SMS Text Message Verification Codes

Available on the following plans

FreeBasicPremiumUltimateEnterprise

About SMS Text Message Verification Codes

SMS text message verification codes are 6-digit codes sent to an end user’s mobile device via SMS text message. These codes can then be used once as part of the user’s authentication flow.

On Userfront, SMS text message verification codes can be configured for use in any of the following scenarios:

  • An optional or required 2nd factor for Multi-Factor Authentication (MFA)
  • A standalone primary login method (receive SMS code to log in)
  • A first factor for multi-factor authentication (MFA), with another factor like TOTP authenticator as a 2nd factor.
A form to request a 6-digit SMS text message verification code

SMS Text Message Verification Code Requirements

In order to use SMS text message verification codes, a user must have access to a functioning mobile device with a valid phone number that can receive text messages.

When users first register using SMS, they must first verify their phone number by receiving a 6-digit code and entering it for confirmation. Once a phone number has been paired to an end user’s account, they can use that phone number for future authentication actions.

SMS text message verification codes are valid for 10 minutes and can only be used once.

Attribute
Setting
Authentication stage
1st factor or 2nd factor
Valid for
10 minutes
Reusable
No
Brute force protection
Invalid after 10 failed attempts
Unique phone number
Yes (default)

Duplicate phone numbers

By default, Userfront enforces unique phone numbers for each end user within a workspace. However, this requirement can be removed for workspaces that offer SMS text message verification codes as a 2nd factor.

In this configuration, multiple user accounts can have the same phone number, but each account must confirm the phone number independently before use.

SMS Text Message Verification Code Handling

Webhook sending

You can configure Userfront to send a webhook to your server each time an SMS verification code needs to be sent. You can use the information in this webhook to send an SMS to your end user via the service of your choice.

In this case, the webhook payload will look like this:

{
  "action": "login",
  "model": "user",
  "mode": "live",
  "factor": {
    "strategy": "verificationCode",
    "channel": "sms",
    "phoneNumber": "+15558675309",
    "verificationCode": "985571",
    "message": "Your Acme Group verification code is: 985571",
    "expiresAt": "2024-03-12T01:09:29.402Z"
  },
  "record": {
    "mode": "live",
    "userId": 5,
    "tenantId": "abcd1234",
    "userUuid": "53a8435e-e79c-4ba6-99cc-0e2f290cb647"
  }
}

Twilio integration

You can configure Userfront to send SMS text message verification codes directly through your own Twilio account by providing the following:

  • Twilio account SID
  • Twilio auth token
  • Twilio messaging SID

To configure your workspace for SMS sends via your own Twilio account, contact us.

Userfront sending

Userfront can send your SMS text message verification codes on your behalf via a Userfront-managed Twilio account.

If you are interested in having Userfront send your SMS text message verification codes on your behalf, contact us.

SMS Text Message Verification Code Documentation

SMS text message verification code API endpoints

SMS text message verification code JavaScript methods

123 E San Carlos St #17
San Jose, CA 95112
About UserfrontContact usPricing
Userfront system statusService Level AgreementTerms of ServicePrivacy Policy
© 2024 Userfront