tencent cloud

Sending verification codes through SMS is the most popular and securest way to verify user identities. Currently, SMS verification codes are widely used in various application scenarios such as user registration, password reset, login protection, identity verification, random password generation, and transaction confirmation.
This document uses developing a verification code-enabled login and signup service based on SCF as an example to describe how to implement the SMS verification code feature.

In addition to SCF, you can also use the SendSms API for this purpose.

Preparations

• You have signed up for a Tencent Cloud account and verified your organizational identity.
• You have purchased an SMS package.
• Prepare SMS signature owner qualification certificates. For detailed file list and specifications, please see the signature review standards.
  This document takes a business license as a qualification certificate for example.
• Understand the SMS body content review standards.
• Get the SDKAppID of the SMS application.

Reference

• Demo source code
• Other products' documentation
  • VPC documentation
  • TencentDB for Redis documentation
  • SCF documentation

Step 1. Configure SMS content

After an SMS signature or body template is submitted, it will be reviewed within two hours generally. You can configure alarm contacts and set template/signature review notifications to receive review result notifications.

Step 1.1. Create a signature

1. Log in to the SMS console.
2. Select Chinese Mainland SMS > Signature Management on the left sidebar and click Create Signature.
3. Set the following parameters as needed and according to the signature review standards:

   Parameter	Sample Value
   Signature purpose	For self-use (the signature is a company name, website, product name, or something else verified under the current account)
   Signature type	App
   Signature content	Test demo
   Certificate type	Screenshot of WeChat Mini Program settings page
   Certificate upload

4. Click OK.
   Wait for signature review. The SMS signature will be available only after its status changes to approved.

Step 1.2. Create a body template

1. Log in to the SMS console.
2. Select Chinese Mainland SMS > Body Templates on the left sidebar and click Create Body Template.
3. Set the following parameters as needed and according to the body template review standards:

   Parameter	Sample Value
   Template Name	Verification code SMS
   SMS type	Regular SMS
   SMS content	Your signup verification code is {1}. Please enter it within {2} minutes. If the signup was not initiated by you, please ignore this message.

4. Click OK.
   Wait for body template review. The body template will be available only after its status changes to approved. Please note down the template ID.

Step 2. Set the SMS delivery rate limit (optional)

Note：

Individual users have no permission to modify the rate limit. To use this feature, change "Individual Identity" to "Organizational Identity". For detailed directions, see Identity Verification Change Guide.

To ensure business and channel security and minimize potential financial losses caused by malicious calls of SMS APIs, we recommend you set the SMS delivery rate limit.
This document uses the default SMS delivery rate limit policy as an example.

• For SMS messages with the same content, a maximum of one such message can be sent to the same mobile number within 30 seconds.
• A maximum of 10 messages can be sent to the same mobile number on a calender day.

Step 3. Configure the VPC and subnet

By default, SCF is deployed in the public network and can access public network only. If you need to access Tencent Cloud resources such as TencentDB instances, you need to build a VPC to ensure data and connection security.

1. Plan the network design as needed.
2. Create a VPC. For detailed directions, please see Creating VPC.

   Note：

   The CIDRs of the VPC and subnet cannot be modified after creation.

   Parameter	Sample Value
   Region	South China (Guangzhou)
   Name	Demo VPC
   IPv4 CIDR Block	10.0.0.0/16
   Subnet name	Demo subnet
   IPv4 CIDR Block	10.0.0.0/16
   Availability Zone	Guangzhou Zone 3

Step 4. Configure a TencentDB for Redis instance

The region and subnet AZ of the TencentDB for Redis instance must be the same as those of the VPC configured in step 3.

1. Purchase a TencentDB for Redis instance. For detailed directions, please see Creating TencentDB for Redis Instance.

   Parameter	Sample Value
   Billing Mode	Pay-as-you-go
   Region	Guangzhou
   Database version	Redis 4.0
   Architecture	Standard architecture
   Network	Demo VPC and demo subnet
   Instance name	Demo database
   Quantity	1

Step 5. Create a function

SCF currently supports development in Python, Node.js, PHP, Java, and Go. This document uses Node.js as an example.

1. Create a function in the region of the VPC created in step 3. For detailed directions, please see Writing Function.

   Parameter	Sample Value
   Function name	Demo
   Runtime environment	Node.js 8.9
   Creation method	Template function: helloworld

2. Deploy the function and set API Gateway Trigger as the trigger. For detailed directions, please see Deploying Function.

Step 6. Enable public network access (optional)

• Functions deployed in a VPC before April 29, 2020 are isolated from the public network by default. If you want them to have access to both private network and public network, you can do so by enabling public network access.
  Log in to the SCF console, select Function Service, click the name of the target function in the function list to enter the function configuration page. Click Edit, check Public Network Access, and click Save to save the configuration.
• Functions deployed on or after April 29, 2020 have public network access enabled by default, and no additional operations are required.

Step 7. Deploy the SMS demo

1. Go to the SCF console and select the SMS demo to deploy it.
   

2. Set the environment variables of the demo in Advanced Configuration.
   

3. Set the same VPC environment as the Redis database in Advanced Configuration.
   

4. Set the permissions of SCF execution role in Advanced Configuration.
   
   You need to associate the QcloudSMSFullAccess policy with the SCF_QcsRole role in the CAM console.
   
   In this way, the ``TENCENTCLOUD_SECRETID,TENCENTCLOUD_SECRETKEY, andTENCENTCLOUD_SESSIONTOKEN` environment variables can be obtained in the code, which will be used by the SMS SDK.

5. Click Complete to deploy the function.

6. Create an SCF API Gateway trigger and request the trigger address to use SMS capabilities.
   

Step 8. Use the features

Verification codes have a high requirement for timeliness. You can store verification codes in the memory or TencentDB for Redis and use the mobile number as a key to store information such as sending time, verification code, number of verification attempts, and verification result.

Features

Sending SMS verification code

Request parameters:

Verifying verification code (login)

Request parameters:

Error codes

If you have any questions, contact SMS Helper for assistance.