Twilio Verify already allows you to quickly verify phone number ownership with one-time passwords (OTP) over SMS. In a few steps, you can extend these capabilities to help comply with PSD2 by verifying transactions using dynamic linking and Strong Customer Authentication (SCA).
Enable PSD2 on your account
First, you must contact Twilio Support to enable PSD2 mode on your account.
Create a Service with PSD2 enabled
Next, create a new Service with PSD2 mode enabled, as shown in the code sample below.
Once enabled, requests to start and/or complete verifications require the Payee and Amount parameters.
Create a PSD2 Enabled Verify Service
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl
_19
// Download the helper library from https://www.twilio.com/docs/node/install
_19
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
_19
_19
// Find your Account SID and Auth Token at twilio.com/console
_19
// and set the environment variables. See http://twil.io/secure
To start a transaction verification, send an HTTP POST request to your PSD2-enabled Service's Verifications resource. This request must contain the Amount, Payee, To, and Channel parameters.
This HTTP request causes Twilio to send a verification code to the user. Each verification code is dynamically-linked to the Amount and Payee of each transaction. The code is unique to the To (e.g., the recipient's phone number), Amount, and Payee combination. This ensures that verification fails in the event of code interception or transaction mutations.
Each verification code is valid for 10 minutes. Within that ten-minute time frame, any subsequent HTTP POST requests to the Verifications resource for the transaction cause Twilio send the same verification code.
Start a PSD2 verification
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl
_23
// Download the helper library from https://www.twilio.com/docs/node/install
_23
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
_23
_23
// Find your Account SID and Auth Token at twilio.com/console
_23
// and set the environment variables. See http://twil.io/secure
To check if a verification code is correct, send an HTTP POST request to your PSD2-enabled Service's Verification Check resource. This request must contain the Code, To (e.g., the user's phone number), Amount, and Payee parameters. A sample request is shown in the example below.
Complete a PSD2 Verification
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl
_23
// Download the helper library from https://www.twilio.com/docs/node/install
_23
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
_23
_23
// Find your Account SID and Auth Token at twilio.com/console
_23
// and set the environment variables. See http://twil.io/secure
In some instances, the details of a transaction may change before it can be completed. When that occurs, you can cancel an in-progress transaction verification by updating the Status of the Verification resource. An example of this request is shown below.
This prevents a user from verifying an out-of-date transaction.
That transactions that have been successfully verified cannot be canceled.
Cancel a Transaction Verification
Node.js
Python
C#
Java
Go
PHP
Ruby
twilio-cli
curl
_19
// Download the helper library from https://www.twilio.com/docs/node/install
_19
const twilio = require("twilio"); // Or, for ESM: import twilio from "twilio";
_19
_19
// Find your Account SID and Auth Token at twilio.com/console
_19
// and set the environment variables. See http://twil.io/secure