# Verify overview

Bird Verify confirms that a user controls an email address or phone number: you ask Bird to send a one-time passcode, the user types it back into your app, and you ask Bird whether it matches. Two API calls — [`POST /v1/verify/verifications`](/docs/api/reference/create-verification) to send, [`POST /v1/verify/verifications/check`](/docs/api/reference/create-verification-check) to confirm — with no sender registration, no templates, and no code storage on your side. Codes are delivered over email and SMS today, under [Authifly](https://authifly.com), Bird's verification brand, so you can verify users before you've set up any sender of your own.

## The Verify app in the dashboard

In the [dashboard](/docs/knowledge-base/getting-started/dashboard-tour), Verify is one of the workspace's apps. Its pages, and where each one's guide lives:

| Page                                                                   | What it's for                                                                                                                                                                                                                         |
| ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [**Verifications**](https://bird.com/dashboard/w/verify/verifications) | Every verification your workspace created — status, recipient, channel, and timing — see [Sending verifications](/docs/guides/verify/sending-verifications)                                                                           |
| [**Countries**](https://bird.com/dashboard/w/verify/countries)         | Per-country delivery: which channels are used, in what order, and whether a country is enabled at all — see [Country configuration](/docs/guides/verify/countries)                                                                    |
| [**Configure**](https://bird.com/dashboard/w/verify/configure)         | Code lifetime, attempt limits, resend cooldown, and the sender each channel uses — see [Sending verifications](/docs/guides/verify/sending-verifications#verification-settings) and [Senders & branding](/docs/guides/verify/senders) |

## How a verification works

You create a verification with a recipient — an email address, a phone number, or both. Bird generates a numeric passcode, stores only a hash of it, and delivers it over the recipient's channels: an email address gets the code by email, a phone number gets it by SMS, and the order and availability of phone channels follow your [country configuration](/docs/guides/verify/countries). The user types the code into your app, and you submit it to the check endpoint, which answers `success: true` or `false` with a reason.

A verification walks a small lifecycle: it starts `pending`, and ends `verified` (a correct code arrived in time), `failed` (too many wrong attempts), or `expired` (the window elapsed). The [Verifications](https://bird.com/dashboard/w/verify/verifications) page shows every verification and its state; each state and reason is covered in [Sending verifications](/docs/guides/verify/sending-verifications#statuses).

## Defaults

Out of the box, every workspace gets Bird's platform defaults. Each is adjustable — in the dashboard under [**Configure**](https://bird.com/dashboard/w/verify/configure), or per request where noted:

| Setting         | Default            | Range                                 |
| --------------- | ------------------ | ------------------------------------- |
| Code            | 6 digits, numeric  | 4–8 digits, also settable per request |
| Code lifetime   | 10 minutes         | 1 minute to 999 minutes               |
| Check attempts  | 5 per verification | 1–10                                  |
| Resend cooldown | 60 seconds         | 0–3600 seconds                        |

On top of these sit abuse guardrails you don't configure: per-recipient and per-workspace send caps and a check-rate limit, listed in [Sending verifications](/docs/guides/verify/sending-verifications#abuse-guardrails).

## What the recipient sees

Codes arrive under [Authifly](https://authifly.com), Bird's verification brand, so your users get a consistent, recognizable identity even before you've registered a sender of your own:

- **Email** — sent from `otp@verify.authifly.com`. Swap in an address on your own verified sending domain whenever you're ready.
- **SMS** — the code is delivered under the Authifly sender ID, which shows on the handset where the destination country allows alphanumeric sender IDs; the message text itself is brand-neutral. Dedicated SMS senders are coming soon.

More channels are on the way; [Senders & branding](/docs/guides/verify/senders) shows exactly what each message looks like and how to brand it.

## Next steps

| Page                                                                            | What it covers                                                        |
| ------------------------------------------------------------------------------- | --------------------------------------------------------------------- |
| [Sending verifications](/docs/guides/verify/sending-verifications)              | The send and check calls, statuses, settings, and rate limits         |
| [Country configuration](/docs/guides/verify/countries)                          | Enabling countries and setting per-country channel order and senders  |
| [Senders & branding](/docs/guides/verify/senders)                               | What the code messages look like and how to send from your own domain |
| [Authentication](/docs/guides/authentication)                                   | API keys and regional hosts                                           |
| [API reference: create a verification](/docs/api/reference/create-verification) | Send-endpoint schema and error details                                |
| [API reference: check a code](/docs/api/reference/create-verification-check)    | Check-endpoint schema and error details                               |