Verifying the User's Phone Number

When the phone verification is enabled and an account is registered with a phone number, Kii Cloud will send an SMS message with a verification code. Your application should then ask the user to type in the verification code to complete verification. Logging in with the specified phone number will be allowed only when your user verifies them by submitting the correct code.

The phone verification is also launched when it is enabled and a user modifies their phone number. Logging in with the new phone number will be allowed after the user sends the code in the verification SMS message. The old phone number will be invalidated when the verification process is finished.

Please Note: You must specify a valid mobile phone number in an international phone number format (starting with + and your country code) to properly begin the SMS verification process.

Enabling the verification

You can enable or disable the verification in the developer portal. For more information, see Toggle the verifciations.

By default, the verification feature is turned off.

Registering the verification code

After receiving the SMS verification code from the user, your application should invoke the following flow to complete the verification process:

  1. Get the user's token

    Send the following POST request to retrieve the user's token:

    curl -v -X POST \
      -H "Authorization: Basic {BASE64_ENCODED_APPID_AND_APPKEY}" \
      -H "Content-Type: application/json" \
      "https://api.kii.com/api/apps/{APP_ID}/oauth2/token" \
      -d '{
            "grant_type" : "password",
            "username": "user_123456",
            "password": "123ABC"
          }'
    

    Use Basic Authentication. Replace {BASE64_ENCODED_APPID_AND_APPKEY} with a Base64-encoded string of concatenated AppID and an arbitrary value with a colon (:) in between the two values.

    Kii Cloud will return the user token as shown below:

    < HTTP/1.1 200 OK
    < Server: Apache-Coyote/1.1
    < Content-Type: application/json
    < Transfer-Encoding: chunked
    < Date: Mon, 14 May 2012 22:52:52 GMT
    <
    {
      "id" : {USER_ID},
      "access_token" : {ACCESS_TOKEN},
      "expires_in" : 9223372036854775,
      "token_type" : "bearer"
    }
    

    Here, {ACCESS_TOKEN} is the user token. Kii Cloud will also return the expiration duration of the user token in seconds.

  2. Send the verification code with the user token.

    Send the following POST request to confirm the verification code, ensuring the user token is sent as the HTTP header "Authorization: Bearer {ACCESS_TOKEN}"

    curl -v -X POST \
      -H "Authorization: Bearer {ACCESS_TOKEN}" \
      -H "Content-Type: application/vnd.kii.AddressVerificationRequest+json" \
      "https://api.kii.com/api/apps/{APP_ID}/users/me/phone-number/verify" \
      -d '{
            "verificationCode": "12345"
          }'
    

Setting custom SMS templates

You can customize the content of the SMS message on the developer portal. See Configuring the phone (SMS) verification to learn more.

Resending the verification SMS message

The verification SMS will be sent automatically to the user when the user registration and the user attribute modification are made.

You can also request to resend the verification SMS as follows:

curl -v -X POST \
  -H "Authorization: Bearer {ACCESS_TOKEN}" \
  "https://api.kii.com/api/apps/{APP_ID}/users/me/phone-number/resend-verification"