SMS 2 step verification

Hello everyone,

I’d like to implement an SMS 2 step verification in my app, I know it can be done ‘easily’ directly with a phone app that ‘reacts’ to a firebase db variable change, I’m checking online SMS services but I don’t know what I should do with them, any help please?

I have this, but I don’t know how to use it:

curl -X “POST” “https://rest.nexmo.com/sms/json”
-d “from=Pizza App”
-d “text=Hello from Nexmo”
-d “to=393284*******”
-d “api_key=e*******”
-d “api_secret=TiyN9*******YlAQi”

or this exampleJSON

{
  "message-count": 1,
  "messages": [
    {
      "to": "447700900000",
      "message-id": "0A0000000123ABCD1",
      "status": "0",
      "remaining-balance": "3.14159265",
      "message-price": "0.03330000",
      "network": "12345"
    }
  ]
}

Would be much appreciated, thanks.

have a look at the Web API component documentation here

I’ve seen it but still don’t know what to do, I’ll look for some tutorial online

Two quick things @maxb;

1. Darren has some really engaging and comprehensive videos about APIs you can watch here:

2. We’re always looking to improve our documentation… when you say:

Can you give me some feedback as to what would make this doc easier to understand, easier to implement, just easier in general really!

Thanks!

Thank you @domhnallohanlon, useful as always, but I don’t know if I’m getting this right;

The user should insert their phone number, and click ‘verify’, so (as far as I understood the possibilities of web api) the app should:
1 - generate a 4 digit code
2 - make a web call to the SMS sending service giving that code and the user’s phone number
3 - the service should then send the SMS to the user’s phone which then imputs the 4 digits for verification match etc etc

Should it be a post method? and i should insert into the body of the web call some info that I don’t get,
or am I getting it entirely wrong and this is not how web apis work?
I suppose this is the documentation i need to understand but I don’t know how to compile the body of the web call: https://developer.nexmo.com/api/sms#send-an-sms

P.s. (I understand that this method is not hacker proof - and would gladly discuss that, i mean, how does an hacker or anybody see how the app behaves step by step - it is just the fastest and still reliable one I could think of for now.
I know how to make it hacker proof if i could program the server that sends the sms like if it was an app.)

I’m getting closer as there is an ‘automatic’ verification system on the service I’m trying,

curl -X GET “https://api.nexmo.com/verify/json?
api_key=ea8*****
&api_secret=Ti************
&number=393*******
&brand=Nexmo
&code_length=4”

I copied the text above
ut I can’t make it work

(In the screenshot the text is a little bit different) What am I doing wrong?

But what response to you get from the server?
200:OK?

Does it wait until the 4 digit code is received?

I was just gonna post that, i receive:

{“status”:“2”,“error_text”:“Missing api_key”}

In your URL you have

/json?\?api_key

You’ll need to remove the ?\ part and try again.

I copied the exact code on the site and says missing apikey, that was a variable I tried

I think a problem was while copying the code it inserts the \ simbol, i removed that and now it give me an “invalid value for param app_id. Facility not allowed” problem

Hey! Did you ever find a solution to this?

No, if I want firebase to know if the user is identified or not I have to use e mail or I can’t have data security for firebase data