Registration verification code for sale: hand in hand to take you to ariyun SMS verification code (full-process practical operation guide)
When many people connect with SMS verification codes for the first time, they always whisper in their hearts: all kinds of keys, signatures, templates and SDK sound too big.
In fact, the success of sending SMS is divided into three steps:
Go to Aliyun background to apply for qualification, call interface in code, and handle security and anti-brush.
Today we will use the most down-to-earth language to explain this process thoroughly. Prepare your Aliyun account and we will start now.
Register verification code to purchase
The first stage: the "three-piece set of customs clearance hooligans" in the background of ariyun"
Going backstage to Aliyun is like going to the office hall for approval. You have to take all the following three things to make the code work.
1. Signature (who you are)
at the beginning of the text message
Your product name]
Is the signature. In order to prevent fraud, the state is very strict and cannot write blindly.
Pit Avoidance Guide: If you haven't registered a company, you can apply with the name of your online personal website, APP or WeChat applet. If there is nothing, there is a high probability that the audit will not pass.
Speech skills: the reason for application reads: "it is used to send verification codes when App users register and log in. it is online and the App name is XXX".
2. Template (what did you send)
Register verification code to purchase
The template is the specific content of the SMS. The template of the verification code is very simple, generally:
Verification code ${code}, you are registering as a new user, valid within 5 minutes, do not disclose to others.
Here ${code} is a placeholder, and later your code will pass in the real 4 or 6 digits.
3. AccessKey (your pass)
This is the most crucial thing. It contains
AccessKey ID
and
AccessKey Secret
(AK/SK).
Popular understanding: it is your account number and password in ariyun. It must be brought into the code before ariyun knows whose money should be deducted for this SMS fee.
Security Warning: Never post AccessKey on GitHub! Otherwise, your account could be maxed out by hackers within minutes. It is recommended to write it in the server's global environment variables.
The second stage: don't be afraid, on the code!
With "signature, template, AccessKey", we can write code. Here take the most common
Node.js
and
Python
For example (the logic of other languages is exactly the same).
Example 1: Python Version
First, install Alibaba Cloud's official SDK:
Bash
pip install alibabacloud_dysmsapi20170525==2.0.24
Then, send the code directly on the core:
Python
import os
from alibabacloud_dysmsapi20170525.client import Client
from a
libabacloud_tea_openapi import models as open_api_models
from alibabacloud_dysmsapi20170525 import models as dysms_api_models
def send_sms_code(phone_number, code):
#1. Initialize the configuration and read your clearance key from the environment variable
config = open_api_models. Config (
access_key_id= OS .environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID')
access_key_secret= OS .environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET')
)
# Alibaba Cloud SMS fixed service address
config.endpoint = 'dysmsapi.aliyuncs.com'
client = Client(config)
#2. Assemble your SMS content
request = dysms_api_models. SendSmsRequest (
phone_numbers = phone_number,# mobile phone number receiving SMS
sign_name = 'your text signature',# e.g. [geek notes]]
template_code = 'SMS_123456789',# the ID of the template you applied
template_param = f'{{{"code":"{code}"}}'# Insert a random verification code. It must be a JSON string
)
#3. Send and view results
try:
response = client.send_sms(request)
if response.body.code == 'OK ':
Print ("SMS sent successfully! ")
return True
else:
print(f"
Failed to send, reason:{response.body.message}")
return False
except Exception as error:
print(f "system error:{error}")
return False
Example 2: Node.js Version
If you are using Node.js, install this package:
SMS verification code purchase
Bash
npm install @alicloud/dysmsapi20170525
The core code is as follows:
JavaScript
const { default: Client, SendSmsRequest } = require('@alicloud/dysmsapi20170525');
const OpenApi = require('@alicloud/openapi-client');
async function sendSms(phone, code) {
let config = new OpenApi.Config ({
accessKeyId: process.env.ALICLOUD_ACCESS_KEY_ID
accessKeySecret: process.env.ALICLOUD_ACCESS_KEY_SECRET
endpoint: 'dysmsapi.aliyuncs.com'
});
let client = new Client(config);
let request = new SendSmsRequest ({
phoneNumbers: phone
signName: 'Your text signature ',
templateCode: 'SMS_123456789 ',
templateParam: JSON.stringify({ code: code })
});
try {
let result = await client.sendSms(request);
if (result.body.code === 'OK ') {
cons
ole.log ('Sent Successful');
} else {
console.log ('Failed: ', result.body.message);
}
} catch (err) {
console.error('reported wrong:', err);
}
}
The third stage: the user registration when the complete business logic (novice must see)
Many novices think that the above interface will be completed. In fact, in real business, your back end still has a lot to do. A standard "verification code registration" process is as long as this:
[user's mobile phone number]-> 1. check the format of the mobile phone number-> 2. check the sending frequency (60 seconds limit)-> 3. generate a 4-digit random number-> 4. store it in Redis and set it to expire in 5 minutes-> 5. call alibaba cloud to send
Why is Redis (or database caching) necessary?
Because
Ariyun is only responsible for helping you send out short messages. It is not responsible for helping you remember the verification code!
When the user receives a text message, enter it on the phone.
1234
When clicking submit, your server must know whether it was just sent to him or not.
1234
.
When sending: generate a random number 1234, store it in Redis,Key is sms:register:138 xxxx0000,Value is 1234, and set the expiration time to 300 seconds.
On verification: the user submits the 1234. The backend goes to Redis to check the value of sms:register:138xxxx0000. If it is correct, pass; If it is not correct or cannot be found, return "verification code error or expired".
The fourth stage: anti-brush battle (if you don't look at this section, you may lose your underwear)
There is a group of people in the hacker circle called "SMS bombers". They will use scripts to call your registration interface crazily, which can consume tens of thousands of SMS fees in one night. In order not to be a sucker, you have to add a back-end
Three Firewalls
.
Protection level
Specific means
Why effective
Number one: Time limit
A single phone number can only be sent once in 60 seconds.
Intercept the front and back end of the continuous hand shake crazy point.
The second: graphic verification code
Before clicking "get verification code", you must first slider or enter the image verification code.
the most effective means. Block the scripting machine directly out of the door.
The third: total limit
Same mobile phone number, same IP, up to 5 within 24 hours.
Even if the first two lines of defense are lost, you can stop loss in time.
Supplementary note: Alibaba Cloud has a "universal security protection" function in the background. Remember to go backstage and set the "one-day sending limit" lower (e. g. 100
0). In this way, in case the code writes a Bug or is brushed, it will automatically fuse when the limit is reached, so that you will not lose everything.
Debug Debug Formula
When you run the code and find an error, don't panic. Ariyun's error code (SubCode) is actually quite clear:
SMS verification code purchase
Isv. MOBILE_ NUMBER_ILLEGAL: The format of the mobile phone number is wrong. Check whether the 11 digits are written wrong or mixed into spaces.
BUSINESS_ LIMIT_CONTROL: Trigger frequency is limited. This means that you tested too frequently and were temporarily intercepted by ariyun. wait a minute and try again.
isv.SMS_SIGNATURE_ILLEGAL: Signature is illegal. Check whether the signature in your code is even one word wrong with the signature approved by Aliyun background (not even one more space).
SMS verification code purchase