Sending verification codes through SMS is the most popular and securest way to verify user identities. Currently, SMS verification codes are widely used in various application scenarios such as user registration, password reset, login protection, identity verification, random password generation, and transaction confirmation.
This document uses developing a verification code-enabled login and signup service based on SCF as an example to describe how to implement the SMS verification code feature. In addition to SCF, you can also use the SendSms API for this purpose. Preparations
You have purchased an SMS package.
Prepare SMS signature owner qualification certificates.
This document takes a business license as a qualification certificate for example.
Understand the SMS body content review standards.
Get the SDKAppID
of the SMS application.
Relevant Documents
Other products' documentation
Step 1. Configure SMS content
After an SMS signature or body template is submitted, it will be reviewed within two hours generally. You can configure alarm contacts and set template/signature review notifications to receive review result notifications. Step 1.1. Create a signature
2. Select Chinese Mainland SMS > Signatures on the left sidebar and click Create Signature.
3. Set the following parameters as needed:
|
Signature purpose | For verified entities (such as organizations, websites or product names with signatures verified by the account) |
Signature type | App |
Signature content | Test demo |
Certificate type | Screenshot of WeChat Mini Program settings page |
4. Click OK.
Wait for signature review. The SMS signature will be available only after its status changes to approved.
Step 1.2. Create a body template
2. Select Chinese Mainland SMS > Body Templates on the left sidebar and click Create Body Template.
3. Set the following parameters as needed:
|
Template name | Verification code SMS |
SMS type | OTP SMS |
SMS content | Your signup verification code is {1}. Please enter it within {2} minutes. If the signup was not initiated by you, please ignore this message. |
4. Click OK.
Wait for body template review. The body template will be available only after its status changes to approved. Please note down the template ID.
Step 2. Set the SMS sending frequency limit (optional)
Note:
Individual users have no permission to modify the sending frequency limit. To use this feature, change "Individual Verification" to "Organization Verification".
To ensure business and channel security and minimize potential financial losses caused by malicious calls of SMS APIs, you are recommended to set the sending frequency limit. In addition, you can use Tencent Cloud Captcha to maximize the protection of your business security.
This document uses the default SMS sending frequency limit policy as an example. For SMS messages with the same content, a maximum of one such message can be sent to the same mobile number within 30 seconds.
A maximum of 10 messages can be sent to the same mobile number on a calendar day.
By default, SCF is deployed in the public network and can access public network only. If you need to access Tencent Cloud resources such as TencentDB instances, you need to build a VPC to ensure data and connection security.
2. Create a VPC. For detailed directions, please see Creating VPC. Note:
The CIDRs of the VPC and subnet cannot be modified after creation.
|
Region | South China (Guangzhou) |
Name | Demo VPC |
IPv4 CIDR | 10.0.0.0/16 |
Subnet name | Demo subnet |
IPv4 CIDR | 10.0.0.0/16 |
AZ | Guangzhou Zone 3 |
The region and subnet AZ of the TencentDB for Redis instance must be the same as those of the VPC configured in step 3. |
Billing mode | Pay-as-you-go |
Region | Guangzhou |
Database version | Redis 4.0 |
Architecture | Standard architecture |
Network | Demo VPC and demo subnet |
Instance name | Demo database |
Purchase quantity | 1 |
Step 5. Create a function
SCF currently supports development in Python, Node.js, PHP, Java, and Go. This document uses Node.js as an example.
1. Create a function in the region of the VPC created in step 3. For detailed directions, please see Writing Function. |
Function name | Demo |
Runtime environment | Node.js 8.9 |
Creation method | Template function: helloworld |
2. Deploy the function and set API Gateway Trigger as the trigger. For detailed directions, please see Deploying Function. Step 6. Enable public network access (optional)
Functions deployed in a VPC before April 29, 2020 are isolated from the public network by default. If you want them to have access to both private network and public network, you can do so by enabling public network access.
Log in to the SCF console, select Function Service, click the name of the target function in the function list to enter the function configuration page. Click Edit, check Public Network Access, and click Save to save the configuration. Functions deployed on or after April 29, 2020 have public network access enabled by default, and no additional operations are required.
Step 7. Deploy the SMS demo
1. Go to the SCF console and select the SMS demo to deploy it. 2. Set the environment variables of the demo in Advanced Configuration.
|
REDIS_HOST | Redis database address. |
REDIS_PASSWORD | Redis database password. |
SMS_TEMPLATE_ID | Template ID. You must enter the ID of an approved template, which can be viewed in the SMS console. |
SMS_SIGN | Content of the SMS signature, which should be encoded in UTF-8. You must enter an approved signature, which can be viewed in the SMS console. Note: this parameter is required for Chinese Mainland SMS. |
SMS_SDKAPPID | SMS SdkAppid actually generated after an application is added in the SMS console, such as 1400006666. |
3. Set the same VPC environment as the Redis database in Advanced Configuration.
4. Set the permissions of SCF execution role in Advanced Configuration.
You need to associate the QcloudSMSFullAccess
policy with the SCF_QcsRole
role in the CAM console. In this way, the TENCENTCLOUD_SECRETID
, TENCENTCLOUD_SECRETKEY
, and TENCENTCLOUD_SESSIONTOKEN
environment variables can be obtained in the code, which will be used by the SMS SDK.
5. Click Complete to deploy the function.
6. Create an SCF API Gateway trigger and request the trigger address to use SMS capabilities.
Step 8. Use the features
Verification codes have a high requirement for timeliness. You can store verification codes in the memory or TencentDB for Redis and use the mobile number as a key to store information such as sending time, verification code, number of verification attempts, and verification result.
Features
Sending SMS verification code
Request parameters:
|
| | Request method, whose value is getSms |
| | Mobile number in the format of area code + mobile number, such as 86185662466** |
Verifying verification code (login)
Request parameters:
|
| | Request method, whose value is login |
| | Mobile number in the format of area code + mobile number, such as 86185662466** |
| | 6-digit verification code |
Error codes
|
| |
| Missing verification code parameter |
| The verification code has expired |
| The verification code is invalid |
| Please check whether the mobile number and verification code are correct |
Was this page helpful?