Contact Methods
Users can have multiple contact methods associated with their account. A contact method is an email address, phone number, or Google account that the user has linked. By default, only users with at least one verified contact method can make calls to your Services hosted in Forte. Unauthenticated and unverified calls will be rejected with an HTTP 401/403 error.
To learn more about user authentication, see Authentication and Sessions.
Types
| Type | Verified by Default | Requires Verification |
|---|---|---|
| Google OAuth | Yes* | No |
| No | Yes | |
| Phone Number | No | Yes |
*When Google indicates that the user's email is verified. In rare cases, OAuth accounts may require manual verification.
Verification Flow
For email and phone contact methods, Forte sends a 6-digit verification code to the user:
- The user adds a new contact method (email or phone) to their account.
- Forte sends a 6-digit verification code to the contact method.
- The user enters the code in your application.
- Your application submits the code to Forte's verification endpoint.
Verification rules:
- Codes expire after 10 minutes
- Resending a code requires a 60-second cooldown between attempts
- Users cannot delete their last verified contact method
SDK Functions
The Forte SDK provides utility functions for managing contact method verification:
resendOTP— Resend a one-time passcode to the user's phone number or email address. Subject to a 60-second cooldown between attempts.resendVerificationCode— Resend a verification code for a contact method that has not yet been verified. Also subject to a 60-second cooldown.
Next Steps
- Set up Authentication methods for your users
- Learn about Sessions and token management
- Administrate your users from the Forte console