Set up confirmation tokens for phone number verification today. It’s a pretty straightforward process to create your own.
When a new number is added, generate a unique token when you store the number. The point is to have something you can use to identify your phone number record, but isn’t easy to guess. Something like fhe29djj38ss. Or longer. I’m using the Rails has_secure_token function for this.
I’m planning to send the confirmation link like this: https://test.com/confirmation?token=fhe29djj38ss. Or maybe this: https://test.com/confirmation/fhe29djj38ss. Haven’t totally decided yet. What you don’t want to do is use a standard auto-generated ID like this: https://test.com/confirmation/75. If you do, then someone may decide to mess with you by just running through your ID numbers (75, 76, 77, etc.) Depending on what you’re doing on confirmation and how you’re restricting the use of your tokens, this may cause you a lot of pain.
When someone clicks the link, use your token to find the record that should now be confirmed. Just look up the record you need and then do whatever your situation requires. I’m just recording the confirmation by putting a timestamp into a confirmed_at column.
That’s all there is to it. I’m planning to get into the actual sending of the link tomorrow, using the Twilio API.
I’m traveling this week for work, so my routine is pretty different and my body is pretty confused from being 3 timezones off the usual. I got a little extra development in on the plane yesterday, so today I’m just writing a little and then heading to bed. Planning on getting up to do my dev + writing early tomorrow before the work stuff begins. Only requiring myself to do an hour of development time plus a write up for each day gives me some flexibility to keep my daily commitment. I’m excited to keep the streak going even with a change in schedule, which has historically been pretty tough for me.