Here’s How the Generic SMS APIs Compare to Each Other (and RingCaptcha)

Even when your app is still in the ideation phase, you are probably already starting to think about user onboarding and authentication. You know you need the ability to onboard users via their mobile device (both for authentication and to allow them to download the mobile app with ease).  What you may be scratching your head on is which of the myriad solutions is right for your app.

Generic SMS Gateways in Our Test

Over the last 3 months, we’ve been testing several generic messaging APIs like Twilio, Nexmo, and others, specifically looking at performance issues that would be of great concern to app developers like yourself. Our testing was deeply focused on SMS reception — sending SMS for verifications and compiling the reception rate on various Android devices.  This data encompasses over six months of testing, so it serves as an average to show you the weaknesses of different providers, in certain areas, across several seasons.

Take a look below to see how these Generic SMS APIs compare:

How your favorite SMS gateway stack up across the world

How all SMS Gateways compare against deliverability, latency, reliability for different countries and carriers. 

Note:  While one provider may appear to be strong in a certain area, please know that this data changes often.  Busy seasons, like July 4, Black Friday, and the like, can make a carrier in a particular area no longer a consistent gateway.  This is why our Smart Routing algorithm chooses the best carrier at the exact moment of sending — what’s great at one time may be burdened beyond capacity the next time an SMS is sent in the same region.

What you can see is that implementing one of the generic messaging APIs can be a real problem if your app is designed to reach a global audience.  Performance and delivery can be an issue, especially in certain countries.

These generic solutions simply don’t perform well in some markets, including India, China, many European nations and in the Middle East.  Each of these markets have specific requirements for SMSs, and any messages that don’t conform will be denied.  User error, or even your own confusion (failure to escape special characters or to take into account regional dialing conventions), may lead to a large percentage of blocked SMSs. There are a variety of reasons a carrier may block your SMS.

Did You Get My SMS?

Your messages may be delivered, they may not be delivered – it’s often difficult to tell for sure without looking at the device. You may end up with a large number of unconfirmed users (a wasted opportunity if you can’t authenticate them quickly), but how do you activate them if you aren’t even sure if they got your SMS in the first place?

Reliability of delivery aside, there’s also readability to consider.  Your message may have gotten through, but if it isn’t encoded correctly, your SMS may appear to be spammy gibberish.

What We’ve Found Is That Generic Messaging APIs Aren’t Robust Enough

Developers choose generic messaging APIs for auth because they’re well-known and easy to understand.  Twilio and Nexmo dominate the market, but they just don’t perform to the exacting standards that many developers expect and require.  When an SMS is sent for authentication, you have to be able to rely on that message to be delivered – or obviously returned for a clearly understood reason.  You need to be able to rely on a solution that will correct a user’s mistake – even including recognizing a faulty user input and correcting it for all global numbering situations.

Your community’s growth and health depends on real users, and spammers and fraudsters will cost your app a great deal of money.  You need an SMS gateway that is easy to install, solves the deliverability problem and augments all of this with strong, actionable analytics.

Your app has got to be stellar to draw users, but you can’t lose them before they even get started.  RingCaptcha’s Smart Routing algorithm ensures your messages are being sent via the best SMS gateway per county.  It finds the right time of day to send and even the season to deliver it (if applicable).  Don’t settle for a generic messaging API, with one SMS gateway, to send SMS that you rely on.  With RingCaptcha, you get a mature solution, with hundreds of carriers — and better, the right one for each location — with just one API.

Integrating with RingCaptcha is easy.  Try the most reliable SMS authentication and onboarding partner — give RingCaptcha a spin.

Open Sourcing the JavaScript Widget

At RingCaptcha, we believe in a few things very strongly.  1-Phone numbers are the strongest identity signal. 2-Chuck Norris jokes still make us laugh.  3-Open source is the only way to succeed.  It’s always been a big part of our vision to release our code samples, SDKs, widgets and documentation under an open source license, and we’re continually pushing toward that goal.

Our efforts thus far, have been strong, with more than a dozen open source repositories on Github, and more to come.  Our latest push adds the RingCaptcha Onboarding Widget, released under the Apache 2.0 license.

The Javascript onboarding widget is only a few lines of code during implementation (easy peasy), but we knew that many of you would want to see what was under the hood here, so to speak.  By placing the widget code on Github, under an open source license, we’re giving you the keys to really customize the onboarding experience for your users, without having to reinvent the wheel.

