I'm working on implementing MFA in my pet-project. As I understand from Twilio Verify docs (https://www.twilio.com/docs/verify/api/rate-limits-and-timeouts#code-validity-period) it has some limitations: the code is valid for 10 minutes and I can only send 5 messages in this 10 minute time span (https://www.twilio.com/docs/api/errors/60203). Also, I found a way to avoid this restriction by updating verification status to "cancelled". The code in C# looks like this:
static async Task TestingTwilioLimitations()
{
VerificationResource verification = null;
for (int i = 0; i < 3; i++)
{
verification = await VerificationResource.CreateAsync(
to: "phone number",
channel: "sms",
pathServiceSid: serviceSid
);
Thread.Sleep(TimeSpan.FromSeconds(10));
}
await VerificationResource.UpdateAsync(new UpdateVerificationOptions(serviceSid, verification.Sid, VerificationResource.StatusEnum.Canceled));
for (int i = 0; i < 3; i++)
{
verification = await VerificationResource.CreateAsync(
to: "phone number",
channel: "sms",
pathServiceSid: serviceSid
);
Thread.Sleep(TimeSpan.FromSeconds(10));
}
}
This code allows me to receive 6 messages with codes, despite the limitations of 10 minutes and 5 attempts to send the code. So, the question is, can I use this trick? It allows to spam people (I'm not going to do that, just wanted to be able to configure max send attempts and code validation time from my side), and I'm afraid of being banned by Twilio Verify for using this API calls.
