10DLC API Authentication Update for Brand Verification

Overview

Telnyx is rolling out a new Brand Verification Process for brands classified as PUBLIC_PROFIT entity types using the 10DLC API. This release is a mandatory update from The Campaign Registry (TCR) and is designed to enhance security, prevent brand impersonation, and ensure compliance with 10DLC messaging regulations.

As of October 3, 2024, all new and existing brands marked with a PUBLICPROFIT entity type must undergo this mandatory verification process. The process includes submitting a business contact email and completing Two-Factor Authentication (2FA) to validate the brand identity. Brands that fail to complete the verification process _will not be able to register new campaigns or perform certain vetting actions.

Key Features and Changes

1. New Brand Verification Flow:

   • For new brands, upon creation via the 10DLC API, a verification email will automatically be triggered to the business contact email provided.
   • New brands that do not complete the verification will remain in an unverified state and will be unable to register campaigns until verification is completed.

2. Existing Brand Impact:

   • Existing brands in a verified state can continue operating as usual, but they will be restricted from:
   • Adding new campaigns
   • Importing vetting
   • Requesting vetting
   • To restore full functionality, existing brands must update their business contact email and complete the 2FA process to re-verify their status.

3. Two-Factor Authentication (2FA):

   • Telnyx will send a verification email with a unique link and PIN to the business contact email.
   • The verification email is valid for 7 days. If not clicked, the brand remains unverified.
   • If the verification process is not completed within 30 days, the brand will remain unverified and need to be resubmitted via the API.

4. API Endpoint Updates:

   • New field: businessContactEmail is now required for PUBLIC_PROFIT brands when creating or updating a brand.
   • Upon updating this email, a new 2FA verification process will be triggered.

API Integration

To update the business contact email or trigger a resend of the verification email, the following API calls can be used:

• Update Business Contact Email:

  curl -X PATCH https://api.telnyx.com/10dlc/brand --header 'Authorization: Bearer YOUR_TOKEN_HERE' --header 'Content-Type: application/json' -d '{"businessContactEmail": "[email protected]" }'

• Resend 2FA Verification Email:

  curl -X POST https://api.telnyx.com/10dlc/brand/YOUR_BRAND_ID_HERE/2faEmail --header 'Authorization: Bearer YOUR_TOKEN_HERE'

Portal Availability

While the brand verification flow is currently available only via the API, it will be accessible through the Telnyx portal in an upcoming release.

Action Required

• New Brands: Ensure that your brand completes the verification process upon creation by following the 2FA link sent to the business contact email.
• Existing Brands: Update your brand’s business contact email via the API to trigger the new verification flow and maintain full functionality for campaigns and vetting.

Why This Update Matters

This is a mandatory update from TCR, and we encourage you to take these steps to avoid disruptions to your campaigns by October 3, 2024. This will help with our ongoing efforts to enhance security, reduce the risk of fraud (e.g., brand impersonation, smishing), and ensure compliance with carrier regulations for 10DLC messaging. By implementing a robust 2FA verification system, we aim to ensure that only authorized personnel can manage and operate messaging campaigns.

Get in touch with our team of experts with any questions you may have.