Sinch Community

Watch the video to learn how you can use Two Factor Authentication (2FA) with SMS:     The theory behind 2FA is that 2 things have to be combined to authenticate an end-user's identity. Something the customer knows, for example, a password must be combined with something they have, for example, a mobile phone. The overwhelming majority of people these days have a mobile phone that can receive SMS and bearing in mind that mobile phones are rarely more than an arm’s length away, and they are a highly effective way to reach people. Sending a single use, time sensitive text message to confirm a customer’s identity could be the difference between someone’s account being compromised and remaining safe.      Most people have a mobile phone that can receive a dropped call. However, due to user experience flash call is only recommended by Sinch to be used on Android handsets. Still in many parts of the world >70% of handsets are Android, so often if using Android you can attempt flash call with automatic intercept, but then fallback to SMS. For iOS devices it is recommended that you use SMS verification.    Learn how you can use Sinch SMS Verification to protect your business and your customers. ... View more

Watch the video to learn why you should use SMS Verification instead of an Authenticator App:     When it comes to 2FA, SMS has several advantages over Authenticator apps – one of the main ones being that it can be very challenging to get users to download apps which the user will then need to setup and keep updated. Two factor authentication (2FA) via SMS can be received by any SMS enabled handset and uses your mobile number to verify your identity so is not device dependent.    Read the Exploring Myths Misconceptions and Best Practices for SMS-Based 2FA  White Paper to learn why SMS-based two-factor authentication remains an effective and secure authentication method.   Learn how you can use Sinch SMS Verification to protect your business and your customers. ... View more

By using an additional layer of security (a second factor), customers can be protected from fraudulent attempts to access their online accounts. When customers trying to log-in to an account need to provide further proof of ID in addition to a password, things can get a bit more difficult for people trying to access accounts unlawfully. Someone may have figured out your password but will not have access to the mobile device that the OTP (One Time Passcode) number will be texted to. That’s how 2FA (two factor authentication) can protect sensitive information – you need to have both factors to get access, knowing or having one is not enough.   Learn how you can use the Sinch Verification APIs to secure your business and enhance relationships with your customers through simple, secure sign-ups and logins using multiple channels.  ... View more

Watch the video to learn how you can use Two Factor Authentication (2FA) to increase security:     Two Factor Authentication (2FA) is used to heighten security by adding an additional layer of security to verify identity and prevent fraud. One of the most popular ways to perform 2FA is to have a single use, time sensitive PIN code sent to a user’s mobile phone. Having passed the first level of security, when prompted, the user puts the PIN code from their mobile phone into the system they are trying to access, thus proving that they are in possession of the SIM card associated with that number.   Learn how you can use the Sinch Verification APIs to secure your business and enhance relationships with your customers through simple, secure sign-ups and logins using multiple channels. ... View more

You will not be able to set a custom send ID using the API, but you can request Sinch to configure a custom sender ID for you. Contact your Sinch Account Manager who will be able to help you set this up.   However, to provide the highest deliverability and verification success rates, Sinch recommend using the already existing optimised sender IDs, which are pre-registered for each market. This ensures that your verification SMS will not be confused as marketing or spam with carriers across the globe and reach your users without fail. You can find additional setup information on Sinch Developer Documentation and learn how to get started with SMS verification.   Click here to learn how you can use Sinch SMS Verification to protect your business and your customers. ... View more

Watch the video to learn more about Flash Call Verification:     Sinch Flash Call Verification allows numbers to be verified without any user interaction at all or for web application verification with minimal user interaction. It works by placing a dropped call to the recipient where the incoming call number is the OTP code, equivalent to the OTP code in an SMS. The code can be processed automatically on Android for a seamless user experience   It is recommended that you do not rely solely on flash call verification and that you should try flash call first and if flash call fails you can automatically fall back to SMS or you can allow the end-user to start SMS-fallback.   You can very simply integrate Flash Call Verification into Android and web apps using the lightweight Sinch Verification SDK or using the Sinch REST API with just a few lines of code.   Learn more about how you can use Sinch Flash call Verification to protect your business and your customers. ... View more

