Which API should I use?
Stay organized with collections
Save and categorize content based on your preferences.
Google Play services has two APIs you can use to streamline the SMS-based
verification process: the SMS Retriever API
and the SMS User Consent API.
The SMS Retriever API provides a fully automated user experience and should be
used when possible. It does, however, require you to place a custom hash code in
the message body, and this may be difficult to do if you're not the sender of
that message.
If you don't have control over the contents of the message—for example, if
your app works with a financial institution that might want to verify the user's
phone number before approving a payment transaction inside your app—then
you can use the SMS User Consent API, which does not require the custom hash
code. It does, however, require the user to approve your app's request to access
the message containing the verification code. In order to minimize the chances
of surfacing the wrong message to the user, SMS User Consent will check if the
message contains a 4-10 character alphanumeric code containing at least one
number. It will also filter out messages from senders in the user's Contacts
list.
The differences are summarized in the table below:
|
SMS Retriever |
SMS User Consent |
| Message requirements |
11-digit hash code that uniquely identifies your app |
4-10 digit alphanumeric code containing at least one number |
| Sender requirements |
None |
Sender cannot be in the user's Contacts list |
| User interaction |
None |
One tap to approve |
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-31 UTC.
[null,null,["Last updated 2024-10-31 UTC."],[[["\u003cp\u003eGoogle Play services offers two APIs, SMS Retriever and SMS User Consent, to simplify SMS-based verification in your app.\u003c/p\u003e\n"],["\u003cp\u003eSMS Retriever API automates verification but requires a custom hash code in the SMS message, ideal when you control message content.\u003c/p\u003e\n"],["\u003cp\u003eSMS User Consent API, best for scenarios where you don't control the SMS message (like with financial institutions), requires user approval to access the message but doesn't need a custom hash code.\u003c/p\u003e\n"],["\u003cp\u003eSMS User Consent API enhances security by filtering messages from known contacts and focusing on messages containing a 4-10 digit alphanumeric code with at least one number.\u003c/p\u003e\n"]]],[],null,["# Which API should I use?\n\nGoogle Play services has two APIs you can use to streamline the SMS-based\nverification process: the [SMS Retriever API](/identity/sms-retriever/overview)\nand the [SMS User Consent API](/identity/sms-retriever/user-consent/overview).\n\nThe SMS Retriever API provides a fully automated user experience and should be\nused when possible. It does, however, require you to place a custom hash code in\nthe message body, and this may be difficult to do if you're not the sender of\nthat message.\n\nIf you don't have control over the contents of the message---for example, if\nyour app works with a financial institution that might want to verify the user's\nphone number before approving a payment transaction inside your app---then\nyou can use the SMS User Consent API, which does not require the custom hash\ncode. It does, however, require the user to approve your app's request to access\nthe message containing the verification code. In order to minimize the chances\nof surfacing the wrong message to the user, SMS User Consent will check if the\nmessage contains a 4-10 character alphanumeric code containing at least one\nnumber. It will also filter out messages from senders in the user's Contacts\nlist.\n\nThe differences are summarized in the table below:\n\n| | SMS Retriever | SMS User Consent |\n|----------------------|------------------------------------------------------|-------------------------------------------------------------|\n| Message requirements | 11-digit hash code that uniquely identifies your app | 4-10 digit alphanumeric code containing at least one number |\n| Sender requirements | None | Sender cannot be in the user's Contacts list |\n| User interaction | None | One tap to approve |"]]