メニュー

Expand
Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Protect your application with Service Rate Limits

Service Rate Limits makes it easy to leverage Twilio's battle-test rate limiting services to protect your deployment. With Service Rate Limits, you can define the keys to meter and limits to enforce when starting phone verifications. This enables you to rate limit on end-user IP addresses, session IDs or other unique IDs that are important to your application. Together with Verity's built-in platform protections Service Rate Limits give you turnkey protections with flexibility.

必要なもの:

  1. Create a Verification Service

Create a Rate Limit

The Service Rate Limit resource represents the key that your application will provide when starting a phone verification request. For example, you may create a rate limit for an end-user IP address to prevent a malicious bot.

Selecting Properties to Rate Limit

Rate Limits provide the capability to enforce limitations, but they are not prescriptive about what properties to limit. Determining which properties to limit is determined by how and where you have deployed Verify. For example, rate limiting by IP Address makes sense for a mobile consumer application where the End User IP address is easily accessible. But rate limiting on IP Address is less effective if Verify is deployed behind a reserve proxy without access to the End User IP Address.

Examples of properties to rate limit include:

  • End User IP Address
  • Geolocation of End User IP Address
  • 電話番号
  • Phone Number Country Code (ex +1 in the US or +44 in GB)
  • Session ID
  • User Agent

The flexibility afforded by Rate Limits in Verify means that you can enforce limits on "mixed" properties simply by concatenating values together. This is particularly helpful for enforcing rate limits on properties that are highly correlated.

Possible examples of highly correlated properties include:

  • Phone Number Country Code and Geolocation of End User IP Address
  • Phone Number and Geolocation of End User IP Address
  • Phone Number and End User IP Address
Names in PHP format
serviceSid
必須
post sid<VA> Not PII

The SID of the Service the resource is associated with.

uniqueName
必須
post 文字列 Not PII

Provides a unique and addressable name to be assigned to this Rate Limit, assigned by the developer, to be optionally used in addition to SID. This value should not contain PII.

description
オプション
post 文字列 Not PII

Description of this Rate Limit

        
        
        
        

        Create a Bucket

        The Service Rate Limit Bucket resource defines the limit that should be enforced against the key it is associated with. A Rate Limit can have multiple buckets so that you can detect and stop attacks at different velocities.

        Names in PHP format
        serviceSid
        必須
        post sid<VA> Not PII

        The SID of the Service the resource is associated with.

        rateLimitSid
        必須
        post sid<RK> Not PII

        The Twilio-provided string that uniquely identifies the Rate Limit resource.

        max
        必須
        post integer Not PII

        Maximum number of requests permitted in during the interval.

        interval
        必須
        post integer Not PII

        Number of seconds that the rate limit will be enforced over.

              
              
              
              

              Start a Phone Verification

              To use the Rate Limits we need to update the request that starts phone verifications to include the values we want to limit. To do this we will add the new `RateLimit` parameter to our request.

              Names in PHP format
              serviceSid
              必須
              post sid<VA> Not PII

              The SID of the verification Service to create the resource under.

              to
              必須
              post 文字列 PII MTL: 30 DAYS

              The phone number or email to verify. Phone numbers must be in E.164 format.

              channel
              必須
              post 文字列 Not PII

              The verification method to use. Can be: email, sms or call.

              sendDigits
              オプション
              post 文字列 Not PII

              The digits to send after a phone call is answered, for example, to dial an extension. For more information, see the Programmable Voice documentation of sendDigits.

              locale
              オプション
              post 文字列 Not PII

              The locale to use for the verification SMS or call. Can be: af, ar, ca, cs, da, de, el, en, es, fi, fr, he, hi, hr, hu, id, it, ja, ko, ms, nb, nl, pl, pt, pr-BR, ro, ru, sv, th, tl, tr, vi, zh, zh-CN, or zh-HK.

              customCode
              オプション
              post 文字列 Not PII

              A pre-generated code to use for verification. The code can be between 4 and 10 characters, inclusive.

              amount
              オプション
              post 文字列 PII MTL: 1 DAYS

              The amount of the associated PSD2 compliant transaction. Requires the PSD2 Service flag enabled.

              payee
              オプション
              post 文字列 PII MTL: 1 DAYS

              The payee of the associated PSD2 compliant transaction. Requires the PSD2 Service flag enabled.

              rateLimits
              オプション
              post オブジェクト Not PII

              The custom key-value pairs of Programmable Rate Limits. Keys should be the unique_name configured while creating you Rate Limit along with the associated values for each particular request. You may include multiple Rate Limit values in each request.

              channelConfiguration
              オプション
              post オブジェクト Not PII

              Channel specific configuration in json format: For email must include 'from' and 'from_name'.

                    
                    
                    
                    
                    Rate this page:

                    ヘルプが必要ですか?

                    誰しもが一度は考える「コーディングって難しい」。そんな時は、お問い合わせフォームから質問してください。 または、Stack Overflow でTwilioタグのついた情報から欲しいものを探してみましょう。