App Verify API - Tutorial: Verify a Mobile Device with Missed Calls

An easy way to verify a mobile device is through missed call verification. The concept is simple - you call the device you want to verify, and the owner of the device purposely does not answer the call. The device owner then takes the last five digits of the phone number in the call, and enters that as a verification code. If they correctly enter the code, the device is instantly verified.

How it Works

You send a phone call where the last 5 digits of the number you call from are the verification code the end user needs to enter to verify their device.

1. The end user presses a button requesting verification using your app.
2. The end user's phone number is sent to Telesign as part of a request for verification.
3. Telesign tells your server that the request was received.
4. You move the end user to a new screen in your app where they are told that they will receive a call they should not answer, and the last five digits of the number the call comes from will be their verification code.
5. Telesign sends a call to the end user's device.
6. The end user receives but does not answer the call, and enters the last five digits of the number they receive the call from. These five digits are the verification code.
7. The verification code is received by Telesign. Telesign then sends a response indicating whether the verification was successful or not.

If the verification was successful, the device is verified.

Requirements

To see the sample app, you need the following:

• Telesign Customer ID and API key

Implement Missed Call Verification

This section provides more detail about how to implement missed call verification.

Authentication

This app uses a JWT server for authentication. You must have some way to authenticate your end user's app with your servers in order to kick off a request for a voice call from Telesign, and you need to authenticate between your server and Telesign to successfully send the voice call.

Authenticate Your Application with Your Server

There are a variety of ways you can securely authenticate your application with your server. The sample app uses a JWT service. You can use anything you would like to do this, so long as it is secure. If you want to do your own JTW service, Telesign provides resources for a sample JWT server you can try out through the application. You cannot use this service in a production environment. You must build your own JWT service. Available Telesign resources for working with JWT include:

• JWT Service for App Verify API
• Implement a JWT Service
• JWT Service Examples in Python and Java

User Experience Best Practices

This section provides screenshots that show the recommended flow for missed call verification.

1. Your sample app should prompt the end user for their phone number. You should keep country code and phone number separate in the display. The field for entering the phone number should not allow special characters or spaces.

2. After the end user presses Next, prompt them with a screen explaining how they will be verified and what you want them to do. The bottom of the screen should offer them the choice to retry if the call did not happen, or a choice to continue if they receive the call.

3. Ask the end user to retrieve the last five digits of the number they were called from. You can create a display that shows the number not completed to help them visually understand what you want them to do.

4. This screen demonstrates what it might look like when the end user goes to retrieve the verification code from the missed call.

5. This screenshot shows you what it would look like when you have the end user enter the verification code. When they are done inputting the code, they press a button to kick off the verification process.

6. If everything goes well, the verification is a success. You can continue with any next steps in your app.