Verify v1 API has reached End of Sale. It is now closed to new customers and will be fully deprecated in the future.
For new development, we encourage you to use the Verify v2 API. v2 has an improved developer experience and new features, including:
Existing customers will not be impacted at this time until Verify v1 API has reached End of Life. For more information about migration, see Migrating from 1.x to 2.x.
Phone Verification is an important, high-confidence step in a registration flow to verify that a user has the device they claim to have. Adding Twilio Verify to your application to validate new accounts will greatly reduce your number of fraudulent registrations and protect future application users from having their numbers registered by scammers.
This quickstart guides you through creating a Java, JDK, Servlets and AngularJS app that requires a Phone Verification step to create an account. Two channels of Phone Verification are demoed: SMS and Voice.
Ready to add Twilio Verify to a demo app and keep the bad actors away?
Either sign up for a free Twilio trial, or sign into an existing Twilio account.
Once logged in, visit the Authy Console. Click on the red 'Create New Aplication' (or big red plus ('+') if you already created one) to create a new Authy application then name it something memorable.
Twilio will redirect you to the Settings page next:
Click the eyeball icon to reveal your Production API Key, and copy it somewhere safe. You will use the API Key during the application setup step below.
Start by cloning our Servlets repository. Enter the directory and use gradle to install all of our dependencies:
_10gradle build
.env.example
ACCOUNT_SECURITY_API_KEY
to the API Key from the above step
.env
source .env
In Windows, set the ACCOUNT_SECURITY_API_KEY
variable manually.
Enter the API Key from the Authy console and optionally change the port.
_10# You can get/create one here :_10# https://www.twilio.com/console/authy/applications_10ACCOUNT_SECURITY_API_KEY=ENTER_SECRET_HERE
That's all the setup you'll need.
Now, launch the application with:
_10gradle appRun
Assuming your API Key is correctly entered, you'll soon get a message that the app is up!
Keeping your phone at your side, visit the Phone Verification page of the demo at http://localhost:8080/verification/
Enter a Country Code
and Phone Number
, then choose which channel to request verification over, 'SMS' or 'CALL' (Voice). Finally, hit the blue 'Request Verification' button and wait.
You'll either receive a phone call or an SMS with the verification token. If you requested a phone call, as an additional security feature you may need to interact to proceed (entering a number on the phone keypad).
This function allows you to send the verification code over SMS or Voice depending on the 'via' variable.
_60package com.twilio.accountsecurity.services;_60_60import com.authy.AuthyApiClient;_60import com.authy.api.Params;_60import com.authy.api.Verification;_60import com.twilio.accountsecurity.exceptions.TokenVerificationException;_60import com.twilio.accountsecurity.servlets.requests.CheckPhoneVerificationRequest;_60import com.twilio.accountsecurity.servlets.requests.StartPhoneVerificationRequest;_60import org.slf4j.Logger;_60import org.slf4j.LoggerFactory;_60_60import static com.twilio.accountsecurity.config.Settings.authyId;_60_60public class PhoneVerificationService {_60_60 private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);_60_60 private AuthyApiClient authyApiClient;_60_60 public PhoneVerificationService(AuthyApiClient authyApiClient) {_60 this.authyApiClient = authyApiClient;_60 }_60_60 public PhoneVerificationService() {_60 this.authyApiClient = new AuthyApiClient(authyId());_60 }_60_60 public void start(StartPhoneVerificationRequest request) {_60 Params params = new Params();_60 params.setAttribute("code_length", "4");_60 Verification verification = authyApiClient_60 .getPhoneVerification()_60 .start(request.getPhoneNumber(),_60 request.getCountryCode(),_60 request.getVia(),_60 params);_60_60 if(!verification.isOk()) {_60 logAndThrow("Error requesting phone verification. " +_60 verification.getMessage());_60 }_60 }_60_60 public void check(CheckPhoneVerificationRequest request) {_60 Verification verification = authyApiClient_60 .getPhoneVerification()_60 .check(request.getPhoneNumber(),_60 request.getCountryCode(),_60 request.getToken());_60_60 if(!verification.isOk()) {_60 logAndThrow("Error verifying token. " + verification.getMessage());_60 }_60 }_60_60 private void logAndThrow(String message) {_60 LOGGER.warn(message);_60 throw new TokenVerificationException(message);_60 }_60}
Either way you requested the passcode, enter the token into the Verification entry form and click 'Verify Phone':
This function verifies the token for a user delivered over the Voice or SMS channel.
_60package com.twilio.accountsecurity.services;_60_60import com.authy.AuthyApiClient;_60import com.authy.api.Params;_60import com.authy.api.Verification;_60import com.twilio.accountsecurity.exceptions.TokenVerificationException;_60import com.twilio.accountsecurity.servlets.requests.CheckPhoneVerificationRequest;_60import com.twilio.accountsecurity.servlets.requests.StartPhoneVerificationRequest;_60import org.slf4j.Logger;_60import org.slf4j.LoggerFactory;_60_60import static com.twilio.accountsecurity.config.Settings.authyId;_60_60public class PhoneVerificationService {_60_60 private static final Logger LOGGER = LoggerFactory.getLogger(TokenService.class);_60_60 private AuthyApiClient authyApiClient;_60_60 public PhoneVerificationService(AuthyApiClient authyApiClient) {_60 this.authyApiClient = authyApiClient;_60 }_60_60 public PhoneVerificationService() {_60 this.authyApiClient = new AuthyApiClient(authyId());_60 }_60_60 public void start(StartPhoneVerificationRequest request) {_60 Params params = new Params();_60 params.setAttribute("code_length", "4");_60 Verification verification = authyApiClient_60 .getPhoneVerification()_60 .start(request.getPhoneNumber(),_60 request.getCountryCode(),_60 request.getVia(),_60 params);_60_60 if(!verification.isOk()) {_60 logAndThrow("Error requesting phone verification. " +_60 verification.getMessage());_60 }_60 }_60_60 public void check(CheckPhoneVerificationRequest request) {_60 Verification verification = authyApiClient_60 .getPhoneVerification()_60 .check(request.getPhoneNumber(),_60 request.getCountryCode(),_60 request.getToken());_60_60 if(!verification.isOk()) {_60 logAndThrow("Error verifying token. " + verification.getMessage());_60 }_60 }_60_60 private void logAndThrow(String message) {_60 LOGGER.warn(message);_60 throw new TokenVerificationException(message);_60 }_60}
And with that, your demo app is protected with Twilio's Phone Verification! You can now log out to try the untried channel.
Your demo app is now keeping fraudulent users from registering with your business and polluting your database. Next, check out all of the variables and options available to you in the Phone Verification API Reference. Also, to protect your customers in an ongoing manner (with this same codebase) try the Java Servlets Authy Two-Factor Authentication Quickstart.
After that, visit the Docs for more Account Security demos and tutorials and web applications using all of Twilio's products.