The SMS Retriever API provides a fully automated user experience and should be used when possible. It does, however, require you to place a custom hash code in the message body, and this may be difficult to do if you’re not the sender of that message.
First download app signed certificate der from your play console account.
Then convert it to yourkeystore.keystore with keystore extension using this command:
keytool -importcert -alias nonames098 -file deployment_cert.der -keystore keystore.jks -storepass nonames098 OR keytool -import -alias nonames -keystore keystore.jks -file deployment_cert.der
Then create string hash using the created keystore.
SMS Verification APIs
keytool -exportcert -alias youralias -keystore keystore.jks | xxd -p | tr -d "[:space:]" | echo -n com.test.testapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11 MSU1WTd7Goy
Automatic SMS Verification with the SMS Retriever API
With the SMS Retriever API, you can perform SMS-based user verification in your Android app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions. When you implement automatic SMS verification in your app, the verification flow looks like this:
- A user initiates SMS verification in your app. Your app might prompt the user to provide a phone number or use the Smart Lock for Passwords hint selector if that information wasn’t required to create the user’s account.
- Your app makes a request to your server to verify the user’s phone number. Depending on what information is available in your user database, this request might include the user’s ID, the user’s phone number, or both.
- At the same time, your app calls the SMS Retriever API to begin listening for an SMS response from your server.
- Your server sends an SMS message to the user that includes a one-time code to be sent back to your server, and a hash that identifies your app.
- When the user’s device receives the SMS message, Google Play services uses the app hash to determine that the message is intended for your app, and makes the message text available to your app through the SMS Retriever API.
- Your app parses out the one-time code from the message text and sends it back to your server.
- Your server receives the one-time code from your app, verifies the code, and finally records that the user has successfully verified their account.