Traditionally, applications ask users for a login and password to authenticate accounts. But with the growth of technology, this isn’t considered a secure option anymore.
One of the problems users first encounter is creating and setting strong passwords. They can carelessly write credentials on sticky notes or save them on other devices. The other problem is related to hacker attacks. They can break password-based login systems and get access to corporate data.
For a stronger authentication system, you need to add an extra layer of protection. Nowadays, applications use messages to send one-time passwords (OTP) to authenticate users. The purpose is to prove the ownership of the account with the phone number.
A randomly generated unique code is sent to a user’s phone number via message, so they type it in for authentication.
With one-factor or single-factor authentication (1FA), you only need to enter your password or a code you receive on your phone. A more secure way is through multi-factor authentication (MFA), where you have to enter both your password, code, or any other factor to sign in.
Two-factor authentication (2FA) is a type of MFA that asks users to provide a code received via message with their username or password. Since it requires two pieces of information to access an account, 2FA prevents identity theft by providing a code that can be used only once.
The Dexatel Verification API delivers a phone-based two-factor authentication service within a limited duration. Using the Dexatel Verify API, you can easily add mobile phone number verification to your application or website.
There are several benefits for businesses implementing user verification via phone number. First, by verifying the mobile numbers of your customers, you add an extra layer of security, which reduces fraudulent activities.
The Verification API will allow your business to send an automated text message to the subscriber’s phone number for verification purposes. This way, you can be certain that the account holder is a real person. As a result, you have identified customers.
Second, phone number verification will protect you from spam or multiple account creation. Each phone number will be associated with one user, preventing bulk signups.
Third, you get to have a database with your client's verified mobile numbers and can contact them whenever needed.
Create an Account
Create a free account and fill in your company details on the Dexatel CPaaS platform. Log in to your dashboard and manage your account settings, such as topping up your account, updating information, monitoring statistics, and more.
Generate a Unique API Key
Upon creating an account, go to the API Keys section. The system will generate a unique API key, which you will use as a credential to send automatic requests on your behalf.
Create a Sender Name You can go about this in two ways. You can add your brand or company name to the Sender IDs in the dashboard. Or, you can send a POST request to the Sender endpoint. This will allow you to send OTP messages with a customized ID. It will make the message more recognizable to your clients and encourage them to pass the OTP verification process.
Get a Template ID
To use the verification API, you need to create a template. Go to the Templates page or send a POST request to the Template endpoint. Once a template is created, the API will generate a template ID for you to use.
In order to receive your template ID, send a POST request to the Template endpoint. Another way to see your template ID is by sending a GET request to the Templates endpoint.
While creating a template text, you can use any characters depending on the destination country. However, you must include a {code} variable in it. The Dexatel Verify API will generate a random OTP and replace it in your message instead of {code}.
5. Ask for Your Clients’ Phone Numbers
Request your clients’ phone numbers to verify whether they actually belong to them by sending a verification SMS message code. Once the code matches the one you sent, the verification will be completed. Otherwise, the code will expire, and after 3 unsuccessful attempts, the user will be temporarily blocked.
Your client provides a phone number for verification purposes, for example, to make a payment.
To verify the phone number, your application sends a POST request to the Verification API endpoint.
Here is an example of a POST request:
Endpoint: v1/verifications
X-Dexatel-Key: {Your Unique Key}
Content-Type: application/json
{
"data": {
"sender": "Your Sender name",
"phone": "Your client’s phone number",
"template": "Your Template ID",
"code_length": "Length of Code "
}
}
Once receiving the request, the verification API creates a unique code with the length you have specified as a value for the "code_length" parameter. It then sends a message to a number specified as a value for the “phone” parameter. Make sure to specify the template ID for the “template” parameter in your request. The Verify API will take a template corresponding to that ID and replace {code} in the message.
Your client types the code into your application, and the application makes a call to the Verification API endpoint, transferring that code. This can end in two ways—the code they enter either matches the one you provided, or it doesn’t.
When the client receives an SMS message, they must enter the OTP correctly. If the OTP code is typed correctly in your application for the mentioned time frame, the client is verified. If the client fails to type the code, the valid OTP then expires, and the system can regenerate a new code once it receives a POST request from you.
After several unsuccessful attempts, the client can be blocked for a certain time and be able to request new OTP SMS codes only after being unblocked.