Introduction
With the SMS API, anyone can build reliable SMS messaging services using our infrastructure. It is available as a free demo version too. Send some test SMS messages and experiment with the API before taking it into production. In your API Store account you can apply to take the SMS API into production.
API specification
Base URL
https://api-prd.kpn.com/communication/kpn/sms
Conceptual model
Definitions
SMS
An abbreviation of Short Message Service. It's a service on mobile phones to send and receive short messages.
API workflow
Features and constraints
Features
- Send a text message to another mobile phone number.
Constraints
- No images can be sent with SMS.
- Messages longer than 160 characters will be sent as multiple SMS messages.
- A single message can be sent to a single recipient. Bulk messaging will be added in the future.
- With this API, messages can only be sent to mobile phones registered in the Netherlands. So the country code is locked to +31. Also 097 range is allowed.
060xxxxxxx, 067xxxxxxx and 069xxxxxxx are not valid mobile numbers.
Getting started
Make sure you've read What's in it for you for more info on how to register and start testing APIs.
Authentication
The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.
Go to the Authentication tab on top of this page to find out how to:
- Authenticate to an API using cURL.
- Authenticate to an API on Swaggerhub.
- Import Open API Specifications (OAS), also called Swagger files into Postman.
How to...
Send SMS
Send an SMS by calling the POST /send endpoint of the SMS API in Swaggerhub or Postman.
Keep in mind that messages can only be sent to Dutch mobile phones (country code +31).
Create your payload for the request using below snippet:
^^Request example^^
{
"sender": "KPN API",
"messages": [
{
"mobile_number": "06xxxxxxxx or +316xxxxxxxx",
"content": "Hi from KPN!"
}
]
}
The payload uses following parameters:
| Parameter | Description |
|---|---|
sender |
A text that should resemble the sender's origin. This string can have a maximum length of 11 characters. |
mobile_number |
The mobile phone number of the addressee. Use the country code +31 at the start. |
content |
Put your message here. Long messages will be split into multiple SMS. |
SwaggerHub:
- Select
POST /send. - Click
Try it out. - Edit the
bodyparameter by providing the payload snippet above. In the payload change thecontent,mobile_numberandsenderto your own good. Make sure the content-type is set toapplication/json. - Click
Execute. - Check the response code and message.
Postman:
- Select
(POST) /send. - In the
Bodysection, set the type torawand insert the payload snippet above. In the payload change thecontent,mobile_numberandsenderto your own good. Make sure the content-type is set toapplication/json. - Click
Send. - Check the response code and message.
Result example:
^^Response example^^
{
"document_id": "b4e905d4-774c-4c83-8360-01427e17a33a",
"status": "OK"
}
Return codes
| Code | Description |
|---|---|
| 200 | Success. |
| 201 | Created. |
| 202 | Accepted. |
| 302 | Found. Link in location header. |
| 400 | Bad request. |
| 401 | Unauthorized. |
| 403 | Forbidden. |
| 404 | Not found. |
| 405 | Method not allowed. |
| 412 | Precondition failed. |
| 429 | Too many requests. |
| 500 | Internal server error. |
| 502 | Bad gateway. |
| 503 | Service unavailable. |
HTTP response headers
The following tables display the standard response headers that are returned with each API response:
| Standard response field name | Description |
|---|---|
| sunset | This field will be populated with the deprecation details. By default the value is n/a. |
| api-version | Indicates the API version you have used. |
| quota-interval | Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the quota-time-unit you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated. For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours. |
| quota-limit | Number of API calls an user can make within a given time period. If this limit is exceeded, the user will be throttled and API requests will fail. |
| quota-reset-UTC | All quota times are set to the Coordinated Universal Time (UTC) time zone. |
| quota-time-unit | Used to specify the unit of time applicable to the quota. For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours. |
| quota-used | Number of API calls made within the quota. |
| strict-transport-security | The HTTP Strict-Transport-Security (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. |
| Access control field name | Description |
| access-control-allow-credentials | Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (Request.credentials) is include. When a request's credentials mode (Request.credentials) is include, browsers will only expose the response to frontend JavaScript if the Access-Control-Allow-Credentials value is true. Boolean. |
| access-control-allow-origin | Indicates whether the response can be shared with requesting code from the given origin. |
| access-control-allow-headers | Used in response to a pre-flight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. |
| access-control-max-age | Indicates how long the results of a pre-flight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. |
| access-control-allow-methods | Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.For example: GET, PUT, POST, DELETE. |
| content-length | The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient. |
| content-type | The Content-Type entity header the client what the content type of the returned content actually is. |