Validating digits session on server side to build secure apps

Digits is a  service from twitter which helps you onboard your mobile app users with simple phone number authentication and it’s for free 🙂

If you have a mobile app that onboard the user using digits service and you want to validate the session generated by digits on your server side then this blog is for you.

The app communicates with the server using REST APIs. Send the token and secret generated by the twitter to the server using the REST API. Twitter provides verify credentials API to validate the sessions generated by Digits at the server side.

Dive into the server side component developed using node.js
Fill in all the details related to digits.
var token = "";
var token_secret = "";
var consumer_key = "";
var consumer_secret = "";
var oauth =
consumer_key: consumer_key
, consumer_secret: consumer_secret
, token: token
, token_secret: token_secret

Make the verify_credentials API call to validate the session information.
function callback(error, response, body) {
if (!error && response.statusCode == 200) {
} else {
console.log("error: ", error);
var request = require('request');
var url = "";
request.get({ url: url, oauth: oauth }, callback);

Note: I have used request package to make the HTTP requests from the server.

Installing node.js on amazon EC2 instance

Launch an EC2 instance of type Amazon Linux AMI from your aws console.

SSH into your ec2 instance
ssh -i ec2-user@my_ec2_ip_address

Update the instance
sudo yum update -y

#install developer tools
sudo yum groupinstall -y "Development Tools"

Install the node using nvm as it allows you to switch between any version of the node 🙂
curl -o- | bash
. ~/.nvm/
nvm install 4.4.5
node -e "console.log('Running Node.js ' + process.version)"

Install pm2
npm install pm2 -g --save

pull the source code in ec2 instance. run your node app using pm2
pm2 start app.js --name="api"