Authenticating via Twilio's Verify API – HTTP429, Too Many Requests

Hello!

I am working on integrating Twilio's Verify service for a Laravel PHP application that doesn't use Usernames or Passwords, but instead uses OTP (sent by Twilio) to verify authentication.

Unfortunately, in my testing, I seem to have been locked out of Twilio's API, I keep getting the

Twilio\Exceptions\RestException

exception, with the message:

[HTTP 429] Unable to create record: Too many requests

I started with the Laravel Breeze starter pack for authentication, and made some modifications.. Generally speaking, this is the flow:

A user enters their phone number on the "login" page, and submits it.
On submitting, the phone number is validated against our database to ensure it exists. If it does, a new instance of the Twilio client is created, and a verification request is sent.
The user is redirected (HTTP redirect) to a page that asks for the code they will receive from Twilio.
When the user enters the code, the form is validated to ensure the phone number and the code both exist in the form request data, and if validation passes, a new Twilio client is created and verificationChecks() is called with the code and phone number.
If the verification check from Twilio is valid, the user is authenticated and redirected to the app's dashboard.

The AuthenticatedSessionController looks like this:

<?php

class AuthenticatedSessionController extends Controller
{
    public function create(): Response
    {
        return Inertia::render('Auth/Login', [
            'status' => session('status'),
        ]);
    }

    /**
     * Checks if a phone number exists in a user's record
     * and if it does, sends a Twilio Verify code to 
     * the phone number
     */
    public function check(LoginRequest $request): RedirectResponse
    {
        $data = $request->validated();

        /* Get credentials from .env */
        $token = getenv("TWILIO_AUTH_TOKEN");
        $twilio_sid = getenv("TWILIO_SID");
        $twilio_verify_sid = getenv("TWILIO_VERIFY_SID");
        $twilio = new Client($twilio_sid, $token);
        $twilio->verify->v2->services($twilio_verify_sid)
            ->verifications
            ->create($data['phone'], "sms");
        $request->session()->flash('phone', $data['phone']);
        return redirect()->route('verify');
    }

    public function verify(Request $request): Response
    {
        $phone = $request->session()->get('phone');
        return Inertia::render('Auth/Verify', ['phone' => $phone]);
    }

    /**
     * @throws \Twilio\Exceptions\ConfigurationException
     */
    public function store(VerifyRequest $request)
    {
        $data = $request->validated();

        //if the code is not valid from twilio, hit the rate limiter
        //get twilio credentials
        $token = getenv("TWILIO_AUTH_TOKEN");
        $twilio_sid = getenv("TWILIO_SID");
        $twilio_verify_sid = getenv("TWILIO_VERIFY_SID");

        //generate a new twilio client instance
        $twilio = new Client($twilio_sid, $token);

        //verify the code entered using Twilio API
        $verification = $twilio->verify->v2->services($twilio_verify_sid)
            ->verificationChecks
            ->create($data['code'], array('to' => $data['phone']));

        //if the code is valid, authenticate the user and redirect to the dashboard
        if (!$verification->valid) {
            return Inertia::render('Auth/Verify', ['errors' => ['code' => 'The code you entered is invalid.']]);
        }

        //get the user  by the phone number
        $user = User::where('phone', $data['phone'])->firstOrFail();

        //regenerate the session
        $request->session()->regenerate();

        //authenticate the user
        Auth::login($user);

        //redirect to the dashboard
        return redirect()->intended(RouteServiceProvider::HOME);
    }
}

No matter how long I wait between login requests, no matter if I create a new Twilio Verify service on my account, I keep getting the 429 too many requests error from Twilio.

I'm not sure what's causing it, especially since going to test it today, I had waited since yesterday a good 18+ hours, which should be well past the Twilio rate limiting.

Any ideas or suggestions to resolve this issue would be appreciated! Thanks!

garrettmassey

3 years ago

Best Answer

Level 6

I troubleshooted for several hours, and it looks to be an issue on Twilio's end with my phone number being tested on the account. So I created a new Verify service account, deleted the old one, and everything works exactly as I expected.

Please or to participate in this conversation.