SMS 2 step verification

Hello everyone,

I’d like to implement an SMS 2 step verification in my app, I know it can be done ‘easily’ directly with a phone app that ‘reacts’ to a firebase db variable change, I’m checking online SMS services but I don’t know what I should do with them, any help please?

I have this, but I don’t know how to use it:

curl -X “POST” “
-d “from=Pizza App”
-d “text=Hello from Nexmo”
-d “to=393284*******”
-d “api_key=e*******”
-d “api_secret=TiyN9*******YlAQi”

or this exampleJSON

  "message-count": 1,
  "messages": [
      "to": "447700900000",
      "message-id": "0A0000000123ABCD1",
      "status": "0",
      "remaining-balance": "3.14159265",
      "message-price": "0.03330000",
      "network": "12345"

Would be much appreciated, thanks.

have a look at the Web API component documentation here

1 Like

I’ve seen it but still don’t know what to do, I’ll look for some tutorial online

Two quick things @maxb;

  1. Darren has some really engaging and comprehensive videos about APIs you can watch here:
  1. We’re always looking to improve our documentation… when you say:

Can you give me some feedback as to what would make this doc easier to understand, easier to implement, just easier in general really! :joy:


Thank you @domhnallohanlon, useful as always, but I don’t know if I’m getting this right;

The user should insert their phone number, and click ‘verify’, so (as far as I understood the possibilities of web api) the app should:
1 - generate a 4 digit code
2 - make a web call to the SMS sending service giving that code and the user’s phone number
3 - the service should then send the SMS to the user’s phone which then imputs the 4 digits for verification match etc etc

Should it be a post method? and i should insert into the body of the web call some info that I don’t get,
or am I getting it entirely wrong and this is not how web apis work?
I suppose this is the documentation i need to understand but I don’t know how to compile the body of the web call:

P.s. (I understand that this method is not hacker proof - and would gladly discuss that, i mean, how does an hacker or anybody see how the app behaves step by step - it is just the fastest and still reliable one I could think of for now.
I know how to make it hacker proof if i could program the server that sends the sms like if it was an app.)

I’m getting closer as there is an ‘automatic’ verification system on the service I’m trying,

curl -X GET “

I copied the text above
ut I can’t make it work :confused:


(In the screenshot the text is a little bit different) What am I doing wrong?

But what response to you get from the server?

Does it wait until the 4 digit code is received?

I was just gonna post that, i receive:

{“status”:“2”,“error_text”:“Missing api_key”}

In your URL you have


You’ll need to remove the ?\ part and try again.

I copied the exact code on the site and says missing apikey, that was a variable I tried

I think a problem was while copying the code it inserts the \ simbol, i removed that and now it give me an “invalid value for param app_id. Facility not allowed” problem

Hey! Did you ever find a solution to this?

No, if I want firebase to know if the user is identified or not I have to use e mail or I can’t have data security for firebase data