Verify a user using SMS PIN with Node.js SDK

This guide shows how to verify a user in a Node.js application using the Verification API and Node.js SDK to make and then report an SMS PIN verification.

The following diagram demonstrates the flow that happens to verify a user:

verification-flow

  1. The end user visits your website or service and tries to log in.
  2. Your backend then makes a request to the Sinch platform and initiates an SMS PIN verification request.
  3. The Sinch platform sends an SMS message with a one time PIN code to the phone number of the user.
  4. The user enters the code they received.
  5. Your backend makes a report verification request using the code the user entered.
  6. If the code matches, your backend will receive a success result from Sinch.
  7. The user, now verified, can proceed to log in to your site or service.
In this guide you will learn:
  1. How to set up your your Node.js app
  2. How to initiate an SMS PIN verification request
  3. How to report an SMS PIN verification code

What you need to know before you start

Before you can get started, you need the following already set up:

  • Set all Verification API configuration settings.
  • NPM and a familiarity with how to install packages.
  • Node.js and a familiarity with how to create a new app.
  • A mobile handset that can receive SMS messages.

Set up your Node.js application

First we'll create a Node project using npm. This creates a package.json and the core dependencies necessary to start coding.

To create the project, do the following steps:

  1. Create a folder called sms-pin-verification.
  2. Navigate into the folder you created and run the following command.
    Copy
    Copied
    npm init
    This command adds the package.json file. You will be prompted to provide values for the fields. For this tutorial, you can simply accept the default values and press enter at each stage.

You can install the Sinch Node.js SDK using either NPM or Yarn:

NPMYarn
Copy
Copied
npm install @sinch/sdk-core
Copy
Copied
yarn add @sinch/sdk-core

Create your file

Create a new file named index.js in the project and paste the provided "index.js" code into the file.

Modify your application

The code provided includes placeholder parameters. You'll need to update the parameters detailed in the following subsections with your values.

Initialize the client

Before initializing a client using this SDK, you'll need your application key and application secret for your Verification app, found on your dashboard.

To start using the SDK, you need to initialize the main client class with your credentials from your Sinch dashboard.

Copy
Copied
const {SinchClient} = require('@sinch/sdk-core');

const sinchClient = new SinchClient({
    applicationKey: "YOUR_application_key",
    applicationSecret: "YOUR_application_secret"
});
Note:

For testing purposes on your local environment it's fine to use hardcoded values, but before deploying to production we strongly recommend using environment variables to store the credentials, as in the following example:

.env File

Copy
Copied
APPKEY="YOUR_application_key"
APPSECRET="YOUR_application_secret"

app.js File

Copy
Copied
const {SinchClient} = require('@sinch/sdk-core');

const sinchClient = new SinchClient({
    applicationKey: process.env.APPKEY,
    applicationSecret: process.env.APPSECRET
});
Note:

If you are using the Node.js SDK for multiple products that use different sets of authentication credentials, you can include all of the relevant credentials in the same configuration object, as in the following example:

Copy
Copied
const {SinchClient} = require('@sinch/sdk-core');

const sinchClient = new SinchClient({
    projectId: "YOUR_project_id",
    keyId: "YOUR_access_key",
    keySecret: "YOUR_access_secret",
    applicationKey: "YOUR_application_key",
    applicationSecret: "YOUR_application_secret"
});

Save the file.

Initiate your verification request

  1. Now you can execute the code and initiate your verification request. Run the following command:
    Copy
    Copied
    node index.js
  2. Follow the prompts in the console and enter the phone number of the mobile handset to which you want to send the SMS PIN verification request.

    You should receive a text message to your mobile handset with a verification code. In a production scenario, this is the code that a user would enter into your app to verify their account.

    Troubleshooting tip

    If after running your app you receive a 5000 error response, you may have forgotten to save your file after adding your authentication values. This is an easy mistake to make! Try saving the file and running the app again.

    You should also see the JSON response in the console.

Report your SMS PIN code

Now that you've received the SMS PIN code to your mobile handset, it's time to report that code to the Sinch servers to complete the verification process.

  1. In the console, follow the prompts by entering the code you received on your mobile handset.
  2. If you entered the code that you received, you should see a success report response in your console.
  3. Enter Q in the console to quit the application or try sending a code to your mobile handset again and reporting an incorrect code to see what happens!

Additional resources

We'd love to hear from you!
Rate this content:
Still have a question?
 
Ask the community.
SecurityPrivacyLegal & ComplianceCookie Statement
© 2025 Sinch. All rights reserved.