0

We are using the Authy API to initiate mobile verification codes via SMS, and during our PoC the code would attempt to register users every time a verification code is requested (so it would register, and then request the SMS). The reasoning at the time was that if a user changed their email (mobile number the same), we would want to register them again with that new email. Calling register with a user that already was registered is basically a No-op (it returns the current registered user's authy Id).

Looking back I'm wondering now if this registration every time is needed. I've looked through the API documentation and I can't find the correct process for updating a registered user's email address, or even if we should care about the email address once we have a user registered.

Any advice on this would be appreciated.

gilweb
  • 23
  • 1
  • 5

1 Answers1

0

Twilio developer evangelist here.

There isn't a way to update or remove an email address for a user and when you re-register with a different email address but the same phone number the new email address is just added to the user account (though you can only see the first email address in the dashboard).

You shouldn't need to register every time, since you only need the authy_id to send a 2 factor authentication code. Though it is best practice to add a new email address to the user if they change it on your platform.

Just one extra thing though, it doesn't necessarily sound like you are using this service for two factor authentication, rather for just verifying a phone number. If that's the case, you can actually use the Twilio Verify API instead. This only needs the phone number and not an email address at all.

philnash
  • 70,667
  • 10
  • 60
  • 88
  • Thanks for the response. Does the email really matter than given the way we are using it? What's it used for? I'll look into the Verify API, since you're right, it looks like it will meet our needs at a lower cost. – gilweb Oct 17 '19 at 18:03
  • To be honest, I'm not sure what the email is used for. My guess is that it comes into use if a user ever needs to recover their Authy account. But this is all moot if the Verify API is the one you should be using anyway! – philnash Oct 20 '19 at 06:04
  • @philnash So are you suggesting that, regardless of how the email is used, in order to update the associated user's authy-user's email address, we need to delete and re-register the user w/ the new email? – acidnbass Jan 30 '20 at 23:51