Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Verify v1 Phone Verification PHP Quickstart


(warning)

Warning

Verify v1 API has reached End of Sale. It is now closed to new customers and will be fully deprecated in the future.

For new development, we encourage you to use the Verify v2 API. v2 has an improved developer experience and new features, including:

  • Twilio helper libraries in multiple languages
  • PSD2 Secure Customer Authentication Support
  • Improved Visibility and Insights

Existing customers will not be impacted at this time until Verify v1 API has reached End of Life. For more information about migration, see Migrating from 1.x to 2.x.

Phone Verification is an important, high-confidence step in your registration flow to verify that a user has the device they claim to have. Adding phone verification to your application will greatly reduce your number of fraudulent registrations and protect future application users from having their numbers registered by scammers.

This quickstart guides you through creating a PHP(link takes you to an external page), Laravel(link takes you to an external page) and AngularJS(link takes you to an external page) app that requires a phone verification step with Twilio Verify to create an account. Two channels of Phone Verification are demoed: SMS and Voice.

Ready to add Phone Verification to a demo app and keep the bad actors away? Enter stage left!


Sign into -or create- a Twilio account

sign-into--or-create--a-twilio-account page anchor

Either sign up for a free Twilio trial, or sign into an existing Twilio account(link takes you to an external page).

Create a New Account Security Application

create-a-new-account-security-application page anchor

Once logged in, visit the Authy Console(link takes you to an external page). Click on the red 'Create New Application' (or big red plus ('+') if you already created one) to create a new Authy application then name it something memorable.

Authy create new application.

Twilio will redirect you to the Settings page next:

Account Security API Key.

Click the eyeball to reveal your Production API Key and copy it somewhere safe. You will use the API Key during the application setup step below.


Install the application prerequisites

install-the-application-prerequisites page anchor

To complete the quickstart today we'll use PHP 7.0+, Composer, MySQL, and the Twilio PHP Helper Library. Let's walk through each one now - but feel free to skip if you have already installed one.

When doing web development in PHP, we strongly suggest using Composer(link takes you to an external page) for package management. This quickstart relies on Composer to install the PHP Helper library. You can find manual Twilio PHP installation instructions on the PHP Helper Library page(link takes you to an external page).

While Twilio's Verify API doesn't return user information you'll need to store, to continue working on the app after this Quickstart you'll want a database. For this demo, we built our user database on top of MySQL 5.x.

If you haven't yet installed it, here are instructions for your platform:

When installed, start MySQL. If you're using the default MySQL credentials (as below), create a schema account_security with user homestead and password secret.


Install the quickstart application

install-the-quickstart-application page anchor

Clone our PHP repository locally(link takes you to an external page), then enter the directory:


_10
git clone git@github.com:TwilioDevEd/account-security-quickstart-php.git
_10
cd account-security-quickstart-php
_10
composer install

cp .env.example .env

Next, copy your Authy API Key from the Authy Dashboard and set the API_KEY variable in your .env file.

Install PHP(link takes you to an external page), Composer(link takes you to an external page), Laravel(link takes you to an external page) and MySQL(link takes you to an external page).

Enter an Application API Key

enter-an-application-api-key page anchor

Enter the API Key from the Account Security console and optionally change the port.


_25
# Get your API key here: https://www.twilio.com/console/authy/getting-started
_25
API_KEY=your-authy-api-key
_25
_25
APP_DEBUG=true
_25
APP_ENV=development
_25
APP_KEY=
_25
APP_LOG=errorlog
_25
_25
# By default, if you'd like to match this install MySQL locally.
_25
# host: localhost:3306
_25
# DB user: homestead
_25
# DB pass: secret
_25
# DB name: account_security
_25
_25
DB_DATABASE=account_security
_25
DB_HOST=localhost
_25
DB_PASSWORD=secret
_25
DB_PORT=3306
_25
DB_USERNAME=homestead
_25
MYSQL_DATABASE=account_security
_25
MYSQL_PASSWORD=secret
_25
MYSQL_PORT=3306
_25
MYSQL_ROOT_PASSWORD=secret
_25
MYSQL_USER=homestead
_25
SECRET=your-account-secret

Migrate and launch the PHP Verify quickstart

migrate-and-launch-the-php-verify-quickstart page anchor

Now, launch the application with:


_10
php artisan key:generate
_10
php artisan migrate
_10
php artisan serve --port 8081

Assuming your API Key is correctly entered and the command above executed correctly, you'll soon get a message that the app is up!


