SMS Providers

The Curity Identity Server uses SMS providers in various places. Most commonly it’s used by the Sms Authenticator during two factor authentication.

Currently two SMS providers are supported. Twilio and REST. Both are explained in the following sections. Any number of providers can be configured in the system, and left dormant if needed. The usage of a provider is defined in the Authentication Profile on the Sms Provider configuration element. This element references one of the available providers which are defined in the facilities section.

Twilio Sms Provider

Twilio TwilioWebsite is a cloud Sms and Voice service provider. They provide an easy to use REST API for sending and receiving text messages (among other services). To use Twilio, a Twilio account with SMS enabled is required.

The SMS client can use either Auth Token or API Key. From the Twilio account the following properties are needed to configure the SMS client:

  1. The from number to use (a written name is also allowed for some accounts)
  2. The Account SID
  3. In case of using the Auth Token
    • The Auth Token string
  4. In case of using the API Key
    • The API Key SID
    • The API Key Secret

The above parameters can be found in the Twilio account page and are used to configure the twilio sms provider in the facilities section.


If a name is used instead of from number then it will not be found on the Twilio page, but can be arbitrarily selected when configuring Curity.

REST Sms Provider

Sometimes other SMS providers are needed besides Twilio. To give full flexibility here, Curity provides a REST API towards which the organization can build a small SMS REST service. This allows the organization to integrate against any SMS provider without having to extend the functionality of Curity in a simple manner.

Communication between |C| and a REST SMS backend

Fig. 35 Communication between Curity and a REST SMS backend

For more information on how to develop a REST SMS service see the developer guide.