Verify overview
Bird Verify confirms that a user controls an email address or phone number: you ask Bird to send a one-time passcode, the user types it back into your app, and you ask Bird whether it matches. Two API calls — POST /v1/verify/verifications to send, POST /v1/verify/verifications/check to confirm — with no sender registration, no templates, and no code storage on your side. Codes are delivered over email and SMS today, under Authifly, Bird's verification brand, so you can verify users before you've set up any sender of your own.
The Verify app in the dashboard
In the dashboard, Verify is one of the workspace's apps. Its pages, and where each one's guide lives:
| Page | What it's for |
|---|---|
| Verifications | Every verification your workspace created — status, recipient, channel, and timing — see Sending verifications |
| Countries | Per-country delivery: which channels are used, in what order, and whether a country is enabled at all — see Country configuration |
| Configure | Code lifetime, attempt limits, resend cooldown, and the sender each channel uses — see Sending verifications and Senders & branding |
How a verification works
You create a verification with a recipient — an email address, a phone number, or both. Bird generates a numeric passcode, stores only a hash of it, and delivers it over the recipient's channels: an email address gets the code by email, a phone number gets it by SMS, and the order and availability of phone channels follow your country configuration. The user types the code into your app, and you submit it to the check endpoint, which answers success: true or false with a reason.
A verification walks a small lifecycle: it starts pending, and ends verified (a correct code arrived in time), failed (too many wrong attempts), or expired (the window elapsed). The Verifications page shows every verification and its state; each state and reason is covered in Sending verifications.
Defaults
Out of the box, every workspace gets Bird's platform defaults. Each is adjustable — in the dashboard under Configure, or per request where noted:
| Setting | Default | Range |
|---|---|---|
| Code | 6 digits, numeric | 4–8 digits, also settable per request |
| Code lifetime | 10 minutes | 1 minute to 999 minutes |
| Check attempts | 5 per verification | 1–10 |
| Resend cooldown | 60 seconds | 0–3600 seconds |
On top of these sit abuse guardrails you don't configure: per-recipient and per-workspace send caps and a check-rate limit, listed in Sending verifications.
What the recipient sees
Codes arrive under Authifly, Bird's verification brand, so your users get a consistent, recognizable identity even before you've registered a sender of your own:
- Email — sent from otp@verify.authifly.com. Swap in an address on your own verified sending domain whenever you're ready.
- SMS — the code is delivered under the Authifly sender ID, which shows on the handset where the destination country allows alphanumeric sender IDs; the message text itself is brand-neutral. Dedicated SMS senders are coming soon.
More channels are on the way; Senders & branding shows exactly what each message looks like and how to brand it.
Next steps
| Page | What it covers |
|---|---|
| Sending verifications | The send and check calls, statuses, settings, and rate limits |
| Country configuration | Enabling countries and setting per-country channel order and senders |
| Senders & branding | What the code messages look like and how to send from your own domain |
| Authentication | API keys and regional hosts |
| API reference: create a verification | Send-endpoint schema and error details |
| API reference: check a code | Check-endpoint schema and error details |