Use the PHP Phone Verification Demo

use-the-php-phone-verification-demo page anchor

Keeping your phone at your side, vist the Phone Verification page of the demo at http://localhost:8081/verify/(link takes you to an external page)

Enter a Country Code and Phone Number, then choose which channel to request verification over, 'SMS' or 'CALL' (Voice). Finally, hit the blue 'Request Verification' button and wait.

Phone Verification by SMS or Voice.

You won't be waiting long - you'll either receive a phone call or an SMS with the verification token. If you requested a phone call, as an additional security feature you may need to interact to proceed (by entering a number on the phone keypad).

Send a Phone Verification via SMS or Voice

send-a-phone-verification-via-sms-or-voice page anchor

_112
<?php
_112
_112
namespace App\Http\Controllers\Auth;
_112
_112
use \Exception;
_112
use App\Http\Controllers\Controller;
_112
use Authy\AuthyApi;
_112
use Illuminate\Http\Request;
_112
use Illuminate\Support\Facades\Validator;
_112
_112
class PhoneVerificationController extends Controller
_112
{
_112
/*
_112
|--------------------------------------------------------------------------
_112
| Phone Verification Controller
_112
|--------------------------------------------------------------------------
_112
|
_112
| Uses Authy to verify a users phone via voice or sms.
_112
|
_112
*/
_112
_112
/**
_112
* Create a new controller instance.
_112
*
_112
* @return void
_112
*/
_112
public function __construct()
_112
{
_112
$this->middleware('guest');
_112
}
_112
_112
/**
_112
* Get a validator for an incoming verification request.
_112
*
_112
* @param array $data
_112
* @return \Illuminate\Contracts\Validation\Validator
_112
*/
_112
protected function verificationRequestValidator(array $data)
_112
{
_112
return Validator::make($data, [
_112
'country_code' => 'required|string|max:3',
_112
'phone_number' => 'required|string|max:10',
_112
'via' => 'required|string|max:4',
_112
]);
_112
}
_112
_112
/**
_112
* Get a validator for an code verification request.
_112
*
_112
* @param array $data
_112
* @return \Illuminate\Contracts\Validation\Validator
_112
*/
_112
protected function verificationCodeValidator(array $data)
_112
{
_112
return Validator::make($data, [
_112
'country_code' => 'required|string|max:3',
_112
'phone_number' => 'required|string|max:10',
_112
'token' => 'required|string|max:4'
_112
]);
_112
}
_112
_112
/**
_112
* Request phone verification via PhoneVerificationService.
_112
*
_112
* @param array $data
_112
* @return Illuminate\Support\Facades\Response;
_112
*/
_112
protected function startVerification(
_112
Request $request,
_112
AuthyApi $authyApi
_112
) {
_112
$data = $request->all();
_112
$validator = $this->verificationRequestValidator($data);
_112
extract($data);
_112
_112
if ($validator->passes()) {
_112
return $authyApi->phoneVerificationStart($phone_number, $country_code, $via);
_112
}
_112
_112
return response()->json(['errors'=>$validator->errors()], 403);
_112
}
_112
_112
/**
_112
* Request phone verification via PhoneVerificationService.
_112
*
_112
* @param array $data
_112
* @return Illuminate\Support\Facades\Response;
_112
*/
_112
protected function verifyCode(
_112
Request $request,
_112
AuthyApi $authyApi
_112
) {
_112
$data = $request->all();
_112
$validator = $this->verificationCodeValidator($data);
_112
extract($data);
_112
_112
if ($validator->passes()) {
_112
try {
_112
$result = $authyApi->phoneVerificationCheck($phone_number, $country_code, $token);
_112
return response()->json($result, 200);
_112
} catch (Exception $e) {
_112
$response=[];
_112
$response['exception'] = get_class($e);
_112
$response['message'] = $e->getMessage();
_112
$response['trace'] = $e->getTrace();
_112
return response()->json($response, 403);
_112
}
_112
}
_112
_112
return response()->json(['errors'=>$validator->errors()], 403);
_112
}
_112
}

Either way you requested the passcode, enter the token into the Verification entry form and click 'Verify Phone':

Phone Verification Entry Box.

