Nexmo Verify API allows you to implement two factor authentication (2FA) using short lived verification codes sent to a Mobile or Landline over SMS or an automated Voice phone call.
- Cloud-based (REST) Verify API
- 2FA - Two Factor Authentication
- Phone number type detection
- Automatic retries and failover to voice ensuring verification code delivery
- Global country and carrier compliance to prevent message filtering
- Templates and languages matching local preferences
- Analytics dashboard
- Optimized PIN Code length and expiry timing
- Ony pay for successful verification
- Maximize verification success rates
- Speed up code delivery and improve user experience
- Go live instantly with simple API integration
- Track your performance in real time
- Block spammers and fraudsters
£0.087 per transaction
+44 (0) 7802 466766
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
Nexmo Verify API is available as an extension to many third party platforms and services, examples include:
Amazon Web Services (AWS), Amazon Simple Notification Server (SNS), Zoho, Salesforce, Zendesk, Telerivet, MailChimp, Campaign Monitor, JIRA, Sugar CRM, Freshdesk, Google Cloud, Desk.com, Magento, Microsoft Dynamics CRM, Miva Merchant, Heroku, Microsoft Azure, Confluence.
|Cloud deployment model||Public cloud|
|Service constraints||None. Service affecting incidents would be alerted to users via https://www.nexmostatus.com/.|
|System requirements||HTTP REST API or web client support|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Standard Support Offering: During Monday to Friday High or Urgent priority tickets receive a response within 2 hours and Normal or Low priority tickets receive a response within 6 hours. During the weekend High or Urgent priority tickets receive a response within 4 hours whilst Normal or Low priority tickets will receive a response on Monday.
Our Premium Support customers receive a response within 30 minutes for High or Urgent priority tickets and 1 hour for Normal or Low priority tickets, this response time is the same 24 hours a day and 7 days per week.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Yes, at an extra cost|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Via Nexmo website|
|Web chat accessibility testing||None|
|Support levels||We offer two levels or support; Standard Support - which is included at no additional cost beyond the price you pay for utilisation of our services, this level of support does not include phone support. Premium Support - Which includes faster response times, is 24/7 includes phone support and chat as well as a dedicated support engineer. Premium Support costs an additional £5,000 per month.|
|Support available to third parties||Yes|
Onboarding and offboarding
Nexmo provide an online service including all documentation and tutorials.
New users can sign-up for services for free and start testing at https://dashboard.nexmo.com/sign-up
|End-of-contract data extraction||As a CPaaS provider Nexmo's doesn't store application data, Nexmo's communication services are integrated with client hosted data. Customer account provided details are accessible from the Nexmo dashboard and can be accessed at any time.|
|End-of-contract process||When the contract ends if you continue to use our services you will transition onto our standard list pricing and standard terms, assuming you continue to use our services. You will likely agree a new contract prior to the end of your existing contract. If you move to another supplier and wish to port your numbers then there may well be a small admin fee for such a migration. We cannot advise what this will be in advance as many of the costs incurred are only know at the time of porting and may depend on the number supplier as well.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||We send verification codes via an SMS or a Voice phone call to a Mobile phone or landline. These codes are commonly used with desktop apps.|
|Accessibility standards||None or don’t know|
|Description of accessibility||None|
|What users can and can't do using the API||
Nexmo's Verify API is only available through an API.
Users can manage the complete service from provisioning, account management, through to elivery and reporting all via real-time API's.
|API documentation formats||HTML|
|API sandbox or test environment||Yes|
|Independence of resources||We always have spare capacity in each of our locations and the ability to temporarily shift traffic to other locations to guarantee we don't overload one (or more) of them.|
|Service usage metrics||Yes|
Inbound & Outbound message delivery
Delivery Status (Submitted, Delivered, Rejected, Expired)
Search by message/recipient, rejected messages
Quality (Success Ratio %, DLR Ratio %), by Country, by Network
2FA Conversion data (% Conversion, by Country, by Network)
Number Verification Success
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||EU-US Privacy Shield agreement locations|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||Scale, obfuscating techniques, or data storage sharding|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
Nexmo as a CPaaS provider of communications services does not store client data.
