我应使用哪个 API?
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Google Play 服务有两个 API,可用于简化基于短信的验证流程:SMS Retriever API 和 SMS User Consent API。
SMS Retriever API 提供完全自动化的用户体验,应尽可能使用。但是,您需要在消息正文中放置自定义哈希代码;如果您不是该消息的发送者,则可能很难做到这一点。
如果您无法控制消息内容(例如,如果您的应用与金融机构合作,可能需要在您批准应用内付款交易前验证其电话号码),您可以使用 SMS User Consent API,而无需自定义哈希代码。不过,它要求用户批准应用访问包含验证码的消息的请求。为了尽可能避免向用户显示错误消息,短信用户意见征求会检查该消息是否包含 4-10 个字符的字母数字代码,且该代码至少包含一个数字。它还将过滤掉来自用户联系人列表中的发件人的消息。
下表总结了其中的差异:
|
短信检索器 |
短信用户同意 |
消息要求 |
唯一标识您的应用的 11 位哈希代码 |
至少包含一个数字的 4-10 位字母数字代码 |
发件人要求 |
无 |
发件人不得位于用户的联系人列表中 |
用户互动 |
无 |
点按一下即可批准 |
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-07-25。
[null,null,["最后更新时间 (UTC):2025-07-25。"],[[["\u003cp\u003eGoogle Play services offers two APIs, SMS Retriever and SMS User Consent, to simplify SMS-based verification in your app.\u003c/p\u003e\n"],["\u003cp\u003eSMS Retriever API automates verification but requires a custom hash code in the SMS message, ideal when you control message content.\u003c/p\u003e\n"],["\u003cp\u003eSMS User Consent API, best for scenarios where you don't control the SMS message (like with financial institutions), requires user approval to access the message but doesn't need a custom hash code.\u003c/p\u003e\n"],["\u003cp\u003eSMS User Consent API enhances security by filtering messages from known contacts and focusing on messages containing a 4-10 digit alphanumeric code with at least one number.\u003c/p\u003e\n"]]],[],null,["# Which API should I use?\n\nGoogle Play services has two APIs you can use to streamline the SMS-based\nverification process: the [SMS Retriever API](/identity/sms-retriever/overview)\nand the [SMS User Consent API](/identity/sms-retriever/user-consent/overview).\n\nThe SMS Retriever API provides a fully automated user experience and should be\nused when possible. It does, however, require you to place a custom hash code in\nthe message body, and this may be difficult to do if you're not the sender of\nthat message.\n\nIf you don't have control over the contents of the message---for example, if\nyour app works with a financial institution that might want to verify the user's\nphone number before approving a payment transaction inside your app---then\nyou can use the SMS User Consent API, which does not require the custom hash\ncode. It does, however, require the user to approve your app's request to access\nthe message containing the verification code. In order to minimize the chances\nof surfacing the wrong message to the user, SMS User Consent will check if the\nmessage contains a 4-10 character alphanumeric code containing at least one\nnumber. It will also filter out messages from senders in the user's Contacts\nlist.\n\nThe differences are summarized in the table below:\n\n| | SMS Retriever | SMS User Consent |\n|----------------------|------------------------------------------------------|-------------------------------------------------------------|\n| Message requirements | 11-digit hash code that uniquely identifies your app | 4-10 digit alphanumeric code containing at least one number |\n| Sender requirements | None | Sender cannot be in the user's Contacts list |\n| User interaction | None | One tap to approve |"]]