How to Send SMS Verification Codes

Last updated: 2021-06-08 11:23:01

    Sending verification codes through SMS is the most popular and securest way to verify user identities. Currently, SMS verification codes are widely used in various application scenarios such as user registration, password reset, login protection, identity verification, random password generation, and transaction confirmation.
    This document uses developing a verification code-enabled login and signup service based on SCF as an example to describe how to implement the SMS verification code feature.

    In addition to SCF, you can also use the SendSms API for this purpose.

    Preparations

    Relevant Documents

    Step 1. Configure SMS content

    After an SMS signature or body template is submitted, it will be reviewed within two hours generally. You can configure alarm contacts and set template/signature review notifications to receive review result notifications.

    Step 1.1. Create a signature

    1. Log in to the SMS console.
    2. Select Mainland China SMS > Signature Management on the left sidebar and click Create Signature.
    3. Set the following parameters as needed:
      Parameter Sample Value
      Signature purpose For self-use (the signature is a company name, website, product name, or something else verified under the current account)
      Signature type App
      Signature content Test demo
      Certificate type Screenshot of WeChat Mini Program settings page
    4. Click OK.
      Wait for signature review. The SMS signature will be available only after its status changes to approved.

    Step 1.2. Create a body template

    1. Log in to the SMS console.
    2. Select Mainland China SMS > Body Templates on the left sidebar and click Create Body Template.
    3. Set the following parameters as needed:
      Parameter Sample Value
      Template name Verification code SMS
      SMS type Regular SMS
      SMS content Your signup verification code is {1}. Please enter it within {2} minutes. If the signup was not initiated by you, please ignore this message.
    4. Click OK.
      Wait for body template review. The body template will be available only after its status changes to approved. Please note down the template ID.

    Step 2. Set the SMS delivery rate limit (optional)

    Note:

    Individual users have no permission to modify the rate limit. To use this feature, change "Individual Identity" to "Organizational Identity".

    To ensure business and channel security and minimize potential financial losses caused by malicious calls of SMS APIs, you are recommended to set the delivery rate limit. In addition, you can use Tencent Cloud Captcha to maximize the protection of your business security.
    This document uses the default SMS delivery rate limit policy as an example.

    • For SMS messages with the same content, a maximum of one such message can be sent to the same mobile number within 30 seconds.
    • A maximum of 10 messages can be sent to the same mobile number on a calendar day.

    Step 3. Configure the VPC and subnet

    By default, SCF is deployed in the public network and can access public network only. If you need to access Tencent Cloud resources such as TencentDB instances, you need to build a VPC to ensure data and connection security.

    1. Plan the network design as needed.
    2. Create a VPC. For detailed directions, please see Creating VPC.
      Note:

      The CIDRs of the VPC and subnet cannot be modified after creation.

      Parameter Sample Value
      Region South China (Guangzhou)
      Name Demo VPC
      IPv4 CIDR 10.0.0.0/16
      Subnet name Demo subnet
      IPv4 CIDR 10.0.0.0/16
      AZ Guangzhou Zone 3

    Step 4. Configure a TencentDB for Redis instance

    The region and subnet AZ of the TencentDB for Redis instance must be the same as those of the VPC configured in step 3.

    1. Purchase a TencentDB for Redis instance. For detailed directions, please see Creating TencentDB for Redis Instance.
      Parameter Sample Value
      Billing mode Pay-as-you-go
      Region Guangzhou
      Database version Redis 4.0
      Architecture Standard architecture
      Network Demo VPC and demo subnet
      Instance name Demo database
      Purchase quantity 1

    Step 5. Create a function

    SCF currently supports development in Python, Node.js, PHP, Java, and Go. This document uses Node.js as an example.

    1. Create a function in the region of the VPC created in step 3. For detailed directions, please see Writing Function.
      Parameter Sample Value
      Function name Demo
      Runtime environment Node.js 8.9
      Creation method Template function: helloworld
    2. Deploy the function and set API Gateway Trigger as the trigger. For detailed directions, please see Deploying Function.

    Step 6. Enable public network access (optional)

    • Functions deployed in a VPC before April 29, 2020 are isolated from the public network by default. If you want them to have access to both private network and public network, you can do so by enabling public network access.
      Log in to the SCF console, select Function Service, click the name of the target function in the function list to enter the function configuration page. Click Edit, check Public Network Access, and click Save to save the configuration.
    • Functions deployed on or after April 29, 2020 have public network access enabled by default, and no additional operations are required.

    Step 7. Deploy the SMS demo

    1. Go to the SCF console and select the SMS demo to deploy it.
    1. Set the environment variables of the demo in Advanced Configuration.
    Field Description
    REDIS_HOST Redis database address.
    REDIS_PASSWORD Redis database password.
    SMS_TEMPLATE_ID Template ID. You must enter the ID of an approved template, which can be viewed in the SMS console.
    SMS_SIGN Content of the SMS signature, which should be encoded in UTF-8. You must enter an approved signature, which can be viewed in the SMS console. Note: this parameter is required for Mainland China SMS.
    SMS_SDKAPPID SMS SdkAppid actually generated after an application is added in the SMS console, such as 1400006666.
    1. Set the same VPC environment as the Redis database in Advanced Configuration.
    1. Set the permissions of SCF execution role in Advanced Configuration.

    You need to associate the QcloudSMSFullAccess policy with the SCF_QcsRole role in the CAM console.

    In this way, the ``TENCENTCLOUD_SECRETID,TENCENTCLOUD_SECRETKEY, andTENCENTCLOUD_SESSIONTOKEN` environment variables can be obtained in the code, which will be used by the SMS SDK.

    1. Click Complete to deploy the function.

    2. Create an SCF API Gateway trigger and request the trigger address to use SMS capabilities.

    Step 8. Use the features

    Verification codes have a high requirement for timeliness. You can store verification codes in the memory or TencentDB for Redis and use the mobile number as a key to store information such as sending time, verification code, number of verification attempts, and verification result.

    Features

    Sending SMS verification code

    Request parameters:

    Field Type Description
    method string Request method, whose value is getSms
    phone string Mobile number in the format of area code + mobile number, such as 86185662466**

    Verifying verification code (login)

    Request parameters:

    Field Type Description
    method string Request method, whose value is login
    phone string Mobile number in the format of area code + mobile number, such as 86185662466**
    code string 6-digit verification code

    Error codes

    Field Description
    InValidParam Missing parameter
    MissingCode Missing verification code parameter
    CodeHasExpired The verification code has expired
    CodeHasValid The verification code is invalid
    CodeIsError Please check whether the mobile number and verification code are correct