It’s our hope that by providing this widget under the Apache 2.0 license, you’ll take it and fork it at will.  Derivation is the highest form of flattery!  We know that your additions and suggestions will make RingCaptcha the simplest, and most reliable way to do SMS onboarding and authentication, and for that we are grateful.  We’re proud of our commitment to the open source community, and we will be releasing more code regularly.  Please follow RingCaptcha on Github to take advantage of all our upcoming releases.

Let us know what you think!

Leveraging RingCaptcha for User Authentication with Layer

The phone number is shared across an intimate spectrum of friends, colleagues and family — the uniqueness and longevity of the phone number, plus the intimate social graph make the phone number simply the best form of user identity.  An SMS requiring a PIN code can authenticate ownership/identity pretty fast and easy.

RingCaptcha is the simplest, most reliable way to authenticate and onboard users on a worldwide scale. Layer is a complete building block for communications — allowing any developer to embed chat functionalities within their app. Marry the two for a seamless communications experience, from authentication to continued messaging.

Integration Options

Chat applications (WhatsApp, Line, KakaoTalk, etc.) realize the importance of the phone number as the unique identifier, so understanding how to integrate between Layer and RingCaptcha is important.  Your choice on how you prefer to integrate the two really depends on your need to customize vs. your time available.  If you have the time and expertise, you can really get your hands dirty and hook straight to the API.  On the other hand, if you don’t need such a custom solution and time/effort is a concern, you can choose the built-in 2 step verification UI for iOS/Android/HTML — it’s a set-and-forget solution.

Putting Them Together

As the building block for messaging, Layer requires usage with a developer’s own identity manager. You build a service that replies back with a JWT token signed with your private key.

You can either build your own for this example or you can use RingCaptcha as your identity token provider.  Reach out to and we’ll set your RingCaptcha API key to receive the signed token to use for Layer authentication.

See For Yourself

Take a look at the Chat App iOS Example, available on GitHub and fully open sourced.  Use it as a simple, quick start example.  Check out the sample code for easy integration of RingCaptcha 2-step verification UI for a non-authenticated user, authentication with Layer and display of ATLAS messaging UI.

Start by getting your RingCaptcha and Layer keys. Instructions can be found in the README.MD file.

Check out the Chat App for iOS here.  We can’t wait to see what you build with this!

Phone Numbers Are The New User Identity

The Ubiquitous ID

Phone numbers are the fastest, personal and most intuitive identity to use in the mobile era. And just as crucial, phone numbers are persistent and unique; they are unique across all networks, both on web and mobile from the internet to the Telcos. While many of us consider mobile verification merely a simpler way to sign-up to trendy apps, particularly while on mobile, for some, the mobile phone number has become their means of user identification.  In emerging markets, mobile internet access exceeds desktop access by leaps and bounds.  And in the developed world, many young people are accessing the internet for the first time via a mobile device.

Phones Are Incredibly Common

Almost everyone has one – the number of people with phones has even exceeded the world population.

The human population is growing at 1.2% annually, which comes in at about two people per second.

The number of devices, on the other hand, is multiplying at a rate five times that.

Phones are everywhere. Many people will retain a phone number for decades, and in most cases, they are associated with a single person, making them an almost perfect unique ID.  For these reasons, it’s becoming common practice in many industries to require a phone number during the registration/onboarding process; taxi hailing, messaging, and social networks.

And users like the convenience of using their phone as their identity.  While we all struggle to remember convoluted passwords, a myriad of usernames and PIN numbers that don’t make sense, everyone knows their own phone number — 10 digits they’ll always remember (no more of the silliness). They’re memorable and easy to type, a significant factor when more than half of all internet usage is via a mobile device – for app developers, whose sole usage is mobile, the case for mobile phones as the verification means is even clearer. If a user has downloaded your mobile app, there’s an almost surety he or she has a phone number with which to verify it.

Changing the Standard

We can’t assume that because email authentication has been the de facto standard for decades, that it’s the right way to move forward.  For younger users, or those in emerging markets, who are accessing the internet for the first time via a mobile device, the phone number is their entry to the internet.  The mobile phone is the new user identity, and we should be prepared for this.

The Social Graph Grows Apps

The phone number holds the key to the most intimate social graph someone holds – their phone contacts.  While Facebook, and even email contacts, can be made up of many people who the user doesn’t really know (or even care to know), the people that mean the most to them are often a part of their phone contacts.  Authentication via the user’s phone allows you to offer a variety of helpful ways for the user to share your app throughout his trusted phone contacts, in a way that is trusted and full of value.

