REST API Reference
Everything under /v1. JSON in, JSON out. All timestamps are UTC ISO-8601. Authenticated endpoints take a Bearer API key.
Base URL
https://api.mobileapiconnect.com/v1
Authentication
Every authenticated request carries your secret API key as a Bearer token. Keys look like sk_live_ followed by 40 characters. Your key is shown once when you pair the app and is also emailed to you โ store it securely; it can't be retrieved again.
Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| Status | Body | Meaning |
|---|---|---|
| 401 | {"error":"unauthorized"} | Missing / malformed Bearer key |
| 401 | {"error":"invalid_api_key"} | Key not found or revoked |
| 403 | {"error":"tenant_inactive"} | Account suspended |
Errors
Errors return a non-2xx status and a JSON body with an error code. Validation failures include the offending fields.
| Status | Error | When |
|---|---|---|
| 400 | validation_error | Body failed validation โ see issues[] |
| 401 | unauthorized / invalid_api_key | Auth problem (see above) |
| 403 | tenant_inactive | Account not active |
| 404 | not_found | No such message / resource |
| 404 | no_webhook_config | No webhook provisioned yet |
| 503 | no_active_device_for_tenant | No paired phone online to send |
Messages
POST/v1/messages๐ Bearer
Queue an outbound SMS. Returns immediately with
202; the paired phone sends it within ~1โ2 seconds.| Field | Type | Notes |
|---|---|---|
| to required | string | E.164 number, e.g. +6581230000 |
| text required | string | 1โ1600 characters |
| ref optional | string | Your reference id (โค64 chars), echoed back & in webhooks |
| callback optional | string (URL) | Per-message delivery callback URL |
| channel optional | string | Defaults to "sms" |
curl -X POST https://api.mobileapiconnect.com/v1/messages \ -H "Authorization: Bearer sk_live_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{"to":"+6581230000","text":"Hello from Mobile API Connect","ref":"order-4821"}'
{
"id": "msg_8sK2xโฆ",
"status": "queued",
"createdAt": "2026-06-12T18:40:00.000Z"
}GET/v1/messages/:id๐ Bearer
Fetch the status of one message. Lifecycle:
queued โ sent โ delivered (or failed).{
"id": "msg_8sK2xโฆ",
"to": "+6581230000",
"from": null,
"text": "Hello from Mobile API Connect",
"ref": "order-4821",
"status": "delivered",
"attempts": 1,
"createdAt": "2026-06-12T18:40:00Z",
"sentAt": "2026-06-12T18:40:01Z",
"deliveredAt": "2026-06-12T18:40:04Z",
"failedAt": null,
"error": null
}Unknown id โ 404 {"error":"not_found"}.
GET/v1/messages๐ Bearer
List recent messages, newest first. Query param
limit (default 50, max 200).{
"data": [
{ "id": "msg_โฆ", "to": "+6581230000", "text": "Hello", "status": "delivered", "createdAt": "โฆ" }
]
}Devices
GET/v1/devices๐ Bearer
List the phones paired to your account, with live counters.
{
"data": [
{ "id": "dev_โฆ", "nickname": "Front desk Pixel", "model": "Pixel 7",
"status": "active", "lastSeenAt": "โฆ", "sentCount": 412, "receivedCount": 88 }
]
}Pairing is done in the app, not the API. Installing & pairing the Android app creates your account and issues the API key. See the quickstart.
Rules
Manage the auto-reply / forwarding engine programmatically. Concepts are covered in the rules guide.
GET POST/v1/rules๐ Bearer
List or create rules. A rule has a trigger (
matchType = contains|exact|regex|any, pattern, optional fromFilter) and actions (replyEnabled+replyTemplate, email, webhook), plus priority (lower = checked first).PUT DELETE/v1/rules/:id๐ Bearer
Update or delete a rule.
GET PUT/v1/rules/settings๐ Bearer
Master switch, default fallback reply, and forward-all-inbound (email / webhook) settings.
Webhooks
Configure where inbound messages get pushed. Full payload & signature details in the webhooks guide.
GET/v1/webhooks๐ Bearer
Your webhook config:
url, events, enabled, signingSecretPrefix.PUT/v1/webhooks๐ Bearer
Upsert the webhook. Body:
{ url, events?, enabled? }. Returns { ok:true, id }, or 404 no_webhook_config if none provisioned yet (pair a device first).curl -X PUT https://api.mobileapiconnect.com/v1/webhooks \ -H "Authorization: Bearer sk_live_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{"url":"https://yourapp.com/hooks/sms-inbound","enabled":true}'
Ingress (ERP โ SMS)
Let your ERP fire an SMS by POSTing its own webhook to a per-integration ingress URL. We extract the recipient and text via JSONPath presets. Walkthroughs in integrations.
POST/v1/ingress/:tokenpublic ยท token
Public endpoint your ERP calls. No API key โ the secret
ig_โฆ token authorizes it; add optional HMAC for safety. Returns 202 {id,status,to,text}.GET POST/v1/ingress๐ Bearer
List or create integrations. Body:
{ name, preset, toPath?, textPath?, refPath?, signingSecret?, โฆ }. Presets: generic, zoho, salesforce, dynamics, odoo, netsuite.PUT DELETE/v1/ingress/:id POST/v1/ingress/:id/rotate๐ Bearer
Update, delete, or rotate the ingress token.
GET/v1/ingress/presets๐ Bearer
The built-in JSONPath maps for each ERP preset.
Conventions
- JSON only. Send
Content-Type: application/json. - UTC timestamps in ISO-8601.
- Idempotency: pass your own
refto correlate sends with your records and with inbound webhooks. - Secrets shown once: the
sk_live_key andwhsec_webhook secret are revealed only at pairing.