我不知道这些短信注册机制是如何工作的。我搜索在互联网上，但问题是，有这么多的短信提供商而想在网上卖短信服务，我无法找到任何东西...

I'm wondering how these sms registration mechanisms work. I searched in the internet, but the problem is, that there are so much sms-providers which want to sell online-sms service, that I can't find anything...

问： 这是如何工作：将你的手机号码，我们会向您发送一个一次性的注册code短信。将这个code到我们的应用程序。

Question: How does this work: Set your mobile-number, and we will sent you an SMS with a one-time registration code. Put this code into our app.

背后有什么？他们有一个短信网关或像这样的东西吗？那岂不是成本太高？

What's behind? Do they have a sms-gateway or something like this? Doesn't that cost too much??

感谢

推荐答案

下面是一个简单的电话号码验证服务的建立在顶部Nexmo（声明，我做一个小的开发传福音的Nexmo）。我认为这基本上是你要找的是什么，目标是验证了一些实际上属于一个用户（也可用于第二因子认证）。

Here's a simple phone number verification service built on top of Nexmo (disclaimer, I do a little developer evangelism for Nexmo). I think it's basically what you're looking for, the goal is to verify that a number actually belongs to a user (could also be used for 2nd factor authentication).

基本集成移动应用（特别是在这个例子中code，但一个共同的流量）：

The basic integration for a mobile app (specifically for this example code, but a common flow):

发送的电话号码进行验证，获得一个唯一的哈希值。 验证系统发送一个唯一的code给用户。 当用户通过该code到你的应用程序，原来的散列值和code发送到验证系统进行验证。

您可以退出托管的部分，而只是采取这些措施的应用程序中（生成code，通过发送短信的API，检查code用户输入）。但是，也有一些事情要考虑在这一点上：

You can drop out the hosted portion, and just take those steps inside your application (generate a code, send via a SMS API, check the code the user enters). However, there are a few things to consider at that point:

短信API的凭据被编译成分布式应用程序。是你想要的东西去冒险？ 的code是通过从设备通过网络发送;而SSL将停止随意观察的code，人谁想要假冒注册可以更可能捕捉从HTTP请求的code。

这两个问题都通过将验证系统中的移动应用程序之外解决。

Both of those issues are solved by putting the verification system outside the mobile application.