How to Implement SMS Verification Code Feature
Baixar
Modo Foco
Tamanho da Fonte
Sending verification codes via SMS is a common method for applications to authenticate users. Currently, SMS verification codes are widely used in scenarios such as user registration, password recovery, login protection, identity authentication, random password, and transaction confirmation.
This document uses the example of sending a global SMS verification code to help you understand how to implement the SMS verification code feature.
Preparations
You must have registered a Tencent Cloud account and completed enterprise identity verification.
You must have purchased a global SMS package.
It is recommended to apply for a Sender ID: global SMS typically uses a Sender ID (sender) to identify your brand to recipients, rather than an SMS signature. If you do not register a dedicated Sender ID, SMS delivery will be guaranteed through the Tencent Cloud generic Sender ID. However, some countries do not support the generic Sender ID. For details, see Global SMS Sender ID. To apply for a Sender ID, log in to the console and submit a registration application at Global SMS > Sender ID Management.
A signature is not mandatory for global SMS. If you need to display your brand name in the content, it is recommended to add it directly within the SMS template. The signature symbol for global SMS is [] (Note: half-width). You can include or omit the signature when sending SMS content. For details, see Signature Review Standards. To apply for a signature, log in to the console and submit a creation application at Global SMS > Signatures.
Understand the SMS content review specifications. For details, see Body Template Review Standards.
You have obtained the SDKAppID for the SMS application.
Step 1: Configuring SMS Content
After you submit an SMS content template, we will complete the review within approximately 2 hours. You can configure an alarm recipient and set up receipt of template review notifications to promptly receive review notifications.
Creating a Body Template
1. Log in to the SMS console.
2. In the left sidebar, choose Global SMS > Body Templates, and then click Create Body Template.
3. Configure the following parameters based on your actual situation:
Parameter | Sample Value |
Template Name | Verification Code SMS |
SMS Type | Verification Code SMS |
SMS Content | Your registration verification code: {1}. Please enter it within {2} minutes. If you did not initiate this registration, please disregard this SMS. |
4. Click OK.
Wait for the content template review. The content template becomes available only when its status changes to Valid. Please Record the template ID.
Step 2: Setting SMS Sending Limits and Frequency Limits (Optional)
Setting Daily SMS Sending Limits (Account Level)
A daily sending limit is applied to the global SMS volume for a single Tencent Cloud account. For new users upon activation, the default daily limit is 100 messages (billing messages submitted). You can log in to the SMS console and adjust the limit at Overview > Global SMS > Global SMS Daily Sending Limit(Account Level).
Setting SMS Sending Frequency Limits (Application Level)
To ensure service and channel security and reduce financial losses after service abuse, the default SMS frequency limit policy is as follows:
For the same phone number and the same content, a maximum of one message can be sent within 30 seconds.
For the same mobile phone number, a maximum of two messages can be sent within one calendar day.
You can log in to the SMS console and set SMS sending frequency limits at Application Management > Basic Configuration > Sending Frequency Limit. For details, see Configuring Basic Information.
Note:
For applications created before May 22, 2024, the default frequency for the same mobile phone number is a maximum of 10 messages per calendar day.
Carrier frequency limit rules: marketing SMS messages to the same number are limited to 3/day; non-marketing SMS messages to the same number are limited to 10/day.
A maximum limit is applied to the frequency settings for individually verified users. For the same mobile phone number, the maximum configurable frequencies are 1 message per 30 seconds, 5 messages per hour, and 10 messages per calendar day, respectively.
Setting Daily SMS Sending limits and Recipient Countries/Regions (Application Level)
In addition to the account-level SMS sending limit, you can also set application-level SMS sending limits. Log in to the SMS console. At Application Management > Basic Configuration > Global SMS Threshold Settings, you can set the daily sending limit for the current application. At Application Management > Basic Configuration > Global SMS Recipient Country/Region Settings, you can configure the target countries/regions to which the current application can send SMS messages and set a daily sending limit for each country/region. For details, see Configuring Basic Information.
Step 3: Generating a Verification Code via Code
When a user clicks to obtain a verification code on a page (such as for registration, login, or identity verification), the application needs to randomly generate a verification code in the backend for identity verification. verification codes have a high requirement for timeliness. You can store the verification code in memory or in a cloud database. Use the mobile phone number as the key to store information such as the sending time, verification code, verification quantity, and whether it has been verified. You can refer to the Tencent Cloud SCF SMS verifictaion code template for implementation. For the code, see (Node.js): SMS Verification Code Login.
Step 4: Calling the SendSms API to Send a Verification code SMS
Users can send messages using the SMS API SendSms. For detailed documentation on calling the API, see Send SMS. You can also make visual calls via API Explorer, which automatically generates code for your business.
Step 5: Receiving and Verifying the Verification Code
After receiving the SMS verification code, the user enters the code on the application page (such as for registration, login, or identity verification) within the specified time.
After receiving the verification code entered by the user, the user backend service compares it with the verification code stored in memory or the database. If the verification succeeds, the verification code will be updated to used and subsequent application operations are executed. If the verification fails, the frontend returns an error, prompting the user to check the correctness of the verification code.
You can refer to the Tencent Cloud SCF SMS verification code template for implementation. For the code, see (Node.js): SMS Verification Code Login.
Note:
SMS bombing (cheating) typically occurs in verification code SMS scenarios. It is recommended to configure SMS anti-fraud measures in advance. For details, see How to prevent SMS bombing (cheating).
Ajuda e Suporte
Esta página foi útil?
Você também pode entrar em contato com a Equipe de vendas ou Enviar um tíquete em caso de ajuda.
comentários