NodeJS Series
Twilio OTP Authentication
A guide to Twilio OTP Authentication with NodeJS
As part of this article, we will walk through how we can send a verification code via SMS to a user and verify the same code using Twilio services.
Twilio is a cloud communication platform. With the Twilio services, we can send a text via SMS, Whatsapp, and Email, place a voice message, connect a call and start a chat from our application. All these can be done with just a few lines of code.
We can just pay for what service we are using. Twilio also provides a free trial account which developers can easily use for development and testing purposes.
Twilio OTP Authentication Work flow
Our application sends an API request to enable Twilio to send a verification code to the user via SMS. Once the user has entered the code on our application, it again sends an API request to enable Twilio to verify whether the code entered is correct or not.
Twilio Account & Verify Service Setup
Step 1: Create an account on Twilio
Step 2: Choose “SMS” as the Twilio product and “Identity and Verification” as the plan
Also give other details as shown below:
Step 3: Choose an Account
By default, you will be having an account called “My first Twilio account”. You can also create new accounts if you want.
Each account can be identified with an “Account SID” and “Auth Token”.
Step 4: Add “Verify” product to the “Develop” section
By default, “Verify” product can be found under “Develop” section. If not, add the product from “Explore Products” section.
Step 5: Create a verify service
Provide a custom service name and choose “SMS” as the verification channel.
Each service will have a “Service SID”. We can also set the length of the verification code. Twilio recommends a code length of at least 6 digits for better security.
Node APIs for Send & Verify code
Step 1: Create a package.json file
npm init -y
Step 2 : Install “twilio” dependency
npm install twilio
Step3: Install required dependencies for a NodeJs App
npm install express body-parser dotenv
Your package.json looks like below which you can change accordingly.
Step 4: Create a .env file and copy Twilio credentials
PORT = "Your Port"
TWILIO_ACCOUNT_SID = "Your Twilio Account SID"
TWILIO_AUTH_TOKEN = "Your Twilio AUTH Token"
TWILIO_SERVICE_SID = "Your Twilio Service SID"
Step 5: Create an entry file “index.js”
Step 6: Create a router file inside “src/routes/” to route the Twilio OTP operations
We have two routes:
- Send OTP -> To send a verification code to the user’s phone number
- Verify OTP -> To verify the code which has been send to the user
Step 7: Create a controller file inside “src/controller” to handle the OTP operations
Import Twilio with the credentials.
sendOTP() method accepts two parameters: countryCode and phoneNumber and will send an OTP to the given phone number using verifications services of Twilio.
verifyOTP() accepts countryCode, phoneNumber and OTP and it verifies the OTP using verificationChecks services of Twilio.
API Test Results using Postman
1. Send OTP API
You will get the OTP in your phone number as below:
2. Verify OTP API
With the Twilio services, we don’t need to write from scratch to authenticate a user’s phone number. Twilio ensures the SMS reaches the intended user.