1) Prerequisites

1. Twilio account with a Verify Service created → copy the Service SID (e.g., VAxxxxxxxx).

2. Ensure your Verify service allows the channels you’ll use: SMS, WhatsApp, Call (voice).

3. OutSystems Developer Cloud project (Web or Mobile).

2) Install the Library from Forge

3) Configure (ODC Portal)

A. Environment Variable

1. Add TWILIO_ServiceSID and set it to your Verify Service SID (per environment).

B. REST Basic Authentication

1. Set Authentication = Basic

   • Username: your Twilio Account SID (e.g., ACxxxxxxxx)

   • Password: your Twilio Auth Token

4) How to Use in Your App

Server Actions exposed by the library

• SendVerification(To, Channel)

  • To: phone in E.164 (e.g., +3519xxxxxxxx).

  • Channel: "sms", "whatsapp", or "call" (mapped to Twilio call).

• CheckVerification(To, Code)

  • To: same number used in SendVerification.

  • Code: user’s OTP.

Typical flow (UI logic)

1. Send OTP button → call SendVerification with user phone + channel.

2. On success (pending), navigate to Enter Code screen.

3. User submits code → call CheckVerification.

4. If status = approved, continue login/verification; else show error and allow resend.

5) Channel Notes & Gotchas

• WhatsApp: Do not prepend whatsapp: for Verify—just pass E.164 and Channel="whatsapp".

• Voice: Use Channel="call"; the library maps it to Twilio’s call.

• Formatting: Always pass E.164; invalid format is a common failure cause.

• Resend/Throttle: Implement a resend button and basic cooldown in your UI.

6) Testing Checklist

• Try each channel: SMS, WhatsApp, Voice.

• Test correct vs incorrect/expired codes.

• Verify error handling when Basic Auth is wrong (401/403).

• Confirm TWILIO_ServiceSID is set in each environment (Dev/Test/Prod).

7) Security Best Practices

• Set credentials only in ODC Portal (never in code).

• Limit Twilio console access; rotate Auth Token if leaked.

• Log only high-level statuses (avoid logging OTPs or secrets).