The thing is that option 2 works only for sending regular SMS notifications for users, such as reminders to change their password in time or an SMS to new users with initial passwords to their AD accounts. However, this will not work for sending SMS verification codes in the Self-Service Password Reset process.
Actually, as far as we know, Twilio has a Rest API for sending SMS. Soon we are going to release a new version of Adaxes that will support sending SMS via Rest API. We are going to add a range of SMS gateway providers with predefined Rest API settings, and we even thought on adding Twilio. However, we could not make Twilio work even with the test code samples they provide on the site. For some reason, their Rest API doesn't accept the authentication tokens generated for our test account, and Twilio Support didn't provide any help in resolving the issue :( Thus, we couldn't even verify that their API works as declared.