Phone Number Verification Service uses the data gateway authentication of China's three major carriers for user registration, logon, and security checks. It provides a seamless, secure, and convenient user experience with low latency. This document explains the service's features to help you choose the right authentication method and integrate it quickly.
Example authentication process
| This document explains how to implement the user authentication process shown on the right:
Use this authentication flow for app registration, logon, payment transactions, and account changes to implement user authentication quickly. |
Authentication methods
Phone Number Verification Service offers several authentication methods. The following diagram shows the main features of each method and their relationships:
-
Phone Number Verification: This feature is available in two modes, each returning different information for specific use cases.
-
Mobile Number Check: You provide a phone number, and the service indicates whether it matches the number used for the current data connection.
-
One-click logon: Users can log on without entering their phone number. After a user grants authorization, the service retrieves the phone number from the carrier's gateway and returns it.
Due to the network instability of H5 pages, users need to enter the middle four digits of their phone number to log on. For Android and iOS clients, no number input is required.
-
-
Fusion-Auth: This method integrates multiple authentication types, including One-click logon, SMS Verification, and CAPTCHA (which can be disabled). A single integration provides access to all these features. By using endpoint risk detection and phone number risk detection, Fusion-Auth automatically selects the most appropriate authentication method, with SMS verification codes as a reliable fallback.
Choosing an authentication method
-
Fusion-Auth: Recommended for complex use cases. It natively supports scenarios such as one-click logon/registration, changing a phone number, resetting a password, binding a new phone number, and verifying a bound phone number. The SDK automatically manages and switches between authentication methods until the user is successfully authenticated.
-
Phone Number Verification: This is a lightweight authentication method. If you need to implement automatic fallback, you must also integrate SMS Verification or another authentication method.
| Authentication method |
Integration method |
SDK |
Resource plan |
Integration |
|
| Fusion-Auth |
Server-side + client |
Fusion-Auth SDK |
|||
| Phone Number Verification |
One-click logon |
Server-side + client |
Phone Number Verification SDK |
||
| Mobile Number Check |
|||||
| SMS Verification |
Server-side only |
- |
|||
| CAPTCHA |
Server-side + client |
CAPTCHA SDK |
|||
For details about billing and resource plans, see Billing.
To implement the authentication process shown in the example, choose one of the following two options:
-
Fusion-Auth.
-
Phone Number Verification + SMS Verification.
Integrating Phone Number Verification
The integration process consists of three main steps:
-
Create an authentication scheme in the Phone Number Verification Service console to obtain your scheme Code.
-
Integrate the client SDK.
-
Integrate the server-side API.
Before you begin, you must sign up for an Alibaba Cloud account and complete either enterprise real-name verification or individual real-name verification.
Fusion-Auth
Step 1: Create an authentication scheme
-
Log on to the Phone Number Verification Service console. In the left-side navigation pane, choose .
-
On the Fusion-Auth Scheme Management page, click Add FusionAuth Scheme.
-
Enter a scheme name, app name, and other required information. For Android, you must provide the app package name and package signature. For iOS, you must provide the Bundle ID.
-
After creating the scheme, go to the Fusion-Auth Scheme Management page to view your schemes and obtain the scheme Code.
Step 2: Configure the authentication policy (optional)
By default, a Fusion-Auth scheme inherits the global policy. You can either modify the global policy or set a specific policy for an individual scheme. If you want to use the default policy, you can skip this step.
Global policy
Changes to the global policy affect all schemes that use it. You can skip this step if you want to use the default policy.
-
Log on to the Phone Number Verification Service console. In the left-side navigation pane, choose .
-
On the Global Policy tab, select the scenario you want to configure.
The Basic Information area includes the Select a scenario drop-down list (for example, One-click logon/registration with a mobile number), a scenario description, the Scenario ID, and the Logging switch.
-
In the policy configuration diagram, click the node that you want to configure.
The policy diagram shows the following flow: Start → endpoint risk detection → automatic decision-making. The flow then splits into two paths: one through CAPTCHA and the other through phone number risk detection → CAPTCHA.
-
In the dialog box that appears, click Modify Configurations to configure the node.
