Sending OTPs via SMS in the US usually requires A2P 10DLC registration. However, with Twilio Verification Service, you can send OTPs via SMS, Email, and WhatsApp without manually managing A2P 10DLC, as Twilio handles compliance internally.
This guide explains how to install Twilio in Laravel, create a verification service, send OTPs using different channels, verify OTPs, and protect Twilio credentials using AWS Secrets Manager.
Why Use Twilio Verification Service?
- No manual A2P 10DLC registration
- Built-in fraud and rate limiting
- Supports SMS, Email, and WhatsApp OTP
- Automatic OTP generation
- Simple verification API
Step 1: Install Twilio in Laravel
Install the Twilio SDK using Composer:
composer require twilio/sdkAdd temporary environment variables:
TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxx
TWILIO_AUTH_TOKEN=your_auth_token
TWILIO_VERIFY_SID=VAxxxxxxxxxxxxSEO Tip: Keep credentials out of your repository. We will secure them using AWS Secrets Manager later.
Step 2: Create Twilio Verification Service
- Login to the Twilio Console
- Navigate to Verify → Services
- Click Create New Service
- Enter a service name (e.g., OTP Service)
- Copy the Verification Service SID (VA...)
This service manages OTP creation, delivery, and validation securely.
Step 3: Send OTP via SMS (Without A2P 10DLC)
<?php
use Twilio\Rest\Client;
public function sendOtpSms(Request $request)
{
$twilio = new Client(
config('services.twilio.sid'),
config('services.twilio.token')
);
$twilio->verify->v2->services(config('services.twilio.verify_sid'))
->verifications
->create($request->phone, "sms");
return response()->json([
'message' => 'OTP sent via SMS'
]);
}
Twilio automatically manages carrier compliance, removing the need for A2P 10DLC registration.
Step 4: Verify OTP (SMS, Email, WhatsApp)
<?php
public function verifyOtp(Request $request)
{
$twilio = new Client(
config('services.twilio.sid'),
config('services.twilio.token')
);
$verification = $twilio->verify->v2->services(config('services.twilio.verify_sid'))
->verificationChecks
->create([
'to' => $request->phone,
'code' => $request->otp
]);
if ($verification->status === 'approved') {
return response()->json(['message' => 'OTP verified']);
}
return response()->json(['message' => 'Invalid OTP'], 400);
}
Step 5: Send OTP via Email
<?php
public function sendOtpEmail(Request $request)
{
$twilio = new Client(
config('services.twilio.sid'),
config('services.twilio.token')
);
$twilio->verify->v2->services(config('services.twilio.verify_sid'))
->verifications
->create($request->email, "email");
return response()->json([
'message' => 'OTP sent via email'
]);
}
Email OTP is ideal for account verification and password recovery flows.
Step 6: Send OTP via WhatsApp
<?php
public function sendOtpWhatsapp(Request $request)
{
$twilio = new Client(
config('services.twilio.sid'),
config('services.twilio.token')
);
$twilio->verify->v2->services(config('services.twilio.verify_sid'))
->verifications
->create("whatsapp:" . $request->phone, "whatsapp");
return response()->json([
'message' => 'OTP sent via WhatsApp'
]);
}
WhatsApp OTP offers higher delivery rates and better user engagement compared to SMS.
Step 7: Secure Twilio Keys Using AWS Secrets Manager
Store Secrets in AWS
- twilio/account_sid
- twilio/auth_token
- twilio/verify_sid
Install AWS SDK
composer require aws/aws-sdk-phpFetch Secrets in Laravel
<?php
use Aws\SecretsManager\SecretsManagerClient;
function getTwilioSecret($key)
{
$client = new SecretsManagerClient([
'region' => 'us-east-1',
'version' => 'latest'
]);
$result = $client->getSecretValue([
'SecretId' => $key
]);
return json_decode($result['SecretString'], true);
}
Load Secrets in config/services.php
<?php
$twilioSecrets = getTwilioSecret('twilio/credentials');
return [
'twilio' => [
'sid' => $twilioSecrets['account_sid'],
'token' => $twilioSecrets['auth_token'],
'verify_sid' => $twilioSecrets['verify_sid'],
],
];
Best Practices for OTP Security
- Use Twilio Verify instead of custom OTP logic
- Apply rate limiting on OTP endpoints
- Always use HTTPS
- Never expose Twilio credentials client-side
- Use Email or WhatsApp as fallback channels
Conclusion
Twilio Verification Service makes it easy to send OTPs via SMS, Email, and WhatsApp without dealing with A2P 10DLC compliance. When combined with Laravel and AWS Secrets Manager, this solution becomes secure, scalable, and production-ready for modern authentication systems.
Other Categories
More Stories
All Rights Reserved © 2026