# Twilio Phone Verification Setup

## 1. Get Your Twilio Credentials

1. Go to your [Twilio Console](https://console.twilio.com/)
2. Find your **Account SID** and **Auth Token** on the dashboard
3. Go to **Verify** > **Services** in the left menu
4. Create a new Verify Service (or use existing one)
5. Copy the **Service SID**

## 2. Update Backend Configuration

Edit `/api/includes/functionsTwilio.php` and replace these values:

```php
define('TWILIO_ACCOUNT_SID', 'YOUR_ACCOUNT_SID');        // e.g., 'ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
define('TWILIO_AUTH_TOKEN', 'YOUR_AUTH_TOKEN');          // e.g., 'your_auth_token_here'
define('TWILIO_VERIFY_SERVICE_SID', 'YOUR_VERIFY_SERVICE_SID'); // e.g., 'VAxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
```

## 3. Test the API

### Send Verification Code
```bash
curl -X POST http://95.216.214.115/api/ \
  -H "Content-Type: application/json" \
  -H "api: cYb8hJkSZXuo5CvQqm53" \
  -d '{
    "endpoint": "auth/phone/verify/send",
    "phone_full": "+31612345678"
  }'
```

### Verify Code
```bash
curl -X POST http://95.216.214.115/api/ \
  -H "Content-Type: application/json" \
  -H "api: cYb8hJkSZXuo5CvQqm53" \
  -d '{
    "endpoint": "auth/phone/verify/check",
    "phone_full": "+31612345678",
    "code": "123456"
  }'
```

## 4. Frontend Usage

The API methods are already implemented in `ApiService.js`:

```javascript
import { homeApi } from './services/ApiService';

// Check if phone exists
const checkResult = await homeApi.checkPhoneExists('31', '612345678');

// Send verification code
const sendResult = await homeApi.sendPhoneVerificationCode('+31612345678');

// Verify code
const verifyResult = await homeApi.verifyPhoneNumber('+31612345678', '123456');
```

## 5. Trial Account Limitations

⚠️ **Important**: Twilio trial accounts have limitations:
- Can only send SMS to **verified phone numbers**
- You must add test numbers in Twilio Console > Phone Numbers > Verified Caller IDs
- Limited number of messages per day
- Messages include "Sent from your Twilio trial account" prefix

To remove limitations, upgrade to a paid account.

## 6. Integration Flow

1. User enters phone number in registration form
2. Call `checkPhoneExists()` to verify it's not already registered
3. Call `sendPhoneVerificationCode()` to send SMS
4. User enters the 6-digit code
5. Call `verifyPhoneNumber()` to validate
6. If verified, allow registration to proceed

## 7. Error Handling

Common errors:
- `21211`: Invalid phone number format
- `21608`: Phone number is not verified (trial account)
- `60200`: Invalid verification code
- `60202`: Max check attempts reached
- `60203`: Max send attempts reached

## 8. Security Notes

- Never commit your Twilio credentials to Git
- Consider moving credentials to environment variables
- Implement rate limiting to prevent abuse
- Add CAPTCHA for additional security