Twilio Verifyベストプラクティス

Verification is an important first step in your online relationship with a user. By verifying that a new registree on your website has the device they claim in their possession (and the provided number is accurate) you reduce spam and fraud while signaling your concern for the user's security.

Overseeing many integrations (and answering many questions), we've come up with a number of best practices and practical guidelines that can assist you while implementing verification. These best practices are also built into our Verify quickstart - we suggest running through it to see some implementation details.


Account verification is an important first step when signing up a user, but should be considered holistically in your application's registration and usage flow. Checking that a phone number is legitimate, associated with a device, and in the possession of a new registrant will cut down on spam sign-ups before you even grant a new user an account.


現在Twilio社の推奨するサインアップおよび使用方法のフローは以下のとおりです (各項目の成功時のみ、次のステップに進みます) :

  1. Use Verify (Account Verification) to determine if the user has the device they claim currently in possession.
  2. お客との関係が今後も継続する場合:
    1. 継続的な二要素認証の使用方法については、ユーザーを登録します。
    2. Twilioの二要素認証を必須とし、ログイン、高リスクな操作、および高額取引の任意の組み合わせについて保護します。




Verify APIでは新規エンドユーザーに対して配信される検証トークンの長さを設定可能です。 トークンは4文字から10文字の範囲内で設定でき、セキュリティーとエンドユーザーの利便性のニーズに応えることができます。 APIの既定値は4文字であり、新規アカウントの検証にAPIを使用している場合は、これ以上の文字数に設定する理由はあまりありません。 しかしながら、APIをより頻度の高いユーザーの検証に使用する場合はトークン長を増やしてハッカーによるローラー作戦を困難にしたい、といったことが考えられます。


There is a single message template sent out through the SMS channel. The SMS message template contains your Application name from the Twilio Console. The English example is:

Your <App Name> verification code is: 1234

また、メッセージはエンドユーザーの電話番号の国コードに基づいて自動的にローカライズ、翻訳されます。 localeパラメーターを送信することで言語の設定を上書きできます。 既定のコード(上記における「1234」など)はTwilioのサービスによって生成、検証が行われます。

You are only charged for carrier delivery charges and successful customer verifications.

Using Your Own One-Time Passcode

If you already have token validation and generation logic and would like to keep those systems in place, you can do so. We have a feature where you can submit your code to us and utilize our pre-screened message templates and localizations for both text and voice. Contact Twilio Sales and we'll help you enable this option.




Once generated, tokens are valid for 10 minutes. We are unable to change the timeout for token validity for your application. If your users make another request within the 10 minutes, they will receive the same token. You can poll to see the remaining valid time for a user's request.




TwilioではAPIのレスポンスタイムの保証を行っておりません。 しかしながら、ほとんどのVerify APIリクエストは500ミリ秒以下に完了します。 10分のタイムアウトを踏まえ、検証において認められる遅延の大部分はAPIリクエストではなくユーザー入力によるものです。

Still Wondering About Verification? We're Happy to Help.

Have additional questions about verification and our Verify API? We're very happy to talk best practices, design patterns, future-proofing and everything else that can help secure your app and cut your spam. Contact Twilio Sales and we'll help you optimize your unique Verify implementation.



We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Community Forums or browsing the Twilio tag on Stack Overflow.



        We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!

        Refer us and get $10 in 3 simple steps!


        Get link

        Get a free personal referral link here


        Give $10

        Your user signs up and upgrade using link


        Get $10

        1,250 free SMSes
        OR 1,000 free voice mins
        OR 12,000 chats
        OR more