Implementing Phone Number Verification in FusionAuth Without Enabling 2FA
-
We’re integrating FusionAuth with our system and want to verify users’ phone numbers during registration, but we’re not ready to enable two-factor authentication (2FA). Is there a recommended way to implement phone number verification via SMS during registration without enabling 2FA? Ideally, we’d like users to enter their phone number and verify it before completing the registration process.
-
While the simplest built-in way to verify phone numbers is through two-factor authentication (2FA), it’s understandable if you’re not ready to enable that yet. As an alternative, you can implement phone number verification programmatically using FusionAuth’s webhooks.
When a user registers, FusionAuth can trigger the user.registration.create webhook event (or other user registration events). You could listen for this event and run your own logic to send an SMS verification code via your preferred SMS provider. Once the user verifies the code, you could then mark their phone number as verified in your own system or update user data in FusionAuth as needed.
You can read more about relevant webhooks here:
User Registration Webhook Events -
W wesley marked this topic as a question on
-
W wesley has marked this topic as solved on
-
We had the same setup - needed phone verification without 2FA in FusionAuth. Ended up using webhooks to trigger an external service. I integrated with sms-verification-number.com via their API because I needed real SIM-based numbers, not VoIP. Chose a Polish operator for a local test, and the code arrived in about 50 seconds. If the SMS hadn’t come through, the system would’ve canceled and pulled a new number automatically - no charge. Since we’re testing across regions, being able to switch countries fast helped avoid delays.