Getting a Phone Number Takes Work

Phone numbers require both financial resources and effort to obtain (and maintain).  In many countries an ID is required to obtain a phone number, so the time cost of losing a phone number is substantial.  They’re often tied to lengthy applications and have a monthly cost to maintain.  So there’s some level of effort to get a phone number, and there’s a substantial reason to avoid losing it, which is an abuse deterrent.  And, phone numbers can be traced, an additional barrier to abuse.

While some developers still use email or IP as a way to pinpoint who a user is, in real life, both of these verification methods are flawed. Emails are easy to obtain, and free.  Lose one, and it’s simple to get another one.  Some community managers spend a part of each day looking for ‘batch emails’ that spammers create in bulk.  IP addresses are again, easy to obtain, change often on mobile, and are child’s play to spoof.  Unlike these current ‘standards’, the phone number is both unique and has a sizable barrier to entry.

It seems that for majority of websites and apps out there, 2-Step verification is no longer a nice-to-have addition to your app, it’s almost mandatory.  Knowing that your users are real people is vital to a strong, growing community.  Many players have already embraced phone numbers for verification, and those that haven’t continue to give us all examples to learn from.

Want to get started onboarding and verifying your users via SMS?  Check out the RingCaptcha docs.

The Most Common Issues You’ll Encounter When Implementing SMS Verification In-House

These days is becoming very common to see new trendy apps implementing SMS verification in the app store arena. Why is that? Simple, they understand that SMS verification is key to providing users with a better onboarding experience and building an app that grows in a healthy , sustainable way.  Developers use SMS for onboarding new users, often right from the landing page, and it’s also used to make sure that each of an app’s users are real people, and not fake.  But, after implementing this process ourselves with Generic Messaging Gateways, we found the SMS verification process is incredibly clunky. 

Carrier issues, fraudsters and even your users are getting in the way, and until now, the solutions offered were merely Band-Aids.  What may surprise you is that even the big guys often can’t handle SMS authentication correctly.

So what’s left for developers with limited resources focused on specific product features, could the onboarding process handle that level of growth, overnight? 

That’s the story of how RingCaptcha was born. Here are some of the issues and hard-core details of the SMS verification loop we faced while building RingCaptcha that you should take into account before doing it yourself.

SMS Reception

Developers place a significant focus on scalability, and for good reason — if your app can’t handle new users, it’s game over.  So, focusing on scalability is great, but you can’t forget that when it comes to new user onboarding, and specifically user verification, it’s all about the SMS.  SMS reception can be a tricky nut to crack, because typically it’s difficult to tell if the SMS was received at all.  Let’s look at the primary issues that you will face when you implement SMS verification on your own.

SMS, in essence, is a non-guaranteed delivery service by the carriers and they use this to excuse their lack of interest in fixing the multi-layer problem that is SMS reception. You can’t trust the data you receive from the carriers – sometimes SMS reception is confirmed by the carriers when the new user did not, in fact, get the SMS.  Looking at the device is the only real way to know if your SMS was received, and that’s just not feasible.  With more than 1k carriers worldwide, no app developer can afford the resource drain that this method would entail.

While there are a variety of places and processes where SMS reception can break down, most of your problems will be due to User Error and Carrier Blocking. 

User Error encompasses several of your most challenging issues with SMS reception.  Device connectivity on the user’s end can cause a variety of issues – Is the phone in a good service area?  Is it turned on?  Is the phone in question an SMS-enabled phone?  And then there’s the User Error that pertains to the actual typing in of the phone number.  Is it in the correct format?  Have they included country code (or not included it), according to the carrier rules (that they probably don’t understand)?     

Carrier Blocking is another conundrum, and the reason for blocking may even be difficult to pinpoint.  Your message may be flagged as abusive — spam, violation of country or carrier standards or even because you are using a ‘spoofed’ alphanum “BrandX” ID.  If the SMS is sent internationally, it may be bulk blocked by the carrier. 

Whatever system you design must take into account the unreliability of the carrier success messages, the individual country regulations, each carrier’s quirks and user error if you’re to end up with a solution that comprehensively solves 2-Step verification.

Scam and Fraud

After you’ve ironed out the intricacies of sending and confirming receipt of the SMS verifications, now let’s talk about the people who exist to bork all your hard work – scammers and fraudsters. 

For several reasons, it’s important to make sure each user is a real person.  For one, you can’t build a thriving community when a significant portion of your community exists for nefarious purposes.  But, of equal importance is that spammers cost you money – so it’s vital to make sure that your users are real people.

