Guides

FAQS

In this FAQ section, you’ll find answers to common problems related to the use of our Sandbox

Suggest Edits

📘

Want to give it a try?

Apply to join the Developer Hub and gain access to our Sandbox.


{"status":403,"code":"NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK","message":"Client must authenticate via the mobile network to use this service","_sandbox":"Response generated by mock operator. Request routed to mock operator due to app configuration or msisdn configuration"}**

In this case, we need to ask the following questions:

  • Are you testing from a mobile device? Number Verification only works from a mobile device.

  • Is the mobile device using mobile data? Number Verification can verify the number as long as mobile data is enabled. It will not work over Wi-Fi.

  • Are you testing from an iPhone? If you are using an iPhone, check whether iCloud Private Relay is enabled. This feature routes mobile traffic through a VPN, preventing number verification.

For Number Verification (NV), the Auth Code flow must be used for authentication, as CIBA does not authenticate everything.

When developing an app that integrates multiple APIs, keep in mind that not all APIs support both authentication methods. For instance, NV requires the Auth Code flow.

If you encounter a CORS error, ensure that all mandatory parameters specified in our documentation are included.

If all parameters are correctly set but the CORS error persists, it may be due to a kernel issue.
"The kernel must allow authentication requests on its server so they can be made from different domains (such as the app's web domain)."

CORS error when calling the NumberVerification service

We are calling the Number Verification service. However, when we call the authorize service (Auth Code flow), we receive a CORS error.

After multiple tests, we managed to obtain the code from our frontend, but only by running the browser with CORS disabled:

chrome.exe --disable-web-security --user-data-dir="C:\Temp"

Since disabling CORS is a security risk for users, we modified our call structure. Now, we first call our API, which returns the access_token. Our API then makes two requests:

  • First request: To obtain the code.
  • Second request: To obtain the token.

With this token, we call the NumberVerification service from the frontend, but we still receive the same CORS error as with the authorize service.

Finally, we tested calling NumberVerification from our API (backend), and in this case, we received a response. However, NumberVerification returns true/false randomly. We suspect this is because the entire flow should be handled from the frontend or perhaps because responses are randomized for testing purposes.

What is the next step to make it work?

Response:
There is actually only one correct way to do this, and it is the one you managed to reproduce by disabling Chrome's security settings.

Updated 3 days ago