twiliosmsauth0password-less

Best Practices: Twilio Messaging Service per Tenant?


When using Twilio to verify sms users within Auth0, is it a best-practice to create a messaging service per tenant? Or, can the same messaging service be used across development and production tenants?

My instinct is to create separate messaging services for each tenant, but there's a monthly cost associated with each number and numbers can't be used across services within Twilio. I'm wondering if there's a cost to sharing the same messaging service that I'm overlooking. Thanks for your help!

This question is also posted on the Auth0 Community board: https://community.auth0.com/t/best-practices-twilio-messaging-service-per-tenant/81471


Solution

  • If the content is templetized (the content cannot be created or modified by the tenants), like it would be for 2FA code generation, you can generate this code from a single number in a specific account. At this point in time, a verified Tollfree number is the best number type outside a shortcode to use.

    Twilio Verify provides such an approach.

    Although these blog posts are focused on Twilio Verify, the same information is useful for any 2FA use case.

    Migrate from Programmable Messaging to Verify https://www.twilio.com/blog/migrate-programmable-sms-to-verify

    Build a carrier block list with Twilio Lookup https://www.twilio.com/blog/carrier-block-list-lookup-fraud-prevention

    Build an allow list to filter sign ups by country with Twilio Lookup https://www.twilio.com/blog/allow-list-country-code-lookup

    Best practices for phone number validation during new user enrollment

    Best practices for managing retry logic with SMS 2FA https://www.twilio.com/blog/best-practices-retry-logic-sms-2fa

    How to Validate Phone Number Input in HTML and JavaScript https://www.twilio.com/blog/validate-phone-number-input