The two factors that can be used in Two Factor Authentication (2FA) must be a combination of something you know and something you have. So, for example when accessing your online bank account, you might be prompted to input your password (something you know) and then you might be sent a one-time PIN code to your mobile phone (something you have) to verify your identity and complete the log in progress.   Other things that could be used to verify identity include things like key fobs, ID cards or security tokens.   Learn how you can use the Sinch Verification APIs to secure your business and enhance relationships with your customers. ... View more

Results - A Results code is used to return the current state or the final result of a verification event. It can take the following values:   PENDING Verification is ongoing SUCCESSFUL Verification was successful FAIL Verification attempt was made, but the number was not verified DENIED Verification attempt was denied by Sinch or your backend ABORTED Verification attempt was aborted by requesting a new verification ERROR Verification could not be completed due to a network error or the number being unreachable.   Reason - A Reason code shows the reason why a verification has FAILED, was DENIED, was ABORTED or why an ERROR occurred. It can take the values:   DENIED Fraud Not enough credit Blocked Denied by callback Invalid callback Destination denied. ERROR (no charge) Internal error Network error or number unreachable SMS delivery failure. ABORTED (charge) The ongoing flashcall was interrupted / replaced by a new verification attempt. This is very similar to Failed/Expired. FAILED (charge) Invalid Calling Line Identity or code) Invalid code Expired Hung up without entering valid code.   Learn how you can use the Sinch Verification APIs to secure your business and enhance relationships with your customers. ... View more

Currently Sinch recommend the REST API if you are using SMS or Flash Call Verification. For more information about the Verification API view the Sinch Verification Developer Documentation.   If you are using Data Verification or Unified Verification then Sinch recommends you use the SDK. To learn more about the SDK, view the Sinch Verification SDK.   Learn how you can use the Sinch Verification APIs to secure your business and enhance relationships with your customers. ... View more

Here are some CURL examples, which will help you understand the REST API:    Request Verification Flashcall (Preferred flow without CLI return): (we can configure your account for returning the CLI to expect in the request http response, useful for matching OTP code without dependency on report step.)  curl--user APPLICATION_KEY:APPLICATION_SECRET https://verificationapi-v1.sinch.com/verification/v1/verifications -H "Content-Type: application/json" --data "{'identity':{'type':'number','endpoint':'+1555123123'},'method':'flashcall'}" Sinch can configure the API to return the CLI on request (OTP Code). Report Verification Flashcall using Verification ID (no PI-data i URL):  curl -X PUT --user APPLICATION_KEY:APPLICATION_SECRET https://verificationapi-v1.sinch.com/verification/v1/verifications/id/d41281c6d5094a688371449e33a0a7e6 -H "Content-Type: application/json" --data "{'method': 'flashcall', 'flashcall': {'cli': 'OTPCODE'}}" Request Verification SMS (Default, documented flow):  curl --user APPLICATION_KEY:APPLICATION_SECRET https://verificationapi-v1.sinch.com/verification/v1/verifications -H "Content-Type: application/json" --data "{'identity':{'type':'number','endpoint':'+1555123123'},'method':'sms'}" Request Verification SMS with custom code (NON DOCUMENTED):  curl --user APPLICATION_KEY:APPLICATION_SECRET https://verificationapi-v1.sinch.com/verification/v1/verifications -H "Content-Type: application/json" --data "{'identity':{'type':'number','endpoint':'+1555123123'},'method':'sms','smsOptions':{'code':'123456'}}" Note: When the customer specifies their code, the report verification step is strictly not necessary but still desirable. Report Verification SMS OTP: curl -X PUT --user APPLICATION_KEY:APPLICATION_SECRET https://verificationapi-v1.sinch.com/verification/v1/verifications/number/+1555123123 -H "Content-Type: application/json" --data "{'method': 'sms', 'sms': {'code': 'OTPCODE'}}" Note: When using the REST API, Callbacks are not needed. Callbacks may be useful for tracking costs, but only if this is a direct customer request.   View the Sinch Verification Developer Documentation for more information.   Learn how you can use the Sinch Verification APIs to secure your business and enhance relationships with your customers. ... View more