As you probably know, fake user accounts set up in bulk are a frequent tactic of fraudsters.  Some of RingCaptcha fellow devs have reported that a bunch of their fraudsters were using services like Free SMS Online or VoIP phone equivalents (Skype, Google Voice) to trick their verification systems.  If you fail to tackle spammers and fraudsters, they can bombard you with registrations that cause your systems to send out multiple, spam-like SMSs.  Throttling systems built early on can prevent this from happening, but that is often only obvious in hindsight.

Losing money due to spammers and fraudsters is more than frustrating; it can be the kiss of death for your app’s growth.  For this reason, it’s vital that user verification works, from the outset.

Insights That Won’t Help You Grow

After you put the effort into solving SMS reception and gotten ahead of the spammers, insights is your final hurdle – and it’s another tricky one.  While your web analytics can give you a great number of important details, understanding SMS delivery is a whole different ballgame.  Each carrier can offer you some level of information, though much of it is based on their definition of delivery, which likely differs from yours.  There is some useful intelligence there if you’re willing to cull it.  Even so, this information is siloed at the carrier level. 

Unless you have the bandwidth to roll this data up into a meaningful dashboard, making sense of the data is difficult.  But it’s important to spend some time thinking through this, admittedly, hefty project. Informed decisions are ones that are based on solid intelligence: latency insights, a detailed breakdown in conversion rates, app downloads and more. 

Generic Messaging APIs, like Twilio are great, but Messaging APIs like this focus on just one layer of abstraction above Telcos.  Thoughtful user onboarding and authentication has to take all of the above issues into account, including blocking fake users, tracking verification rates in real-time, and even understanding users enough to predict the phone number they meant.

If after reading this story, you realized you don’t want to waste your time on these issues and focus more on your product, start leveraging RingCaptcha with it’s two-step simple integration.  RingCaptcha makes SMS authentication easy.

Integrating RingCaptcha for Onboarding

In order to implement RingCaptcha in Onboarding mode, you just need to copy & paste an HTML snippet onto your landing site. This will display the onboarding widget, where the user begins the process by entering their phone number; the system will send a one-time passcode and deep-link to the user’s mobile phone; after the user taps on the link they will be taken straight to download your mobile app in their respective application store. Now, once the user opens the app for the first time, the system will require the one time passcode sent in the text to expose the phone number identity to you.

Start by creating an app in the RingCaptcha panel pointing to your app store ids. Keep in mind the application name will be used in the SMS text. Follow the steps depicted in this video.

If you are unsure how to grab your application ids, just go to the Google Play Store and Apple Itunes store – search for your app in each of them and copy these items from the URL:



Now that the landing page has the widget on it, it’s time to integrate the iOS and Android SDKs to retrieve the identity of the phone number in your app. If all you are looking for is just to send the text to the user without verification you can skip this step, but if you are looking to receive verified users in your app, follow these steps to integrate the SDK into your iOS app.

Follow these steps to integrate it into your Android app.

Once you integrate the SDKs, when the user opens the app for the first time and they input the one time passcode sent in the text you will receive the phone number identity of the user that requested the download to uniquely identify them in your system.

All set, give it a try, release it and enjoy the warm breeze of summer hitting home soon.  RingCaptcha makes SMS onboarding easy.  Get started with RingCaptcha now.

Really excited to introduce Onboarding

Using Ringcaptcha in Onboarding mode is a new way to get users from your landing page directly to your app.

We thought startups, markerters and growth hackers needed a simple tool to get their potential users directly to their app in their mobile devices while verifying them in a single step. And that’s actually pretty simple now that RingCaptcha is around. A few weeks ago we added some funtionalities like deep-linking capabilities in our SDKs and a new JS plugins to allow you to convert desktop users to app downloads.

You may argue – hey, I already have the app store buttons in my landing page. Can’t my users just look us up in the app store? Well, yes, but how many times do you open the app store and find yourself getting lost downloading the newest trendy app? When you launch on ProductHunt or HackerNews and drive massive desktop traffic, you don’t want to loose the one-chance opportunity to let the users discover your app. Remember users are lazy, they may leave your landing  or get lost in the messy app store.

Onboarding allows you to cut the noise of the messy app stores as they’re just one click away to your app – so the colorful distractions in your landing app or app stores won’t be an issue.

How onboarding actually works?  When your users find your landing, enter their cell phone number, and they’re sent a link via SMS that goes directly to your app. Then they simply click, download your app and get verified by the RingCaptcha’s SDK.

