Multiple Ways Verifying Phone with Twilio's Authy - asp.net-mvc

I'm confused on how exactly to verify a phone with Authy.
I have a C#/MVC view that accepts a country code and phone number and I call AuthyClient.RegisterUser and that works fine. I store the AuthyId that comes back.
I then call AuthyClient.SendSms with force=true. <--- does this send them a verification code?
My test user didn't even enter a code on my site and in Twilio, he's showing as verified. Is that because he opened up the Authy app after getting registered?
Are there multiple ways to verify a phone then?

Twilio developer evangelist here.
The API requests you are making here, starting with the call to AuthyClient.RegisterUser is actually the way that you perform two factor authentication with the Authy APIs.
To verify a phone with Authy you only need to make two API calls. The first sends a verification code and the second requires the user to input the code they received and then verifies it.
I can see you're using the authy.net library, which is sadly archived on GitHub now because it wasn't kept up to date. I'm not a .NET developer, but from what I can see in the codebase it didn't support the Verify endpoints. For this reason, I'd recommend you construct the HTTP requests yourself.
Take a read through the Verify documentation, it has all the URLs you need to make requests to including the required parameters. Let me know how you get on with that.

Related

I have integrated twilio otp api and it suddenly stop working

I have integrated twilio and it was working fine but suddenly
end users stop receiving top message at their mobile. Is there any capacity problem if yes then how to fix this
Without providing the code, I can give the following suggestions to check upon.
1. Check if the Twilio Account has enough balance to send messages
you can check this in the dashboard.
2. Check if the Message template used is verified or not.
If the template is rejected for some reason, you won't be able to use it.
3. Use the API Gateway Dashboard to determine the cause for no sending messages.
If you can see the messaged being in outbounds mode, but not being sent, you can check the reason for it.
4. Check if the Twilio API library used has changed the API structure
Refer to Twilio Docs and confirm if the APIs have received some changes in them, deprecating any changes. (This is very rare, as most API Providers keep the Legacy API code format active for some time for users to migrate from it.)
5. Confirm If any New Government Rules are changed.
Ex. In India, there are some new laws put up for sending SMSes to users. You would need to follow the rules to register the template again to a Mobile Carrier's site, and then use it. These details will be provided on Twilio Dashboard.

Possible to get the content of sms message (including verification code) sent by authy in a test?

I have an app that sends an SMS with a verification code to users during signup.
I send it by doing the following:
Authy::API.request_sms(:id => user.authy_id)
I was wondering if it is possible to see the exact content of this SMS (along with the verification code) during my testing, so that I could just directly put the code into the input field when I run my capybara signup test.
Twilio developer evangelist here.
We are dealing with this query over on GitHub here, but I thought I would add my answer here in case it helps others.
Unfortunately the API does not expose the code or the text of the message sent to the user.
However, I wouldn't recommend testing third party services, even as part of your end to end testing. Given the reliance on a network in order to call the API, that you'd be testing a third party library (this one) and the fact that this would trigger an SMS in real life, it doesn't lend itself to good tests.
Instead I would mock the API response for both the sending and verifying part of the test.

Authy phone verification: does API prevent too many guesses?

We're building integration with Twilio's Authy phone verification API at the moment.
The docs don't specifically say what happens in the case that malicious user sends lots of guesses to the verification/check endpoint while trying to verify the sms code.
I assume Authy must have something in place to prevent this, but it's not explicitly stated and I'm wondering if we need to build in some protection (e.g. guess-counter limit) in our own API integration code.
Twilio developer evangelist here.
There is a limit built into Authy for phone verification. There is a maximum of 5 attempts per verification code, to avoid brute forcing the code.
I'm trying to find out why this isn't documented, but in the meantime you should not have to build out protections yourself.

Is +15005550006 the only phone number you can buy using test credentials?

For testing Twilio applications, Twilio provides test credentials. You are allowed to buy phone numbers through the API without being charged to your actual account. My application requires that I be able to buy multiple phone numbers. I would like to do this with test credentials.
However, per this documentation page, it seems like the only phone number you can buy is +15005550006. I tried buying other phone numbers, but I keep getting an exception that states that the phone number I'm trying to buy "...is not available."
Is it really the case that only that one number can be bought?
Twilio developer evangelist here.
Test credentials are for making sure your HTTP calls are being made correctly, they just mock the results of the API so you can make practice calls to it. The idea with test credentials is that if the API call to the fake number works, then your code will work in production.
The test credentials also cause Twilio to return special results for certain resources. For example, you can try to buy the number +15005550001 and it will tell you that the number is invalid. You can see the special examples here: https://www.twilio.com/docs/api/rest/test-credentials#test-incoming-phone-numbers-parameters-PhoneNumber
If you need to actually buy numbers with your account to build your application with, you'll need to use your live credentials. If your app is successful purchasing +15005550006 then you can be sure that switching out to real credentials will work.

how to verify short verification code received from twilio

In my app user needs to verify his phone number to complete the registration process means when the user tries to register with phone number, a verification code will be send to his device. on inserting the code, the app should allow him to register , regarding this I am using twilio as SMS gateway. Does anybody has a sample code, so that I can through the code to check how this process is going to intiate.
Twilio developer evangelist here. There are a variety of blog posts that show you how to accomplish this around the Internet. For example:
A phone verification system with PHP and MySQL
Phone verification with Ruby and Rails
Phone verification using JavaScript and Parse
Or, if you want something even easier, Authy is a service that handles all the verification you need through just a few API calls.
Hope this helps.

Resources