What are the limitations of Verify SDK scope?


The scope defines the primary key for a user (a unique user) in Nexmo’s cloud. By default we identify users in our database as being unique for a combination of Phone Number, Device ID, and Application ID. This means when we Verify an end-user, we know that we have Verified a phone number for your application on a specific device at a given time. If we receive another request to check Verification status of the same end-user from another end-point (another device) or from another application that is associated to your API_Key, we will treat it as an non-Verified user and deliver them another OTP challenge to demonstrate they have access to the phone number.

Furthermore, these two user objects will have independent life cycles in our database. You cannot remove a phone number from the scope; it is mandatory. You can remove either or both of Device IDs and Application IDs from the scope. If you unchecked device, we will consider two verification requests (calls to getVerifiedUser()) for the same phone number from two different devices to be for the same end-user. If you uncheck application IDs, the same phone number from all your application IDs (associated to your API Key) will be considered as the same end-user.

You can use these to exhibit behaviour such as single sign on across your apps or multi-device seamless login approvals.

Have more questions? Submit a request