and including a Reference ID for the transaction.
  2. YOU save this Reference ID.
  3. TELESIGN generates an OTP and sends it via SMS to USER’s phone number.
  4. USER asserts OTP on your application.
  5. YOU send a request to TELESIGN’s Transaction Status resource that includes:
  • This asserted OTP.
  • The Reference ID for the original transaction that you saved earlier.
  1. TELESIGN checks whether the codes match and sends an HTTP response to YOU with the verification status.
  2. YOU check this HTTP response and resolve the initiated action based on the verification status. If the “VALID” status is returned, for example, you might sign the USER in.

A diagram that explains how to verify a user with a text message one time passcode generated by Telesign.

Figure 1: Verify with Telesign-generated OTP

Verify with own OTP

  1. USER initiates an action on your application, like trying to sign in.
  2. YOU send a request to TELESIGN’s SMS Verify API resource that includes:
  • USER’s phone number (PN)
  • An OTP that you’ve generated
  1. TELESIGN sends an HTTP response to YOU confirming that the message send is in progress and including a Reference ID for the transaction.
  2. TELESIGN sends your OTP via SMS to USER’s phone number.
  3. USER asserts OTP on your application.
  4. YOU compare this asserted OTP to the one you originally generated for this attempt.
  5. (Optional) If the codes match, YOU send a request to TELESIGN’s Completions resource to report the successful completion.
  6. (Optional) TELESIGN sends an HTTP response confirming the completion.
  7. YOU resolve the initiated action based on the verification status. If verification was successful, for example, you might sign the USER in.

A diagram that explains how to verify a user with a text message one time passcode generated by you.

Figure 2: Verify with own OTP

📘

NOTE:

Sending us completion data helps us identify and fix any issues with delivery, operators, and routes, which leads to a higher quality experience for you and your end-users.

Try it

Example

POST /v1/verify/sms HTTP/1.1
Authorization: Basic 12345678-9ABC-DEF0-1234-56789ABCDEF0:Uak4fcLTTH/Tv8c/Q6QMwl5t4ck=
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: rest-ww.telesign.com
phone_number=1234567890
HTTP/1.1 200 OK
Content-Type: application/json
{
  "reference_id": "0123456789ABCDEF0123456789ABCDEF",
  "sub_resource": "sms",
  "errors": [],
  "status": {
    "updated_on": "2015-10-03T14:51:28.709526Z",
    "code": 290,
    "description": "Message in progress"
  },
  "verify": {
    "code_state": "UNKNOWN",
    "code_entered": ""
  }
}

Compliance

For SMS Verify API compliance best practices, please refer to the articles in the Compliance section in our Support Center.