){kind=small}
Integrate RCS into Your Authentication Workflows
Time to read: 5 minutes
Rich Communication Services (RCS) is the next evolution of SMS with modern features like verified branding, read receipts, and delivery over mobile data or Wi-Fi. As more mobile devices and carriers support RCS by default, your users are increasingly expecting secure, seamless interactions directly within their messaging app.
For businesses, this opens up a powerful opportunity: enabling two-factor authentication (2FA) directly through RCS.
In this tutorial, you’ll learn how to integrate RCS into your authentication workflows using the Vonage Verify API. You’ll also configure a fallback path, so if RCS isn’t supported on the user’s device or network, the verification request will automatically fall back to another channel like SMS.
npm and Node installed.
A phone with RCS capabilities.
Vonage API Account To complete this tutorial, you will need a Vonage API account. If you don’t have one already, you can sign up today and start building with free credit. Once you have an account, you can find your API Key and API Secret at the top of the Vonage API Dashboard.
RCS is an enhancement of the SMS channel, enabling messages to be delivered over Wi-Fi or mobile data to default messaging apps on Android and iPhone. It also supports brand validation and has low latency in delivery. To use the RCS channel, an RCS Agent or Sender ID is required.
A verify workflow is a sequence of steps created to authenticate a user’s identity. This could be sending an SMS, or e-mail message containing a one time password code that can be used to confirm their identity.
You can build a verification workflow that uses a preferred channel first and then automatically falls back to a different channel if the initial attempt is unsuccessful. You have a list of channels available that you can send as well, including SMS, Silent Authentication, email, and WhatsApp.
Let's configure a verify workflow that takes the RCS channel as the default one. If the message is not successfully converted, then the next channel in the list will be used. We will use SMS as a second fallback channel, as it's ubiquitous and widely available.
Be sure to sign up/ sign in to a Vonage API account to have access to the API.
Open yourAPI Settings Page to access your Vonage API Key and Secret, both of which are displayed as shown in the screenshot below. The API Key is located at the top of the page, and to access your API Secret, please refer to the “Account secret” subsection.
Note: In case you cannot remember your previously created API Secret, click on “+ Create new secret” and save it securely.
To create an application, go to the Create an Application page on the Vonage Dashboard, and define a Name for your Application.
If you intend to use an API that uses Webhooks, you will need a private key. Click “Generate public and private key”, your download should start automatically. Store it securely; this key cannot be re-downloaded if lost. It will follow the naming convention private_<your app id>.key. This key can now be used to authenticate API calls. Note: Your key will not work until your application is saved.
Choose the capabilities you need (e.g., Voice, Messages, RTC, etc.) and provide the required webhooks (e.g., event URLs, answer URLs, or inbound message URLs). These will be described in the tutorial.
To save and deploy, click "Generate new application" to finalize the setup. Your application is now ready to use with Vonage APIs.
Create a new directory for your project, initialize a new Node project, and install the dependencies.
mkdir blog-verify_rcs-node-auth-workflows
cd blog-verify_rcs-node-auth-workflows
npm init -y
npm install @vonage/server-sdk @vonage/verify2
Create a .env file, and we will add some environment variables to it. I'll go through each one explaining what they're used for and where to find them.
VERIFY_BRAND_NAME: Name users will see during verification.VONAGE_APPLICATION_PRIVATE_KEY_PATH: Path to your private key file.VONAGE_APPLICATION_ID: Your Vonage Application ID.VERIFY_NUMBER: Test phone number for receiving RCS/SMS.RCS_SENDER_ID: Sender ID for RCS, found under the "Link External Accounts" tab.
Create a JavaScript file, I'll call mine index.js, and initialize your dependencies:
// index.js
require("dotenv").config();
const { Vonage } = require("@vonage/server-sdk");
const { Channels } = require("@vonage/verify2");
const vonage = new Vonage({
applicationId: process.env.VONAGE_APPLICATION_ID,
privateKey: process.env.VONAGE_APPLICATION_PRIVATE_KEY_PATH,
});We will then use vonage.verify2.newRequest from the Vonage Verify V2 SDK for Node.js, adding the RCS (first attempt) and SMS (fallback) channel, respectively.
// index.js
vonage.verify2
.newRequest({
brand: process.env.VERIFY_BRAND_NAME,
workflow: [
{
channel: Channels.RCS,
to: process.env.VERIFY_NUMBER,
from: process.env.RCS_SENDER_ID,
},
{
channel: Channels.SMS,
to: process.env.VERIFY_NUMBER,
},
],
})
.then(({ requestId }) => console.log(requestId))
.catch((err) => console.error(err));
Run the command node followed by the name of your JavaScript file. When you do so, a message will be sent to the number you've specified in the environment variable VERIFY_NUMBER. It will first attempt to reach you via RCS; if this is not possible, an SMS message will be sent as an alternative.
node index.jsNote: If you receive a callback to your webhook indicating that the request was blocked, the target network may have been blocked by the platform's anti-fraud system.
The more we can help our users mitigate fraud, the better. The Vonage Verify API enables you to verify your users by sending one-time passwords (OTPs) to various channels. The code I've showcased today is similar to the guide on how to send a verification request using multiple channels for fallback; however, this tutorial focuses on the RCS and SMS channels in JavaScript. You can find more examples in other languages linked in the docs.
That's a wrap! In this blog post, you've seen how it's possible to use the RCS channel within the Vonage Verify API and how it can fall back to the next specified channel in case RCS is not available on the device.
Have a question or something to share? Join the conversation on the Vonage Community Slack, stay up to date with the Developer Newsletter, follow us on X (formerly Twitter), subscribe to our YouTube channel for video tutorials, and follow the Vonage Developer page on LinkedIn, a space for developers to learn and connect with the community. Stay connected, share your progress, and keep up with the latest developer news, tips, and events!
Improve Your Multifactor Auth with Vonage APIs and Firebase.
Trusted Group Authentication with SMS and Express.
Improve Your Multifactor Auth with Verify and SIM Swap APIs.