# Implement verification

Part of **TWILIO**. Route queries via `POST https://www.company-skill.com/api/route`.

## What You Want to Do

You want to verify a user’s identity using methods like SMS, voice calls, email, or advanced techniques such as Silent Network Auth (SNA), TOTP, or push approvals. This includes sending one-time codes, enabling passwordless login, or building secure multi-factor authentication flows.

**Typical User Questions**:
- How to implement two-factor authentication with Twilio?
- Can I use Twilio for phone number verification?
- Does Twilio support silent authentication?
- How to set up voice verification?

## Decision Tree

Pick the best path for your situation:

- **If** you need to use advanced channels like `silent_network_auth`, `TOTP seed`, `push`, or `passkey` and require fine-grained control over parameters like `deviceIp`, `ServiceSid`, or automatic fallback logic → Use **Implement multi-channel verification using Verify API** (go to *twilio/twilio-auth*)
- **If** you are building a mobile app (iOS/Android) and want to implement **Silent Device Approval** using **Verify Push SDK** with **APNs** or **FCM**, and can handle **AccessToken (JWT)** generation and **factor.verified webhook** processing → Use **Rapid integration with Verification SDK** (go to *twilio/twilio-auth*)
- **If** your team has no coding resources and only needs basic SMS or voice verification via a **drag-and-drop** interface using **Send Message widget** and **Gather Input widget** in a **visual builder** → Use **Build verification flows visually using Studio** (go to *twilio/twilio-studio*)
- **Otherwise (default)** → Start with **Implement multi-channel verification using Verify API**, as it supports the widest range of channels (`channel=sms/voice/email/whatsapp/sna/push/totp/passkey/auto`) and integrates directly into backend systems via REST API.

## Path Comparison

| Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill |
|------|----------|------------|---------------|------------|----------|-------------|
| Implement multi-channel verification using Verify API | Need flexible API-driven control over verification workflows, supporting SMS/voice/email across multiple channels | medium | Yes | Yes | Supports `channel=sms/voice/email/whatsapp/sna/push/totp/passkey/auto` with `automatic SMS fallback` | `twilio/api/twilio-auth` |
| Rapid integration with Verification SDK | Mobile apps needing quick integration of verification features, minimizing custom development | low | Yes | No | Requires **APNs**/**FCM** and **AccessToken (JWT)**; **TwilioAuth SDK (deprecated)** | `twilio/guide/twilio-auth` |
| Build verification flows visually using Studio | No-code/low-code teams needing rapid setup of verification workflows without deep development | low | No | No | Built with **Studio Flows** using **Trigger widget**, **Send Message widget**, and **Gather Input widget** | `twilio/guide/twilio-studio` |

## Path Details

### Path 1: Implement multi-channel verification using Verify API

**Brief Description**: Twilio Verify API is a RESTful service that lets you initiate verifications by POSTing to `https://verify.twilio.com/v2/Services/{ServiceSid}/Verifications` and validate codes via `VerificationCheck`. It supports multiple channels including `sms`, `voice`, `email`, `whatsapp`, `sna`, `push`, `totp`, `passkey`, and `auto` (which enables `automatic SMS fallback`). You can bind verifications to a `deviceIp` and manage identities via `Entity API` and `Factor API`. Each verification attempt returns a unique `Verification SID`.

**Key technical facts**:
- Cold start: Silent Network Auth (SNA) latency is 2–4 seconds
- Regions available: IE1 (Ireland/Dublin), US1 (United States)
- Auth method: HTTP Basic Authentication using Account SID and Auth Token or API Key

**When to Use**:
- When you need full control over verification logic and channel selection.
- When integrating with backend systems requiring automation and auditability.
- When supporting advanced features like SNA, TOTP, or passkeys.

**When NOT to Use**:
- When you have no backend developers or prefer zero-code solutions.
- When you only need simple SMS/voice verification without customization.

**Known Limitations**:
- Custom message templates have been deprecated (the `customMessage` parameter is marked as DEPRECATED)
- TOTP factor requires users to use an RFC-6238 compliant authenticator app (e.g., Authy, Google Authenticator)
- Push verification requires additional configuration of APNs/FCM push credentials and handling of Webhook

### Path 2: Rapid integration with Verification SDK

**Brief Description**: This path uses the **Verify Push SDK** (recommended) or the deprecated **TwilioAuth SDK** to enable **Silent Device Approval** on iOS and Android. It relies on **public-key cryptography** for secure approvals and requires **device registration**, **challenge polling**, and server-side handling of the **factor.verified webhook**. The client must authenticate using an **AccessToken (JWT)** issued by your backend.

