One-tap SMS verification with the SMS User Consent API
Stay organized with collections
Save and categorize content based on your preferences.
The SMS User Consent API complements the SMS Retriever API by allowing an app
to prompt the user to grant access to the content of a single SMS message. When
a user gives consent, the app will then have access to the entire message body
to automatically complete SMS verification.
User Flow for SMS User Consent API
When using the SMS User Consent API to automatically fill in one-time codes the
user will be prompted to allow your app to have permission to read a single SMS
message. The user will see the following screens when using the SMS User
Consent API.
When the user initiates an SMS verification flow they will be prompted to enter
the one-time code using the keyboard. It is important to do this to handle a
situation where the user receives the SMS on a different device than the app is
running on.
Then, if your app has requested SMS User Consent, an incoming SMS message
containing a one-time code will be shown to the user with an option to to share
the entire content of a single SMS message. This will only happen if your app
has requested SMS User Consent and is running on the device that received the
SMS message.
If the user chooses to provide the content of the SMS message to your app, the
entire text of the SMS message will be shared. The user sees the SMS
verification flow automatically complete.
If the user decides not to share, the user will then manually type the one-time
code to complete the SMS verification flow.
Developer Flow for SMS User Consent API
To implement a full SMS verification flow using the SMS User Consent API you
need to interact with both a backend server to send the SMS as well as the SMS
User Consent API to prompt the user for access to a single message containing a
one-time code.
Step by step, your app and server must do the following to implement an SMS
verification flow using the SMS User Consent API:
Your app calls the SMS User Consent API to begin listening for an SMS
response from the server. An SMS message received prior to starting SMS
User Consent will not be forwarded to your app.
After you start the SMS User Consent API, your app makes a request to a
server to verify a user's phone number using SMS verification.
When the user's device receives the SMS message containing a one-time
code, Google Play services displays the contents of the message to the user
and asks for consent to make that text available to your app.
If the user consents, the entire SMS message is made available to your app.
Your app parses out the one-time code from the message text and sends it
to the server.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-31 UTC."],[[["\u003cp\u003eThe SMS User Consent API enables apps to request user permission to access a single SMS message for auto-completion of SMS verification, offering a streamlined experience when the SMS Retriever API isn't suitable.\u003c/p\u003e\n"],["\u003cp\u003eUpon receiving an SMS verification code, users are prompted to share the message content with the app, allowing for automatic code entry if they consent.\u003c/p\u003e\n"],["\u003cp\u003eThe API requires developers to implement a flow involving backend server interaction, initiating SMS User Consent, requesting SMS verification, and handling user consent or manual code entry.\u003c/p\u003e\n"],["\u003cp\u003eIf the user grants consent, the app receives the entire SMS message, facilitating automatic parsing and completion of the verification process.\u003c/p\u003e\n"]]],[],null,["# One-tap SMS verification with the SMS User Consent API\n\nThe SMS User Consent API complements the SMS Retriever API by allowing an app\nto prompt the user to grant access to the content of a single SMS message. When\na user gives consent, the app will then have access to the entire message body\nto automatically complete SMS verification.\n| **Note:** The [SMS Retriever API](//developers.google.com/identity/sms-retriever/overview) offers the best user experience for automating the SMS-based user verification process. However, there are situations where you don't control the format of the SMS message and cannot support the SMS Retriever API. In this case, you can use this API to streamline the process.\n\nUser Flow for SMS User Consent API\n----------------------------------\n\nWhen using the SMS User Consent API to automatically fill in one-time codes the\nuser will be prompted to allow your app to have permission to read a single SMS\nmessage. The user will see the following screens when using the SMS User\nConsent API.\n\n\nWhen the user initiates an SMS verification flow they will be prompted to enter\nthe one-time code using the keyboard. It is important to do this to handle a\nsituation where the user receives the SMS on a different device than the app is\nrunning on.\n\nThen, if your app has requested SMS User Consent, an incoming SMS message\ncontaining a one-time code will be shown to the user with an option to to share\nthe entire content of a single SMS message. This will only happen if your app\nhas requested SMS User Consent and is running on the device that received the\nSMS message.\n\nIf the user chooses to provide the content of the SMS message to your app, the\nentire text of the SMS message will be shared. The user sees the SMS\nverification flow automatically complete.\n\nIf the user decides not to share, the user will then manually type the one-time\ncode to complete the SMS verification flow.\n\nDeveloper Flow for SMS User Consent API\n---------------------------------------\n\nTo implement a full SMS verification flow using the SMS User Consent API you\nneed to interact with both a backend server to send the SMS as well as the SMS\nUser Consent API to prompt the user for access to a single message containing a\none-time code.\n\nStep by step, your app and server must do the following to implement an SMS\nverification flow using the SMS User Consent API:\n\n1. Your app calls the SMS User Consent API to begin listening for an SMS response from the server. An SMS message received prior to starting SMS User Consent will not be forwarded to your app.\n2. After you start the SMS User Consent API, your app makes a request to a server to verify a user's phone number using SMS verification.\n3. When the user's device receives the SMS message containing a one-time code, Google Play services displays the contents of the message to the user and asks for consent to make that text available to your app.\n4. If the user consents, the entire SMS message is made available to your app.\n5. Your app parses out the one-time code from the message text and sends it to the server.\n\nSee [Request one-time consent to read an SMS verification code](/identity/sms-retriever/user-consent/request) for\ndetails."]]
