Protect Your Verify Application with Service Rate Limits
Service Rate Limits makes it easy to leverage Twilio's battle-test rate limiting services to protect your deployment. With Service Rate Limits, you can define the keys to meter and limits to enforce when starting verifications. This enables you to rate limit on end-user IP addresses, session IDs or other unique IDs that are important to your application. Together with Verify's built-in platform protections Service Rate Limits give you turnkey protections with flexibility.
必要なもの:
Create a Rate Limit
The Service Rate Limit resource represents the key that your application will provide when starting a phone verification request. For example, you may create a rate limit for an end-user IP address to prevent a malicious bot.
Selecting Properties to Rate Limit
Rate Limits provide the capability to enforce limitations, but they are not prescriptive about what properties to limit. Determining which properties to limit is determined by how and where you have deployed Verify. For example, rate limiting by IP Address makes sense for a mobile consumer application where the End User IP address is easily accessible. But rate limiting on IP Address is less effective if Verify is deployed behind a reserve proxy without access to the End User IP Address.
Examples of properties to rate limit include:
- End User IP Address
- Geolocation of End User IP Address
- 電話番号
- Phone Number Country Code (ex +1 in the US or +44 in GB)
- Session ID
- User Agent
The flexibility afforded by Rate Limits in Verify means that you can enforce limits on "mixed" properties simply by concatenating values together. This is particularly helpful for enforcing rate limits on properties that are highly correlated.
Possible examples of highly correlated properties include:
- Phone Number Country Code and Geolocation of End User IP Address
- Phone Number and Geolocation of End User IP Address
- Phone Number and End User IP Address
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The SID of the Service the resource is associated with. |
unique_name
必須
|
Provides a unique and addressable name to be assigned to this Rate Limit, assigned by the developer, to be optionally used in addition to SID. This value should not contain PII. |
description
オプション
|
Description of this Rate Limit |
Create a Bucket
The Service Rate Limit Bucket resource defines the limit that should be enforced against the key it is associated with. A Rate Limit can have multiple buckets so that you can detect and stop attacks at different velocities.
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The SID of the Service the resource is associated with. |
rate_limit_sid
Path
|
The Twilio-provided string that uniquely identifies the Rate Limit resource. |
max
必須
|
Maximum number of requests permitted in during the interval. |
interval
必須
|
Number of seconds that the rate limit will be enforced over. |
Start a Phone Verification
To use the Rate Limits we need to update the request that starts phone verifications to include the values we want to limit. To do this we will add the new `RateLimit` parameter to our request.
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The SID of the verification Service to create the resource under. |
to
必須
|
The phone number or email to verify. Phone numbers must be in E.164 format. |
channel
必須
|
The verification method to use. One of: |
custom_friendly_name
オプション
|
A custom user defined friendly name that overwrites the existing one in the verification message |
send_digits
オプション
|
The digits to send after a phone call is answered, for example, to dial an extension. For more information, see the Programmable Voice documentation of sendDigits. |
locale
オプション
|
Locale will automatically resolve based on phone number country code for SMS, WhatsApp and call channel verifications. This parameter will override the automatic locale. See supported languages and more information here.. |
custom_code
オプション
|
A pre-generated code to use for verification. The code can be between 4 and 10 characters, inclusive. |
amount
オプション
|
The amount of the associated PSD2 compliant transaction. Requires the PSD2 Service flag enabled. |
payee
オプション
|
The payee of the associated PSD2 compliant transaction. Requires the PSD2 Service flag enabled. |
rate_limits
オプション
|
The custom key-value pairs of Programmable Rate Limits. Keys correspond to |
channel_configuration
オプション
|
|
app_hash
オプション
|
Your App Hash to be appended at the end of your verification SMS body. Applies only to SMS. Example SMS body: |
template_sid
オプション
|
The message template. If provided, will override the default template for the Service. SMS channel only. |
template_custom_substitutions
オプション
|
A stringified JSON object in which the keys are the template's special variables and the values are the variables substitutions. |
ヘルプが必要ですか?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.