Add Phone Authentication to Your Java Backend

Set up carrier-grade phone authentication in your Spring Boot API using the Glide Java SDK.

1

Install the SDK

Add the Glide Java SDK to your project.

2

Create Service

Create a service that wraps the GlideClient.

3

Create REST Controller

Create endpoints for the frontend SDK:

• /prepare - Initializes the auth session
• /process - Routes to verifyPhoneNumber() or getPhoneNumber()
• /complete - Validates device binding codes (Link protocol only)

4

Request Model

Create a request model for the process endpoint. The SDK provides Types.ProcessRequest which you can use directly, or define your own:

5

Error Response Model

Create a response model for errors.

6

Anti-Fraud Signals

Both verifyPhoneNumber() and getPhoneNumber() responses include SIM swap and device swap (IMEI change) fraud detection signals.

Each signal includes riskLevel, ageBand, carrierName, and checkedAt.

7

Device Binding (Link Protocol)

For Link protocol sessions (e.g., Verizon via App Clips), device binding is mandatory. Your backend generates a cryptographic code, hashes it, and sends the hash during prepare(). After carrier auth, a second code arrives via URL fragment, and your backend validates both via complete().

This prevents session fixation attacks where an attacker tricks a victim into authenticating on the attacker's session.

Read the full Device Binding Security guide →

8

Next Steps

Your Java backend is ready!

• Complete example with Java backend
• Device Binding Security (Link Protocol)
• Set up the frontend SDK

plugins {
    id 'org.springframework.boot' version '3.2.0'
    id 'io.spring.dependency-management' version '1.1.4'
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'com.glideidentity:glide-be-sdk-java:5.0.0'
    
    // Optional: Lombok for cleaner code
    compileOnly 'org.projectlombok:lombok'
    annotationProcessor 'org.projectlombok:lombok'
}

Read-only