
Prove: Phone verification for developers - jdorfman
https://getprove.com/
======
moxie
This is one of the biggest headaches I have as a developer of two mobile apps
that require number verification. But the headache isn't because the
twilio/nexmo/clickatell/etc APIs are too complex, or because I don't want to
deal with adding a single verification code column to a user record in the DB
schema, but because the delivery success rates for the SMS gateways I've been
using are quite bad.

Most of my time is spent trying to figure out which mobile networks which SMS
gateways will deliver best to, and then directing the correct verification
traffic through those gateways accordingly. Which is a nightmare, in part
because the successful delivery rates for different areas and networks
constantly changes.

If this is the problem that Prove is solving, I think emphasizing that (or at
least mentioning it somewhere) on the website is important. I would be an
eager customer.

~~~
EGreg
Why don't you just use Twilio or something? It doesn't deliver to all mobile
phones on US carriers?

~~~
niftylettuce
we're powered by Twilio right now

------
makerops
I think you can charge a lot more than 5c for this service. I think developers
tend to think about margins as it relates to the service that the app is built
on (this case twilio). Even though they charge 1c per text, you need to base
your pricing on what a verified phone number is worth to someone using the
service. If a verified number is worth 10$, you can probably charge more like
20-30% of that (maybe more).

I'm just regurgitating: [http://www.kalzumeus.com/2011/12/19/productizing-
twilio-appl...](http://www.kalzumeus.com/2011/12/19/productizing-twilio-
applications/)

~~~
moxie
But the target customers are developers. If this is simply a productized
Twilio API, then it's not a huge time savings for a developer. If you need to
verify users, it means your app is structured such that there's already a back
end, and you already need to store a user record. Generating a random number,
putting it in the user record, and calling a Twilio API isn't really a huge
drag.

~~~
tnorthcutt
"Developers don't pay for stuff!"

(they do)

~~~
tlrobinson
But do they pay 5x for a relatively thin layer on top of Twilio (or similar
service)?

------
jaredstenquist
I built something thing like this using Twillio for my Caller ID test tool.
Visiting the site creates a unique pin number and you have to call in and
enter it.

<http://www.calleridtest.com>

Twillio makes the development of things like this a breeze.

------
mzs
This is a bit off topic, but I don't own a cellphone and the verify via SMS
trend is starting to worry me. It would be better if it had an option where it
called and used text to speech for the autogenerated pin, but I probably would
not give my phone number to the vast majority of sites anyway.

~~~
Lexarius
You might want to look into getting a prepaid phone of some kind, even if it's
not a smart phone. Having a portable emergency communication device seems like
a good idea even if you're opposed (for whatever reason) to cellphone use in
general, and a prepaid phone won't give you monthly bills or contracts to
worry about.

If that's no good, then how about Google Voice? In addition to its other
useful phone-related features, it allows sending and receiving of text
messages.

~~~
mzs
My wife and I used to have tracfones. I just went and pulled mine out of the
box here. It only says motorola on it, no model number or anything other than
that. I really liked that phone, it was simple, great battery life, and got
reception where others did not. What I did not like is that I paid more than
$200 for them and about a year later tracphone said they would no longer work
on the phone networks here. What a colossal waste of money that was. I'll keep
spending my money on tools in case of emergencies. My wife does have an iphone
with a contract now though.

Maybe I should do the google voice thing though, good suggestion, thanks.

------
krosaen
Doesn't Duo Security do this really well already?

<https://www.duosecurity.com/docs/duoweb>

Once I can load the webpage will be interested to see if there are any
differentiating features that make it easier to get started as a developer.

~~~
moxie
Duo is for two factor authentication, where my impression is that this is for
signup verification.

Consider mobile apps like WhatsApp, which use your existing mobile number as
your identifier. This makes a lot of sense for a bunch of reasons, but it
requires the app to somehow verify that the number you enter is actually your
number. This is commonly done by having the service send a verification code
in an SMS, which you then enter back into the app.

~~~
trhaynes
Duo's "Verify API" does just that:

<https://www.duosecurity.com/docs/duoverify>

------
toddhd
This looks like a cool service, and I am starting on a new project that might
benefit from something like this. But the page failed to load 3 times, and the
4th time it took about 10 minutes to load. Maybe you are just getting
overloaded from HN visitors, but still, that's a problem.

Do you also offer this as a service that can be implemented natively from
another application? In other words, I'd rather not go to your homepage to do
this, I'd prefer the customer add his/her information on my website, and have
the processes automated with the results sent to me.

~~~
niftylettuce
edit: EC2 was slow at first, but problem was redistogo

~~~
Deestan
As someone about to use EC2 for some heavy servers, I would appreciate if you
could tell me:

a) How huge an EC2 instance do you have?

b) What tech are you serving from? Express, ASP, JSP, etc...

~~~
niftylettuce
a) large instance b) express/node

the core problem was redistogo, not primarily ec2, though someone else takes
up a lot of CPU on my shared instance

------
rogerbinns
I use Google Voice where possible, and especially for SMS. Regular SMS to/from
my phone costs 20c per message (usual US carrier nonsense). I've found that
most places that claim to send SMS fail to send to Google Voice, and provide
no diagnostics that they failed. Given SMS supports receipt notification that
is a strange.

~~~
jonemo
I have the same headache with Google Voice not receiving most confirmation SMS
and was delighted to see that the test SMS I just sent using this service came
through. Well done!

------
smarx
FYI, one of the examples we wrote for Webscript does simple mobile phone
verification: <https://www.webscript.io/examples/mobileverification>

We thought about building something like this as a paid service, but we didn't
think it could be very profitable.

------
niftylettuce
Okay, the problem wasn't EC2. The problem was Redistogo. Everything fixed.

 __

<https://getprove.com>

 __

~~~
Blahah
SSL error

~~~
niftylettuce
should be up now, maybe your DNS is taking a bit, try again in a few minutes

i migrated assets to CDN, but still transferring some now, so fonts might now
show up yet :)

------
guyht
FYI, your lock icon is not showing up for me, you may want to check your
encoding.

~~~
nwh
Nor for me on OSX / Chrome 28.0.1500.20.

~~~
niftylettuce
icons work now.

------
EGreg
This is definitely cool, but it's just one thing that any "social framework"
would do. Verifying emails or verifying mobile phones is a basic step in any
user signup.

------
guyht
Signup is broken.

When I try to sign up for an account I get an error "User already exists".
This is the case for any email address I enter.

~~~
niftylettuce
thanks for letting me know, hang on.

EDIT: SIGN UP WORKING

------
ldubinets
The css isn't loading. Seems HN has broken yet another website.
Congratulations!

~~~
niftylettuce
yea thats EC2 for you, should have had assets on s3/cloudfront like always...
wasn't expecting this

~~~
toomuchtodo
No one expects the Hacker News inquisition!

Always always always host the static bits in S3/Cloudfront or some other piece
of machinery that can spit them out quick when you show your work off.

~~~
niftylettuce
they are on S3/Cloudfront now. migrating the last of the assets such as fonts
currently.

------
mrilhan
Getting this: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

~~~
niftylettuce
edit: see above comment, problem was redistogo

~~~
simonw
Suggestion: use varnish. That way you can easily absorb massive spikes in
logged-out GET traffic (such as that caused by being on Hacker News).

------
jasonlotito
10 years later, and this is still a challenge. My biggest regret is not taking
this technology and putting an API behind it and offering it up. Oh well.

~~~
benjamincburns
> Oh well.

Why "oh well?" Not to be pedantic, but if it's your _biggest_ regret, what's
stopping you?

------
jtchang
Saving this to try it out later.

