Install the Twilio helper library for your language and initialize the client with your Account SID and Auth Token via environment variables TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN.
Create a Verify Service in the Twilio console (or via API) and note the Service SID (VA...).
Start verification by calling client.verify.v2.services(SERVICE_SID).verifications.create with the user's E.164-formatted phone number and channel set to 'sms'; Twilio sends a six-digit OTP to the user.
Collect the OTP from the user in your UI and submit it server-side by calling client.verify.v2.services(SERVICE_SID).verificationChecks.create with the phone number and the user-supplied code.
Inspect the returned status field: 'approved' means the OTP matched and is valid; 'pending' means it was wrong; a check cannot be retried after the code expires.
Implement rate limiting and lockout logic on your side to prevent brute-force OTP guessing, and log verification SIDs for audit.
Known gotchas
Verification checks are consumed on each attempt; after a code is used (approved or max attempts reached), you must start a new verification rather than retrying the check.
Phone numbers must be in E.164 format (e.g., +14155552671); ensure you normalize user input before calling the API.
Twilio Verify handles carrier-level OTP delivery and retry logic; do not implement your own SMS delivery on top of Verify for OTP use cases.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp