Number Verification in Python with AWS Lambda and Vonage
Published on May 5, 2021

In this post, you'll deploy a Vonage Verify 2FA client as a microservice to AWS Lambda, written in Python. You do so using this Python application available on Github that uses Flask, and Serverless.

Multi-factor authentication, also known as Two-Factor Authentication (2FA), is implemented on most web services. It affords an extra level of security to ensure the person accessing a service, is the correct person. The added step in authentication sends a random code using SMS to a mobile device registered by the user. Once the user supplies the code sent, they are then authenticated.

As with all things related to security, 2FA is not full-proof. However, it does add a good security layer to help protect accounts.

Prerequisites

DT API Account

To complete this tutorial, you will need a DT API account. If you don’t have one already, you can sign up today and start building with free credit. Once you have an account, you can find your API Key and API Secret at the top of the DT API Dashboard.

Setup Instructions

Clone the nexmo-community/nexmo-verify-lambda-python repo from GitHub, and navigate into the newly created directory to proceed.

Environment

Rename .env.default to .env and add values to NEXMO_API_KEY and NEXMO_API_SECRET provided by your Vonage APIs account.

Usage

To start, create a virtualenv from within the project root to contain the project as you proceed. Then activate it, as follows:

virtualenv venv --python=python3 source venv/bin/activate

Next, initialize npm and follow the prompts to get it set up. In most cases, you should select the defaults, unless you desire to change any of them. Also, use npm to install some needed dependencies for development to enable Serverless and Lambda to work with the Flask app. Use the following commands to do complete this step.

npm init npm install --save-dev serverless-wsgi serverless-python-requirements

Now you should use pip to install the required Python dependencies from the requirements.txt included in the cloned code.

pip install -r requirements.txt

Running Local

With the virtualenv set up, you can run the app locally and test things out before deploying to AWS Lambda. You can serve it with the following command:

sls wsgi serve

By default, running locally on your system serves the app at http://localhost:5000. Hitting Ctrl+c closes it down after you finish.

Deploy to Lambda

With all the above finished successfully, you can use Serverless to deploy the app to AWS Lambda.

sls deploy

After deployment, you receive the URL needed to access the application via the API Gateway. Make a note of the URL for the next step.

IMPORTANT: The example application, as-is, does not carry out any authentication or verification. Anyone with access to the URL provided after deployment can access it. Doing so could cause unexpected charges to your Vonage account. Therefore, please secure the app if you intend to leave it active.

Available Endpoints

There are 4 URL endpoints available with this client:

  • /

    • Doesn't perform any actions, but provides a quick way to test

  • /request/<to_number>/<brand>

    • By including 2 arguments, the client requests a 2FA code sent to the <to_number>, which should include the national identifier (such as 1 for the US), along with a <brand> string for more visual identity in the SMS message.

  • /check/<request_id>/<code>

    • You can then check a 2FA code by passing the <request_id> and the <code> to the /check endpoint.

  • /cancel/<request_id>

    • Sometimes, if a 2FA code gets lost, it is necessary to cancel a request. By including the <request_id> to the /cancel endpoint, you bypass the 5-minute wait to request a new code.

Examples:

Go to the URL provided by the Serverless deploy process. Below are some examples of what sample requests may look like:

https://7ulasfasdasdfw4.execute-api.us-east-1.amazonaws.com/dev/

The / endpoint returns a generic informational message.

https://7ulasfasdasdfw4.execute-api.us-east-1.amazonaws.com/dev/request/15554443333/Vonage

The /request endpoint returns the request_id, and the to_number phone should receive a text with a code.

https://7ulasfasdasdfw4.execute-api.us-east-1.amazonaws.com/dev/check/9807adsf0sae89fu0se87r0sf/654321

The /check endpoint returns a successful verification message with an event_id.

The /request step grants you 5 minutes to follow up with a /check request. If not able to do so, you can issue a /cancel with the following URL.

https://7ulasfasdasdfw4.execute-api.us-east-1.amazonaws.com/dev/cancel/9807adsf0sae89fu0se87r0sf

Deactivating Virtualenv

To exit the virtualenv, you can deactivate it when desired.

deactivate

Next Steps

If you have any questions or run into troubles, you can reach out to @VonageDev on Twitter or inquire in the Vonage Community Slack team. Good luck.

Adam CulpVonage Alumni

Adam is a developer and consultant who enjoys ultra-running, blogging/vlogging, and helping others tame technology to accomplish amazing things with an insatiable desire to mentor and help.

Ready to start building?

Experience seamless connectivity, real-time messaging, and crystal-clear voice and video calls-all at your fingertips.