It goes without saying that verifying users is business-critical for organizations that need to securely manage interactions with their customers. Nexmo’s Verify API provides businesses with the ability to provide customers with a code delivered out-of-band, enabling a secure verification process.
By simply importing the library in your application and invoking a few lines of code, you can implement:
- The entire UI for phone number verification whenever necessary
- A singular function which returns a successfully verified user (for a phone number)
For those familiar with the Verify API, the SDK provides state-management. While the Verify API is stateless, the SDK recognizes users as a configurable combination of any or all phone numbers, an application, and a device ID (for mobile). This enables application developers to completely encapsulate from user management, while enabling a custom level of security and a unique experience optimized for the highest percept of successful verification. Should you need to, you can query the database of your users, which is hosted in the cloud at no additional costs.
We’re certain that developers will envisage many more use cases, but to begin, here are three primary use cases that we aim to address:
- Seamless, instant username & ephemeral password management in your app via the cloud: Many users are tired of clunky identity management that requires independent identities, and are reluctant of using social identities. Phone numbers are quickly becoming the primary usernames and ephemeral (one-time) passwords, and can be communicated as needed. With one-time passwords generated on demand via industry standard algorithms, you can protect your users and your business.
- Enable strong authentication for your users for registration, or any granular user activities ranging from an app launch to a transaction: Even as of 2014, the most common password was ‘password’. Without strong user authentication, there’s very little to protect your users from ever-increasing attacks. The threat of such a breach to your business could range from brand damage, to business continuity.
- Enable single sign-on for all your apps and/or across all of a user’s devices: Multiple screens are increasingly becoming more common and if you have an application that users tend to access across devices, you can provide a seamless sign on process between devices. The Verify SDK recognizes when a user attempting to sign in from a new device is one that has already been verified, without compromising the security or requiring the user to sign in again.
To get started with the Nexmo Verify SDK beta program, follow these steps:
- Log into your Nexmo dashboard, and visit the Verify SDK page under ‘Tools’.
- Specify a Brand Name under the ‘Add an App’ section, which will be used in the SMS/TTS for delivering the PIN code to your users, and press ‘Save’.
- Your ‘My Apps’ section should now show you the Application ID and Shared Secret generated for your app. Use these instead of your Nexmo account credentials in the app to start verifying your users.
- Build your app!
We recommend using a separate Application ID for each platform. The above steps can be repeated to configure as many applications as you wish.
Once you take the SDK for a spin, let us know if we’re missing any features or functionality you’d like to see. Send us your rants (or raves) to: firstname.lastname@example.org.
May the force be with you!Tags: app security, user authentication, verification, verify sdk
This post was written by Parth Awasthi