How It Works?

  1. Register your app at and get your client keys and server key.

  2. Add VerifyKit SDK to your app

  3. Configure and start VerifyKit SDK

  4. When verification is complete, send sessionId which VeriyfKit SDK gives you to your backend service.

  5. At your server side, get user's phone number from VerifyKit service with serverKey and sessionId. You can check Rest Api Docs.


ServerKey is used for getting info from VerifyKit service.

Please keep ServerKey safe. Do not include it in your client's code base.

VerifyKit Flow



  • Xcode 11.0+

  • iOS 10.3+


You can install framework via CocoaPods.

pod 'VerifyKit'

Configure Info.plist

To successfully use the framework, you need to add VerifyKitKey and VerifyKitSecret to your plist file. This step is mandatory.

To open a third party messaging app from your application, you need to add their url schemes to LSApplicationQueriesSchemes key in your plist file. After iOS14, to open Associated Domain URLS in a device which uses a different default browser then Safari, you also need to add https as url scheme.

Open your Info.plist as source code and insert the following XML snippet into the body of your file just before the final dict element.


After a successful validation with a third party messaging app, the user needs to return to main app. If your application has an Associated Domain, we can add a deeplink to our message for easy and quick redirect.

If you support Associated Domains, please fill out Deeplink field at VerifyKit portal with your domain.

If you don't support Associated Domains, you can enter a custom link with your application's url scheme to Deeplink field, like yourapp://welcome. However, some messaging apps doesn't recognize url schemes as clickable links, so quick redirect may not work in this scenario.

Usage and Configuration

You can get the result via VerifyKitDelegate protocol.

VerifyKit only dismisses viewControllerForLogin() automatically when didSuccess delegate is called.

To give user a chance to try other validation methods or to start again, viewControllerForLogin() doesn't get dismissed on didFail. If you want to dismiss it on some specific error type, you can do that manually.

import VerifyKit
let kit = VerifyKit()
let viewController = kit.viewControllerForLogin()
self.present(viewController, animated: true, completion: nil)
viewController.kitDelegate = self
extension ViewController: VerifyKitDelegate {
    func didSuccess(with sessionCode: String) {
            print("VerifyKitDelegate didSuccess with sessionCode:(sessionCode)")    
            func didFail(with error: VerifyKitError) {
                    print("VerifyKitDelegate didFail with error:(error)")    
// configuration
let options = VerifyKitOptions(logActive: true)
let kit = VerifyKit(options: options)


#import "ViewController.h"

@interface ViewController () <VerifyKitObjCDelegate>

@implementation ViewController

- (void)viewDidLoad {
    [super viewDidLoad];
    // Do any additional setup after loading the view.
    VerifyKitOptions *options = [[VerifyKitOptions alloc] initWithEnvironment: VerifyKitEnvironmentDebug logActive: YES deviceID: nil];
    VerifyKitInstance *kit = [[VerifyKitInstance alloc] init];
    UIViewController<VerifyKitObjCViewController> *controller = [kit viewControllerForLogin_objC];
    [controller setKitObjCDelegate: self];
    [self presentViewController:controller animated:YES completion:nil];

- (void)didFailWith:(VerifyKitNSError * _Nonnull)nsError {
    NSLog(@"%@", nsError.localizedDescription);

- (void)didSuccessWith:(NSString * _Nonnull)sessionCode {
    NSLog(@"%@", sessionCode);

@end// Some code

Interrupted Session

There may be a case when user chooses a third party messaging app for validation, sends a message, but doesn't return to main app and kills it. In that case, that user is verified with VerifyKit but the main app doesn't know it yet.

To fix this, we have a method to check interrupted session status. Using this method is optional and up to you.

VerifyKit will handle the interrupted verification even if you don't implement this method.

VerifyKit.checkInterruptedSession { [weak self] sessionCode in
  guard let sessionCode = sessionCode else {
      // Start VerifyKit flow or do what your app needs    
  // You have an interrupted sessionCode from last time.  
  // Tell your API.  
  print("sessionCode (sessionCode)")

For Objective-C

[VerifyKitInstance checkInterruptedSessionWithCompletion:^(NSString * _Nullable sessionCode) {
    if (sessionCode == nil) {
        // Start VerifyKit flow or do what your app needs
    } else {
        // You have an interrupted sessionCode from last time.
          // Tell your API.
        NSLog(@"sessionCode %@", sessionCode);

VerifyKitOptions Struct

You can change the settings declared in VerifyKitOptions struct.

public struct VerifyKitOptions {
    var environment: VerifyKitEnvironment = .debug // default
    var logActive: Bool = true // default
    var deviceID: String? // optional
    var countryCode: String? // optional ("US")
    var phoneCode: String? // optional ("1") or ("+1")
    var phoneNumber: String? // optional ("1234567890")

public enum VerifyKitEnvironment {

    /// Stage environment for debug
    case debug

    /// Production environment for distribution
    case release

If the host application wants to let the user input their phone number and then pass it to the SDK, it can be done using the countryCode, phoneCode and phoneNumber parameters.

Other Notes

Before your app release, please change the VerifyKitEnvironment to 'release' instead of 'debug'. This product includes software(CyrptoSwift) developed by Marcin Krzyzanowski.

Backend Integration

When the verification is complete, in order to get information of the verified user, you should integrate with VerifyKit Rest API. After receiving the sessionID variable from the Web SDK, you can fetch your client's data, such as phone numbers , from VerifyKit Rest API service.

This integration requires a ServerKey token that is unique to your application in VerifyKit and used as both an identifier and a security measure. For this reason, you have to use your ServerKey token in backend integration. You can not use ServerKey on your client-side.

For further info on how to integrate this part please click here.

Need some help?

We all need a little help sometimes. If you have any question or request, feel free to create an issue.

Last updated