We are using the Authy API to initiate mobile verification codes via SMS, and during our PoC the code would attempt to register users every time a verification code is requested (so it would register, and then request the SMS). The reasoning at the time was that if a user changed their email (mobile number the same), we would want to register them again with that new email. Calling register with a user that already was registered is basically a No-op (it returns the current registered user's authy Id).
Looking back I'm wondering now if this registration every time is needed. I've looked through the API documentation and I can't find the correct process for updating a registered user's email address, or even if we should care about the email address once we have a user registered.
Any advice on this would be appreciated.
Twilio developer evangelist here.
There isn't a way to update or remove an email address for a user and when you re-register with a different email address but the same phone number the new email address is just added to the user account (though you can only see the first email address in the dashboard).
You shouldn't need to register every time, since you only need the
authy_idto send a 2 factor authentication code. Though it is best practice to add a new email address to the user if they change it on your platform.Just one extra thing though, it doesn't necessarily sound like you are using this service for two factor authentication, rather for just verifying a phone number. If that's the case, you can actually use the Twilio Verify API instead. This only needs the phone number and not an email address at all.