Users can extract usage reports via the Nexmo Dashboard at https://dashboard.nexmo.com/sign-in. Reporting Analytics data can be viewed within the browser and also downloaded in Excel (.xlsx) format.
|Data export formats||Other|
|Other data export formats||
|Data import formats||Other|
|Other data import formats||HTTP REST API|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Nexmo commits to using commercially reasonable efforts to ensure that the proprietary platform provided by Nexmo in connection with its Services will be Available 99.97% of the Available Time within a given calendar month.
Should the Nexmo Platform be unavailable for less than 99.97% of one Calendar Month then the refund, in the form of service credits, is as follows:
Availability between 99,95% and 99.97% would result in a refund of 5% of Monthly spend.
Availability below 99,95% would result in a refund of 10% of Monthly spend.
|Approach to resilience||Nexmo's platform resides in IBM's Softlayer Cloud and has failover, DR and load-balancing attributes configured over the resilient infrastructures across our global datacentres. Nexmo fails-over to a secondary environment within each datacentre but also across region, providing true global redundancy.|
Public dashboard https://www.nexmostatus.com/.
Subscription to alerts via email, SMS, Twitter, API (Webhook), RSS feed
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Management is done via SSH and authentication is performed by LDAP.|
|Access restriction testing frequency||Never|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Less than 1 month|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Securitymetrics|
|PCI DSS accreditation date||08/05/2016|
|What the PCI DSS doesn’t cover||Nexmo is PCI Merchant compliant. Customer's are responsible for PCI compliance of applications built using Nexmo's API's|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||No|
|Security governance approach||Nexmo ensures that we design our infrastructure and software with security in mind. We select datacenter providers with security compliance certification, and continuously review our system for vulnerabilities in-house and through 3rd parties.|
|Information security policies and processes||
Nexmo takes data security very seriously. Nexmo’s servers are hosted by IBM Softlayer and AWS in data centres in Europe, the United States and SE Asia. Softlayer provides us with hardware, network connectivity and secure physical space relating to our customer data. Softlayer is compliant with ISO 27001, SOC 2 and other standards (see softlayer.com/compliance), and security information about their data centers can be found at http://www.softlayer.com/data-centers.
Marked as done
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Everything is done via central configuration management. (Puppet) Each change reviewed and approved.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Nexmo has a Vulnerability Management Process in place that covers patch management, vulnerability scanning and monitoring, security assessments/penetration testing and the bug bounty programme.
The goal of the security assessments vulnerability management process is to ensure reported vulnerabilities are addressed according to industry best practices and expectations: updates made to the applications or systems provide adequate protection and that vulnerabilities are fixed within reasonable time.
Vulnerabilities are validated, assessed and classified according to risk and impact. Depending on severity response times can be Immediate (with a target Short Term Solution in 2 days) or longer.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Security monitoring capabilities ensure both the physical and IT security of the Nexmo environment. Physical security is monitored by manned personnel in 2 reception area’s, whilst our data centre providers provide their own access controls under the governance of the many standards under which they operate (http://www.softlayer.com/compliance). Nexmo’s team monitors for attacks, with frequent scheduled checks. Services have attack detection logic implemented to detect malicious actions and fraudulent behaviour. Automatic account breach monitoring and alerting is in place that look at public services for data breaches. Alerts are sent to the security team - see incident management for response process.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Security incidents are managed through an incident report form within the ticketing system (JIRA), this records details of the incident and tracks the onward investigation until remediation actions can be put in place. Upon issue resolution, if necessary, the security team defines any further/longer-term remediation requirements, and assigns these to the appropriate team (e.g. operations, product engineering, etc). At each stage there are defined communications covering Identification, Investigation, Remediation, and Documentation (Reporting) of security incidents. Where customers are impacted; the “critical situations” team is notified (includes senior management), and Support communicates to affected customers, providing advisory, or specific remediation instructions.|
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.087 per transaction|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||Nexmo offer free account sign-up, upon completion of which the account with receive €2 free credit for the purposes of trialling our CPaaS solution.|
|Link to free trial||https://dashboard.nexmo.com/sign-up|
|Pricing document||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|