I have an api thats sends text messages to users, and i was thinking, to make a function generating a random 5 digit code, and send it with the api on their phone and then when they input the code, verifying if the code is the same, In order to create a sign in/up system.
My question, is about the how secure this practice is based on either, if someone can interrupt the api request and get the code, or even if its possible to get the code generated, directly from the function.
and im asking this because from what i have seen, all these kind of systems work by generating the code in the backend and verifying the code in the backend
It might sound silly, but i have no idea how these things work.
What do you think about this idea, is it doable?
I´d say its reasonably easy to implement and proportionally secure.
For a random number, just use the math RANDOM function x10 and INTEGER. Play with it to make sure the results are not predictable based on app start time etc. Its all down to how Random the function really is. You can always further randomise it by adding some part of the time to it.
Thinking about the security - don´t over complicate or stress this unless your app has access to a bank account or similar. If someone can intercept the API request then they have probably already hacked the users WiFi and have access to every keystroke.
Out of interest, which SMS provider are you using and what is the cost per message?
Perfect, that’s exactly what i needed, thank you so much,
as for the sms service, im using this one, for two reasons,
1 and most important, it doesnt require you to have a company(i spend much time searching)
2 its very easy to use
As for the prices, they are good, there are some with a bit lower but they require to be a company
An other one i want to test, is this i think is as good but a bit more expensive
(prices for sms to greece)
the cost is approximately, 0.05 euros/sms for 500 - 999 smss (before tax, here is 24%)