**Key technical facts**:
- Auth method: Requires server-side generation of AccessToken (JWT)
- Prerequisites: APNs certificate, GCM ID (now FCM), AUTHY_API_KEY (for legacy SDK)

**When to Use**:
- Mobile apps requiring a passwordless push approval experience (Silent Device Approval)

**When NOT to Use**:
- Backend cannot support AccessToken generation or webhook processing

**Known Limitations**:
- TwilioAuth SDK has been officially deprecated — migration to Verify Push SDK is recommended
- Server-side AccessToken generation logic (JWT) must be implemented
- Backend system must handle Verify Push Webhook events (e.g., factor.verified)

### Path 3: Build verification flows visually using Studio

**Brief Description**: Built entirely in the browser using **Studio Flows**, this approach uses a **visual builder** with drag-and-drop widgets like **Trigger widget** (to start the flow), **Send Message widget** (to dispatch SMS/voice), and **Gather Input widget** (to collect user replies). After configuration, you publish the flow via **flow publishing** and link it to a Twilio phone number for **phone number linking**.

**Key technical facts**:
- Auth method: Operated via Twilio Console UI — no direct API auth needed
- Prerequisites: Twilio account, purchased phone number or messaging service, Studio access

**When to Use**:
- Teams with limited coding expertise seeking fast deployment of basic verification flows.
- Prototyping or testing verification logic without writing code.

**When NOT to Use**:
- Need advanced verification channels such as Silent Network Auth, TOTP, or push approval

**Known Limitations**:
- Cannot directly access all Verify API capabilities (e.g., SNA, TOTP, Passkeys); limited to basic SMS/voice interactions
- Advanced verification logic (e.g., multi-factor, device binding) must be implemented via **Make HTTP Request widget** or **Run Function widget** to call external APIs

## FAQ

Q: Which path should I start with?  
A: Start with **Implement multi-channel verification using Verify API** if you have backend developers and need flexibility. It supports all channels—including `silent_network_auth` and `TOTP seed`—and enables automation via REST API.

Q: What if I need Silent Network Auth but chose Studio Flows?  
A: You’ll hit a hard limitation: Studio cannot access `silent_network_auth` because it doesn’t expose the Verify API’s `channel=sna` option. You’d be stuck with basic SMS/voice only.

Q: What if I’m building a mobile app but use the deprecated TwilioAuth SDK instead of Verify Push SDK?  
A: You’ll face future compatibility risks and lack support, as **TwilioAuth SDK (deprecated)** is no longer maintained. New features like enhanced **Silent Device Approval** only work with **Verify Push SDK**.

Q: Can I use Studio to verify users via WhatsApp or email?  
A: No. Studio’s **Send Message widget** only supports SMS and voice. For WhatsApp, email, or other channels, you must use **Verify API** with `channel=whatsapp` or `channel=email`.

Q: What happens if my backend can’t handle webhooks but I choose the Verification SDK path?  
A: You won’t be able to confirm successful approvals, because the **factor.verified webhook** is essential for knowing when a user approves a push challenge. Without it, your app can’t complete authentication.

Q: Does Verify API allow me to bind a verification to a user’s IP address?  
A: Yes — you can pass the `deviceIp` parameter when creating a verification to enhance security and detect anomalies.

Q: What if I need to track individual verification attempts but chose Studio Flows?  
A: You’ll lack access to the `Verification SID`, which is only exposed in the Verify API response and is necessary for auditing or retry logic.

Q: What if I selected Studio Flows but actually need WhatsApp verification?  
A: You’ll be unable to send verifications via WhatsApp, as Studio’s **Send Message widget** does not support `channel=whatsapp`; only Verify API provides this capability.

## Related queries

implement user verification, two-factor authentication, 2FA with Twilio, phone number verification, SMS verification, voice verification, silent authentication, Verify API, Verification SDK, Studio Flows, how to verify users, can I use Twilio for auth, prevent fraud in verification, set up TOTP, Wha

---
Part of [TWILIO](https://www.company-skill.com/p/twilio.md) · https://www.company-skill.com/llms.txt