SMS Verify - Tutorial: Send one-time passcode with Telesign Node.js SDK

This tutorial teaches you how to use the Telesign Node.js SDK to send an SMS with a one-time passcode (OTP). Go to GitHub to see the complete sample code.

Before you begin

Make sure you have the following before you start:

  • Authentication credentials: Your Customer ID and API Key. If you need help finding these items, go to the support article How do I find my Customer ID and API Key.
  • Testing device: A mobile phone on which you can receive SMS.
  • Telesign Full-service Node.js SDK: Install the Full-service Node.js SDK. Source code and installation instructions are on GitHub. This installation also includes the Telesign Self-service Node.js SDK as a dependency.

πŸ“˜

NOTE:

This tutorial uses the following:

  • MacOS
  • Node v16.19.0

Please modify accordingly if your developer environment differs from these details.

Set up your project

🚧

CAUTION:

You should use the Full-service SDK for SMS Verify even if you have a Self-service account!

  1. Follow the Telesign Full-service Node.js SDK install instructions on GitHub here, incorporating the following details:

    • Use sms_verify as the project name.

    You should end up in the top-level directory (sms_verify) for your project in the Terminal.

  2. Create a new file called "verify_with_own_code.js" and open it in your editor:

    touch verify_with_own_code.js
    

Create code to send the SMS

  1. Open the file "verify_with_own_code.js".

  2. Add the imports below. The telesignenterprisesdk import refers to the Telesign Full-service SDK.

    const TelesignSDK = require('telesignenterprisesdk');
    
  3. Define variables to store your authentication credentials. For testing purposes, you can just overwrite the second operand of each || operator below with your credentials or use environment variables.

    const customerId = process.env.CUSTOMER_ID || "FFFFFFFF-EEEE-DDDD-1234-AB1234567890";
    const apiKey = process.env.API_KEY || "ABC12345yusumoN6BYsBVkh+yRJ5czgsnCehZaOYldPJdmFh6NeX8kunZ2zU1YWaUw/0wV6xfw==";
    
  4. Define a variable to hold the end-user's phone number you want to send an OTP to. For this tutorial, hardcode your testing device's phone number or pull it from an environment variable.

    const phoneNumber = process.env.PHONE_NUMBER || "11234567890";
    

πŸ“˜

NOTE:

In your production integration, pull the phone number from your recipient database instead of hardcoding it.

  1. Randomly generate your OTP, convert it to a string, and add it as a property to a parameters object. The parameter value 99999 sets the exclusive maximum value for the randomly generated number, and thus indirectly sets the number of digits in the OTP (five in this case).

    const verifyCode = Math.floor(Math.random() * 99999).toString();
    const params = {
        verify_code: verifyCode
    };
    

🚧

CAUTION:

The method used above to generate a code is actually pseudo-random. In your production implementation, you might want to use a more robust method for randomizing.

  1. Instantiate a verification client object with your authentication credentials.

    const client = new TelesignSDK(customerId, apiKey);
    
  2. Define a callback function to output the body of the response in the console for debugging purposes. The sample code below includes reference to two functions (prompt and verify) that are defined in later steps.

    function smsVerifyCallback(error, responseBody) {
        if (error === null) {
            console.log("\nResponse body:\n" + JSON.stringify(responseBody));
        } else {
            console.error("Unable to send message. " + error);
        }
        prompt('\nPlease enter the verification code you were sent:\n', verify);
    }
    
  3. Define a function that collects the asserted OTP entered by the end-user in your application. You can simulate this by prompting for input from the command line.

function prompt(question, callback) {
    const stdin = process.stdin, stdout = process.stdout;
    stdin.resume();
    stdout.write(question);
    stdin.once('data', function (data) {
        callback(data.toString().trim());
    });
}
  1. Define a function that determines if the user-entered code matches your OTP, and resolves the login attempt accordingly. You can simulate this by reporting whether the codes match.
function verify(input) {
    if (input === optionalParams['verify_code']) {
        console.log('\nYour code is correct.');
    } else {
        console.log('\nYour code is incorrect.');
    }
    process.exit();
}

πŸ“˜

NOTE:

In your production implementation, add code here to log in the user when the user-supplied code matches the OTP.

  1. Make the request and capture the response. Behind the scenes, this sends an HTTP request to the Telesign Verify API. Telesign then sends an SMS with an OTP to the end-user.
client.verify.sms(smsCallback, phoneNumber, optionalParams);

Test your integration

  1. Switch from your editor to the terminal and run verify_with_own_code.js.
node verify_with_own_code.js

You should receive an SMS on your phone that looks like this:

  1. Enter the OTP you received on your phone at the command prompt on the terminal to test that verification is successful:
Please enter the verification code you were sent:
  1. Enter the code from your phone to test a successful verification. You should see this response:
Please enter the verification code you were sent: 82139
Your code is correct.
  1. Now let's test an unsuccessful verification. Run again.
node verify_with_own_code.js

You should receive a new OTP on your phone.

  1. Enter something else that isn't correct at the command prompt on the terminal and you should get a message that verification failed.
Please enter the verification code you were sent: 55555
Your code is incorrect.

Sample code

The complete sample code for this tutorial can be found on GitHub.