To sum up: Onboarding increases your conversion rate by simplifying the process of downloading your app, it drives traffic from web to mobile while allowing you to build a more trustworthy community. The cool thing is that It takes users from their desktop to their mobile device in seconds, giving them fast and immediate access to begin using your application.

Really, it’s that easy:

  1. Users are on your app’s landing page, decide they want to download the app, and enter their cell phone number.
  2. Even if they miss a digit on their cell phone, our normalization process will fix their number in accordance with global standards – and off goes the text.
  3. The user will then receive a link that, when pressed, will go directly to your app.
  4. After the customer types in the 4 digit code given, boom – user gets verified.

For more information about you can drive massive traffic from web to mobile, increase your conversions and how to implement it in your landing page, give RingCaptcha a try.

When a Bad Apple Spoils the Bunch

With the growth of the sharing economy and start-ups like Uber and Airbnb on the rise, trust, transparency, and authenticity have become critical factors to stand out from the crowd and build the fundamentals of any online community.

However, and this is the tricky part, in the realm of online marketplaces – all sites, even the most horrible of them – claim to be trustworthy. Yet many users still suffer from scams, fake orders, fake bookings and stolen payment information.

I mean, how many times we have heard stories, personally or through the news, like the typical Airbnb host who returned from a business trip and found his / her apartment destroyed by a tenant or what about any of the common Craigslist spam and scam tricks: buying fake tickets, untruthful landlords, car buying/selling fraud, or falsely solicited job ads?

Believe me, there’s a laundry list of fraudulent stories I’ve heard from friends and read about that has severely damaged my faith as a user in particular marketplaces.

I personally, and I’m sure the most of you, love the fact that these platforms can cut out the middleman, eliminating unnecessary extra expenses while offering us a safer place to connect, complete transactions, and communicate with others. But, how do successful and effective marketplaces do it?

The answer is simple: they build trustworthy-driven communities where trust is a major pillar for their growth. They keep the loyal audience in and the fraud out, because at the end of the day, just one bad apple (as in a dishonest user) can ruin the bunch (an entire community down).

Since phone number verification has become widely used by the community, many marketplaces are switching and adopting RingCaptcha on their apps as a new layer of trust. With RingCaptcha, you have a universal and simple way to require users to provide a piece of traceable information, confirming their identity with who they claim they are.

You can implement RingCaptcha in a marketplace in a few ways, as an optional or mandatory step – e.g. on a profile information – or when suspicious activity triggers further verification

To know more about how to implement RingCaptcha on your website or application, please check out Martin’s video here.

When Things Look “Phishy” in Gaming

Disclaimer: I’m not a video-game developer; I’m just a gamer speaking my mind.

The world of gaming has changed: what used to be a fun, carefree distraction from work has turned into a dangerous, thieving distraction from work. Phishing (and not the kind with the pole) has entered our world, making it a little more difficult to waste client hours playing League of Legends.

What am I talking about exactly? Well, you may remember what happened to Mat Honan of Wired, who was epically hacked.  Nothing was off limits to scammers that wanted –of all things – his three-letter Twitter handle. For literally the gain of three letters and an @ sign, this guys took all his pictures off his MacBook (sadly of his one year old growing up), shut down his phone, among other things. So who are these new “bad guys and girls” who take our goods? Whoever they are, they can do a lot of damage, even for a little gain – and they’re way, way too smart.

I mean, admit it, we’ve all spent a little cash trying to pass that ridiculously hard level on Candy Crush or to buy a new weapon on World of Warcraft, and hey, that’s not a crime. What is a crime is scammers getting our account information and taking these goods away from us in the game. After we (somewhat shamefully) shell out real world cash, these people take away our loot – and they do it pretty easily. But having my stash of goods online taken isn’t my biggest worry (though it’s pretty frustrating), what I’m afraid of is these scammers gaining access to my credit cards, Apple IDs, and real world bank information.

What’s worse is that game creators make it really easy and desirable to spend real money on online games, and the bad guys are just waiting for us to type in those credit card digits. So how can we stop this madness? What are we supposed to do – because obviously we’re going to keep spending money on games.

One trend I’ve spotted is gamers using two-step verification when a game account is accessed or altered from an IP address or location that looks a little “phishy.”  Even enabling two-step verification on Gmail helps keep those pesky scammers out of our lives. Game developers are now realizing this large looming threat (and how it will really negatively impact their sales), so we’re seeing more options to keep us safe and focused on our virtual worlds.

If you are a game developer and/or reseller, I highly recommend you to use RingCaptcha to quickly integrate plugins to allow 2-step-verification for all your apps. Sign up here, setup your app and go!