Add the Vonage Verify API
Importing Vonage SDK
At the top of your server.js, add the Vonage configuration:
const { Auth } = require("@vonage/auth");
const { Verify2 } = require("@vonage/verify2");
require("dotenv").config();
// Configure Vonage credentials
const credentials = new Auth({
applicationId: process.env.VONAGE_APP_ID,
privateKey: process.env.VONAGE_PRIVATE_KEY,
});
const verifyClient = new Verify2(credentials);
- We use
dotenvto load environment variables. - The
Authclass authenticates API requests using the application ID and private key. - The
Verify2client handles interactions with the Verify API.
Start Verification
Let's work on the /verification endpoint. This endpoint will be called from the mobile application and will start the process to verify the user.
app.post("/verification", async (req, res) => {
const { phone } = req.body || null;
if (!phone) {
return res.status(400).json({ error: "Phone number is required." });
}
try {
const result = await verifyClient.newRequest({
brand: "DemoApp",
workflow: [
{
channel: "silent_auth",
to: phone,
},
{
channel: "sms",
to: phone,
},
],
});
return res.json({
request_id: result.requestId,
check_url: result.checkUrl,
});
} catch (error) {
console.error(error.response);
return res.status(error.response.status).json({ error: error.message });
}
});
- The endpoint uses a POSTmethod and expects the user's phone number in the request body.
- The verification process will use Silent Authentication workflow. If Silent Auth fails, it fall back to SMS.
- If everything goes well, the endpoint will return a response to the mobile app containing a
request_idand acheck_url. The mobile app will then use thecheck_urlto send a request to the mobile operator, which will verify whether the traffic is coming from the specified phone number. We’ll cover this in more detail when we discuss the mobile app implementation.
Check Verification Code
Then, add the /check-code endpoint:
app.post("/check-code", async (req, res) => {
const { request_id, code } = req.body;
if (!request_id || !code) {
return res.status(400).json({ error: "Request ID and code are required." });
}
try {
const result = await verifyClient.checkCode(request_id, code);
return res.json({
verified: result === "completed",
});
} catch (error) {
return res.status(400).json({ error: error.message });
}
});
- This endpoint verifies the code entered by the user.
- If the code matches, it returns
verified: trueto the mobile application.
Callback
This tutorial follows the asynchronous approach to integrate the Verify API on the backend. According to the documentation, we need to implement a callback which will receive event updates.
First, navigate to the Dashboard, then open the Applications menu on the left side. Click on the application you created in the previous step and click the Edit button.
Scroll down to the Network Registry capability and enable the Verify (SA) feature by toggling the switch on. In this section, you’ll also need to specify the callback URL where your server will be listening for incoming events. You should add something similar to this:
http://your-server-ip:3000/callback
Add the following code to your server.js file:
app.post("/callback", (req, res) => {
console.log("Callback received:", req.body);
return res.status(200).json({ status: req.body.status });
});
- Vonage calls this endpoint when there are events to report, for example when Silent Auth completes.
- We log the received data and respond with a success message.
Getting Started with Silent Authentication
Silent Authentication takes quite a bit to understand. This tutorial shows you how to build an integration from scratch with Nodejs and Kotlin