For example, if you configure the Phone Number Verification node, you can set the Feature switch and Authentication Settings, such as falling back to SMS Verification on timeout or API error. The Billing Description is displayed at the bottom. When finished, click OK.
To restore the default settings, click the node again, click Modify Configurations in the dialog box, and then click Restore to Default Settings.
Scheme policy
Scheme policy settings apply only to the selected authentication scheme. You can set a unique policy for each scheme.
-
Log on to the Phone Number Verification Service console. In the left-side navigation pane, choose .
-
On the Scheme Policy tab, select the scheme Code and Application Scenario that you want to modify.
The Basic Information area displays details for the selected scheme, such as its name, client type, and creation time. Available use cases include One-click logon/registration with a mobile number.
-
Turn off the "Inherit global policy" switch.
-
In the policy configuration diagram, click the node that you want to configure.
The policy diagram shows the following flow: Start → endpoint risk detection → automatic decision-making. The flow then splits into two paths: one through CAPTCHA and the other through phone number risk detection → CAPTCHA.
-
In the dialog box that appears, click Modify Configurations to configure the node.
For example, if you configure the Phone Number Verification node, you can set the Feature switch and Authentication Settings, such as falling back to SMS Verification on timeout or API error. The Billing Description is displayed at the bottom. When finished, click OK.
Step 3: Client integration
From the Overview page of the Phone Number Verification Service console, click Download Now in the API & SDK area to download the Fusion-Auth SDK and integrate it into your app.
Follow the code in these demos to implement your authentication flow.
-
For details about Android client integration, see Integrate Fusion-Auth with an Android client.
-
For details about iOS client integration, see Integrate Fusion-Auth with an iOS client.
Step 4: Server-side integration
After integrating the client SDK, you must integrate the following server-side APIs to complete the verification and logon process.
-
Call the GetFusionAuthToken API to obtain an authentication token, which is required to initialize the client SDK.
-
Call the VerifyWithFusionAuthToken API, passing the unified authentication token obtained from the client SDK, to get the authentication result.
Phone Number Verification and SMS Verification
Step 1: Create an authentication scheme
-
Log on to the Phone Number Verification Service console. In the left-side navigation pane, choose .
-
On the Phone Number Verification Scheme Management page, click Add Phone Number Verification Scheme.
-
Enter a scheme name, app name, and other required information. For Android and HarmonyOS, you must provide the app package name and package signature. For HarmonyOS, you must also provide the AppId. For iOS, you must provide the Bundle ID.
-
After the scheme is created, you can view all created schemes on the Phone Number Verification Scheme Management page.
Step 2: Prepare SMS signature and template
Due to stricter carrier regulations on SMS signatures, all signatures must complete real-name registration before they can be used to send messages. Custom signatures may experience delivery failures. We recommend that you use the complimentary SMS signatures and templates for verification. A complimentary signature must be used with a complimentary template.
-
Log on to the Phone Number Verification Service console. In the left-side navigation pane, choose .
-
You can view the complimentary signatures and templates on the Signature Configurations and Template Configurations tabs. You can use any of these signatures and templates to send SMS messages.
Step 3: Client integration
From the Overview page of the Phone Number Verification Service console, click Download Now in the API & SDK area to download the Phone Number Verification SDK and integrate it into your app.
Follow the code in these demos to implement your authentication flow.
-
To integrate the One-click logon and Mobile Number Check SDK with an Android client, see Phone Number Verification for Android clients.
-
To integrate the One-click logon and Mobile Number Check SDK with an iOS client, see Phone Number Verification for iOS clients.
SMS Verification requires no client-side integration; you only need to integrate the server-side APIs.
Step 4: Server-side integration
After integrating the client SDK, you must integrate the following server-side APIs to complete the verification and logon process.
-
Call the GetMobile API to get a phone number for One-click logon, or call the VerifyMobile API to perform Mobile Number Check.
-
Call the SendSmsVerifyCode API to send an SMS verification code. You can customize the verification code generation rules based on the parameter descriptions.
-
Call the CheckSmsVerifyCode API to verify the SMS verification code. The outcome is indicated in the returned
VerifyResultparameter.