This function verifies the token for a user delivered over the Voice or SMS channel.


_112
<?php
_112
_112
namespace App\Http\Controllers\Auth;
_112
_112
use \Exception;
_112
use App\Http\Controllers\Controller;
_112
use Authy\AuthyApi;
_112
use Illuminate\Http\Request;
_112
use Illuminate\Support\Facades\Validator;
_112
_112
class PhoneVerificationController extends Controller
_112
{
_112
/*
_112
|--------------------------------------------------------------------------
_112
| Phone Verification Controller
_112
|--------------------------------------------------------------------------
_112
|
_112
| Uses Authy to verify a users phone via voice or sms.
_112
|
_112
*/
_112
_112
/**
_112
* Create a new controller instance.
_112
*
_112
* @return void
_112
*/
_112
public function __construct()
_112
{
_112
$this->middleware('guest');
_112
}
_112
_112
/**
_112
* Get a validator for an incoming verification request.
_112
*
_112
* @param array $data
_112
* @return \Illuminate\Contracts\Validation\Validator
_112
*/
_112
protected function verificationRequestValidator(array $data)
_112
{
_112
return Validator::make($data, [
_112
'country_code' => 'required|string|max:3',
_112
'phone_number' => 'required|string|max:10',
_112
'via' => 'required|string|max:4',
_112
]);
_112
}
_112
_112
/**
_112
* Get a validator for an code verification request.
_112
*
_112
* @param array $data
_112
* @return \Illuminate\Contracts\Validation\Validator
_112
*/
_112
protected function verificationCodeValidator(array $data)
_112
{
_112
return Validator::make($data, [
_112
'country_code' => 'required|string|max:3',
_112
'phone_number' => 'required|string|max:10',
_112
'token' => 'required|string|max:4'
_112
]);
_112
}
_112
_112
/**
_112
* Request phone verification via PhoneVerificationService.
_112
*
_112
* @param array $data
_112
* @return Illuminate\Support\Facades\Response;
_112
*/
_112
protected function startVerification(
_112
Request $request,
_112
AuthyApi $authyApi
_112
) {
_112
$data = $request->all();
_112
$validator = $this->verificationRequestValidator($data);
_112
extract($data);
_112
_112
if ($validator->passes()) {
_112
return $authyApi->phoneVerificationStart($phone_number, $country_code, $via);
_112
}
_112
_112
return response()->json(['errors'=>$validator->errors()], 403);
_112
}
_112
_112
/**
_112
* Request phone verification via PhoneVerificationService.
_112
*
_112
* @param array $data
_112
* @return Illuminate\Support\Facades\Response;
_112
*/
_112
protected function verifyCode(
_112
Request $request,
_112
AuthyApi $authyApi
_112
) {
_112
$data = $request->all();
_112
$validator = $this->verificationCodeValidator($data);
_112
extract($data);
_112
_112
if ($validator->passes()) {
_112
try {
_112
$result = $authyApi->phoneVerificationCheck($phone_number, $country_code, $token);
_112
return response()->json($result, 200);
_112
} catch (Exception $e) {
_112
$response=[];
_112
$response['exception'] = get_class($e);
_112
$response['message'] = $e->getMessage();
_112
$response['trace'] = $e->getTrace();
_112
return response()->json($response, 403);
_112
}
_112
}
_112
_112
return response()->json(['errors'=>$validator->errors()], 403);
_112
}
_112
}

And with that, your demo app is protected with Twilio's Verify phone verification! You can now log out to try the other channel.


Your demo app is now keeping hordes of fraudulent users from registering with your business and polluting the database. Next, you should check out all of the variables and options available to you in the Verify API Reference. Also, for protecting your customers in an ongoing manner (with this same codebase) try the PHP Authy Two-Factor Authentication Quickstart.

After that, take a stroll through the Docs for more Account Security demos and tutorials - as well as sample web applications using all of Twilio's products. Encore!


Rate this page: