Verify Migration Guide
The following guide will help you migrate from Verify Legacy to Verify. To do this, you need to update your endpoint URLs to call the new version and modify your application settings; you are not required to fill any pre-registration form in order to start using Verify.
Summary
The Vonage Verify API is a service that allows developers to implement two-factor authentication (2FA) to protect against fraud and ensure user authenticity. Vonage offers two versions of this API: Legacy and the current Verify. While both versions serve the same primary function, there are significant differences in their features, functionalities, and usage.
Major Differences
- Flexibility and Customization: Verify now offers more flexible workflow creation and enhanced customization options such as a more feature-rich Custom Templates management system compared to Legacy.
- Channel Support: Verify now includes additional support for verification through various new channels like Silent Auth, WhatsApp and Email, while Legacy is limited to SMS and voice.
- Security Features: Verify now includes improved security features and compliance with the latest standards.
- Error Handling: Verify now provides more detailed error messages and improved handling, such as well as more advanced rate limiting and automatic retry mechanisms.
- API Design and Usability: Verify now has a more user-friendly design and easier integration capabilities with modern applications such as synchronous and asynchronous options.
Feature Comparison
| Feature/Function | Verify (Legacy) | Verify |
|---|---|---|
| Basic Verification | SMS, Voice | Silent Auth, SMS, Voice, Email, WhatsApp |
| Request ID Handling | Basic request ID system | Enhanced request ID tracking with more metadata |
| Custom Workflow Configuration | Limited | Extensive, including multiple channel configurations |
| PIN Expiry Management | Configurable but limited (60 to 3600 seconds) | More granular control over PIN expiry and event timings |
| Security Compliance | Basic, compliant with older standards | Advanced, compliant with latest security standards |
| Error Handling | Basic error messages | Detailed error messages with extensive error codes |
| Rate Limiting | Basic rate limiting | Improved rate limiting mechanisms |
| Retry Mechanism | Basic retry on failure | Advanced retry logic with customizable retry workflows |
| Analytics and Reporting | Limited reporting capabilities | Enhanced analytics and detailed reporting |
| Localization Support | Basic localization (limited languages) | Enhanced localization with more languages and custom messages |
| API Documentation and Support | Comprehensive but older documentation | Modern, detailed, and more user-friendly documentation |
API Calls
Asynchronous mode has been introduced in Verify, allowing you to receive messages and call statutes by webhook, receiving both event (in the case of whatsapp_interactive) and summary callbacks. You can also use it synchronously with redirect_url and check_url.
You must configure your webhooks for Verify callbacks in the Application section of the Customer Dashboard:
Further documentation on webhooks can be found here.
Endpoints
All Verify API calls need to be updated to use the new endpoint:
| Verify (Legacy) | Verify |
|---|---|
POST https://api.nexmo.com/verify/check/:format | POST https://api.nexmo.com/v2/verify |
Workflows
Verify provides you with the flexibility to define your own workflow, as opposed to the fixed workflows of Legacy. You can specify any combination of supporting channels of your choice in the workflow, to a maximum of three channels.
Further documentation on workflows can be found here.
Channels
New channels are now available in Verify:
- SMS
- Voice (formerly TTS in Legacy)
- Silent Authentication
For more detailed information on these channels refer to the API Specification.
Documentation specific to silent authentication can be found here.
Summary Callbacks
Callbacks are returned to your webhook with the status of the event, corresponding request_id & channel. The following sequence diagrams show how this works when using a single channel, or using multiple channels in your workflow.
Single Channel
Multiple Channels
Response Codes
In addition to changing your endpoints, your applications also need to be updated to understand the response codes received when using Verify:
| HTTP Code | Definition |
|---|---|
Creating a request: POST /v2/verify | |
| 202 | Request was accepted. Delivery in progress. |
| 409 | There is an in-progress request to this number. |
| 422 | Error processing the request. |
Validating a request: POST /v2/verify/{request_id} | |
| 200 | Success! Correct code was provided. |
| 400 | An incorrect code was provided. |
| 404 | Request could not be found. |
| 409 | Current action does not support a pin check. |
| 410 | Incorrect code was provided many times. |
| 422 | Request cannot be validated. |
Request Cancellation
| Verify (Legacy) | Verify |
|---|---|
| Verify Control could be used to cancel an ongoing verification requests. Cannot cancel within the first 30 seconds of the request. | Send a cancellation request - if the verification request is active, it aborts the workflow. |
Templates
| Verify (Legacy) | Verify |
|---|---|
| Customers can use a customized template to send verify messages (documentation) | Verify makes use of the same pre-defined templates as Verify Legacy. Custom template functionality coming soon. |
PSD2 Compliance
| Verify (Legacy) | Verify |
|---|---|
| Is PSD2 compliant | Coming Soon |
Search Verification Request
| Verify (Legacy) | Verify |
|---|---|
| Use Verify Search to check the status of past or current verification requests. | Use statuses sent to your webhooks to monitor past or current requests. |
Fraud Management
Note that Network Blocks are only applied to the SMS and Voice channels in the Verify API.
| Verify (Legacy) | Verify |
|---|---|
| Blocks triggered by velocity rules are responded with Error 7 | Blocks triggered by velocity rules are displayed with status blocked and reason Fraudulent traffic detected for your account on network [23415]. in the summary callback |
| Network Unblocks can be issued using the Network Unblock API. | Uses the same API for unblocks. |
| Further documentation: Legacy Anti-Fraud System | Further Documentation: Anti-Fraud System |
Verify Sequence Diagrams
Verify Flow
Verify Request with Summary Callbacks
Silent Authentication Sequence Diagram
