SMS Verify API - Tutorial: Send one-time passcode with Telesign PHP SDK
This tutorial teaches you how to use the Telesign PHP SDK to send an SMS with a one-time passcode (OTP). Go to GitHub to see the complete sample code.
Before you begin
Make sure you have the following before you start:
- Authentication credentials: Your Customer ID and API Key. If you need help finding these items, go to the support article How do I find my Customer ID and API Key.
- Testing device: A mobile phone on which you can receive SMS.
- Composer - This package manager isn't required to use this SDK, but it is required to use this tutorial.
NOTE:
This tutorial uses the following.
- MacOS
- PHP v8.2.4
- Composer v2.4.4
Please modify accordingly if your developer environment differs from these details.
Set up your project
CAUTION:
You should use the Full-service SDK for SMS Verify API even if you have a Self-service account!
-
Follow the Telesign Full-service PHP SDK install instructions on GitHub here, incorporating the following details:
- Use
sms_verifyas the project directory and package name. - Use
projectas the Package Type. - Use
nofor defining both yourrequireandrequire-devdependencies interactively. - Use the default directory
src/for PSR-4 autoload mapping.
- Use
You should end up in the top-level directory ("sms_verify") for your project in the Terminal.
-
Create a new file in the "src" directory called "verify_with_own_code.php"
touch src/verify_with_own_code.php
Create code to send the SMS
-
Open the file "src/verify_with_own_code.php".
-
Add a script opening tag.
<?php -
Add the imports below. The
telesign\enterprise\sdk\verify\VerifyClientimport pulls selected functionality from the Telesign full-service SDK and thetelesign\sdk\utilimport pulls from the Telesign self-service SDK.require __DIR__ . "/../vendor/autoload.php"; use telesign\enterprise\sdk\verify\VerifyClient; use function telesign\sdk\util\randomWithNDigits;NOTE:
The
requireline may need to be modified depending on the location of "autoload.php" in your file system. By default, Composer generates this file in a "vendor" directory at the top-level of your project, as indicated by the path shown in the example above. -
Define variables to store your authentication credentials. For testing purposes, you can just overwrite the default value with your credentials or use environment variables.
$customer_id = getenv('CUSTOMER_ID') ? getenv('CUSTOMER_ID') :'FFFFFFFF-EEEE-DDDD-1234-AB1234567890'; $api_key = getenv('API_KEY') ? getenv('API_KEY') :'ABC12345yusumoN6BYsBVkh+yRJ5czgsnCehZaOYldPJdmFh6NeX8kunZ2zU1YWaUw/0wV6xfw=='; -
Define a variable to hold the end-user's phone number you want to send an OTP to. For this tutorial, hardcode your testing device's phone number or pull it from an environment variable.
$phone_number = getenv('PHONE_NUMBER') ? getenv('PHONE_NUMBER'):'11234567890';NOTE:
In your production integration, pull the phone number from your recipient database instead of hardcoding it.
-
Randomly generate your OTP. We will use a Telesign SDK utility for this. The parameter value
5specifies the number of digits generated.$verify_code = randomWithNDigits(5);CAUTION:
The method used above to generate a code is actually pseudo-random. In your production implementation, you might want to use a more robust method for randomizing.
-
Instantiate a verification client object with your authentication credentials.
$verify_client = new VerifyClient($customer_id, $api_key);NOTE:
When you use a Telesign SDK to make your request, authentication is handled behind-the-scenes for you. All you need to provide is your Customer ID and API Key. The SDKs apply Digest authentication whenever they make a request to a Telesign service where it is supported. When Digest authentication is not supported, the SDKs apply Basic authentication.
-
Make the request and capture the response. Behind the scenes, this sends an HTTP request to the Telesign SMS Verify API. Telesign then sends an SMS with an OTP to the end-user.
$response = $verify_client->sms($phone_number, [ "verify_code" => $verify_code ]); -
Display the response in the console for debugging purposes. In your production code, you would likely remove this.
echo("\nResponse HTTP status:\n"); print_r($response->status_code); echo("\nResponse body: \n"); print_r($response->json); -
Collect the asserted OTP entered by the end-user in your application. You can simulate this by prompting for input from the command line.
echo "Please enter the verification code you were sent: "; $user_entered_verify_code = rtrim(fgets(STDIN));NOTE:
In your production implementation, collect input from your website or other application where the end-user is trying to sign in.
-
Determine if the user-entered code matches your OTP, and resolve the sign in attempt accordingly. You can simulate this by reporting whether the codes match.
if ($user_entered_verify_code == $verify_code) {
echo "Your code is correct.\n";
} else {
echo "Your code is incorrect.\n";
}
NOTE:
In your production implementation, add code here to sign in the user when the user-entered code matches the OTP.
-
Add a script closing tag.
?>
Test your integration
-
Switch from your editor to the terminal and run
src/verify_with_own_code.php.php src/verify_with_own_code.phpYou should receive an SMS on your phone that looks like this:
-
Enter the OTP you received on your phone at the command prompt on the terminal to test that verification is successful.
Please enter the verification code you were sent: 82139 Your code is correct. -
Now let's test an unsuccessful verification. Run again.
php src/verify_with_own_code.phpYou should receive a new OTP on your phone.
-
Enter something else that isn't correct at the command prompt on the terminal and you should get a message that verification failed.
Please enter the verification code you were sent: 55555 Your code is incorrect.
Sample code
The complete sample code for this tutorial can be found on GitHub.
Updated about 2 months ago