Introducing Backendless Twilio Integration Plugin

The Backendless Twilio integration plugin enables you to implement a phone number-based login and two-factor authentication for your app. It also provides API for SMS and MMS messaging.

This week, Backendless is releasing two new plugins for the Backendless Marketplace that will give you added capabilities and flexibility when building your app. The first, as indicated above, is our integration with Twilio.

Click here to read about the Login With Apple feature.

Twilio is a service that facilitates engagement with users through text/SMS/MMS, phone and video, chatbots, and more. With the Twilio Integration Plugin for Backendless, you gain access to all of the powerful Twilio features (Twilio account required). Twilio can further bolster your login process supported by Backendless’ User Service APIs.

Two-Factor Authentication

Twilio enables two-factor authentication, a valuable security feature for apps that require users to log in. Two-factor authentication (2FA) is an added layer of protection for user accounts beyond just username and password. Anytime you’ve been asked to verify your login with a code texted to you, that was a form of 2FA.

The Twilio plugin allows you to add 2FA functionality to your app. For example, when a user creates an account, before that user is able to login, they will be required to confirm their phone number. A verification code is sent as a text message to the user’s provided phone number. This code must be entered into the app in order for the registration to be authenticated.

In order to achieve 2FA, you must collect the user’s phone number or another form of contact information beyond just email address. With 2FA, you can still require that the user verify his or her email address (user email confirmation is automatically included in Backendless).

To learn how to add the Twilio plugin to your app, follow the steps below. More detailed information about using the plugin can be found in the plugin’s feature listing.

Installation Instructions

1. Login to Backendless Console and select your app. Open the Marketplace screen and install the “Twilio Integration plugin” from the Backendless Marketplace. The plugin product is available under the All services menu. The product itself is available at no cost (free), however, keep in mind that your app must be on a paid plan in order to install a product from the Marketplace.
2. The Twilio Integration Plugin product has required configuration parameters. When installing the product, you will be presented with a configuration popup window shown below. Keep the browser window open as you will return to it with the required information.
   
3. In a separate browser window, navigate to https://twilio.com and login to your Twilio account. If you do not have an account, you will need to create one.
4. In the Twilio dashboard, open the Settings section and scroll down to API Credentials.
5. Copy the Account SID and the Auth Token values into the corresponding fields of the Twilio Service Configuration popup in Backendless Console (the one shown in Step 2 of these instructions).
6. Enter a phone number in the Twilio Sender Phone Number field in Backendless Console. It must be a phone number registered with Twilio. There is an option to obtain a number from Twilio or transfer an existing number to Twilio.
7. All other fields can remain as is for now. All the field values can be modified later. Click the TEST CONFIGURATION button which will validate all values.
8. Click SAVE to save the configuration information and install the Twilio plugin.

User Registration with Phone Verification

Consider the following scenario: your application’s registration form includes a field for the user’s phone number. When a user creates an account, they provide a phone number that you would like to verify before their account is enabled. They can then log in after the registration process is complete.

The process of user registration with phone number confirmation consists of the following steps:

1. The application uses the standard registration API call, however, the client sends only the phone number. The response for the registration call includes a special value called "transactionId".
2. The Twilio Integration Plugin sends out an SMS message containing a confirmation code. The message is sent to the phone number specified in the request (1).
3. Your application asks the user to enter the confirmation code to complete the registration process.
4. Once the user enters the confirmation code, the application sends out the second registration API call which now includes the following fields:
   • email or the property/column used as identity by your application.
   • password – user’s password
   • transactionId – this is the value from step 1.
   • transactionCode – this is the code sent to the user’s phone in step 2.
   • phoneNumber – this is the same number used in step 1. This is required as a security measure.
5. The second registration API call returns a complete user object,

It is possible to configure your application to use the phoneNumber column as identity. In this case, the second registration API call will include only four properties (phoneNumber, password, transactioniId and transactionCode).

Read the full details about the Twilio Integration Plugin here.

We hope you’ll find this exciting new integration to be a valuable addition to your application. We can’t wait to see how you put it to use!

Happy Coding!