Back to home

API Documentation

Everything you need to integrate with SmsSync.

Contents

1. Getting Started

  1. Register at /register to create your account
  2. Copy your API Key from the dashboard settings page
  3. Install the SmsSync app on your Android phone
  4. Enter your server URL and API key in the app settings
  5. Add a webhook in the dashboard to start receiving SMS data

2. Authentication

SmsSync uses two authentication methods:

API Key (for the Flutter app)

Send your API key in the X-API-Key header:

HTTP Header
X-API-Key: smssync_your_api_key_here

JWT Token (for the dashboard API)

Send the JWT token from login in the Authorization header:

HTTP Header
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

3. Webhook Payload Format

When an SMS is received, SmsSync sends a POST request to your webhook URL with the following JSON payload:

SmsSync forwards every SMS exactly as received — raw sender ID and full message content. No parsing, no filtering. You get the raw data and decide what to do with it on your server.

POST https://your-server.com/webhook
{
  "event": "sms.received",
  "timestamp": 1709640000000,
  "data": {
    "id": "65f1a2b3c4d5e6f7a8b9c0d1",
    "sender": "MobileMoney",
    "content": "You have received GHS 50.00 from JOHN DOE 0244123456. Transaction ID: 1234567890. Your new balance is GHS 150.00",
    "receivedAt": "2026-03-05T12:00:00.000Z",
    "sim": "SIM1",
    "deviceId": "pixel_7a"
  }
}

Payload Fields

  • event — always "sms.received"
  • timestamp — Unix timestamp in milliseconds
  • data.id — unique message ID in our database
  • data.sender — sender ID exactly as shown on the phone (e.g. "MobileMoney", "+233244123456", "DataMart")
  • data.content — full raw SMS text
  • data.receivedAt — ISO 8601 timestamp when SMS was received
  • data.sim — which SIM received the SMS (SIM1 or SIM2)
  • data.deviceId — identifier of the phone that received the SMS

HTTP Headers Sent

Webhook Request Headers
Content-Type: application/json
X-Webhook-Timestamp: 1709640000000
X-Webhook-Event: sms.received
X-Webhook-Signature: sha256=abc123... (if secret configured)
User-Agent: SmsSync-Webhook/1.0

4. API Endpoints

POST/api/auth/registerAuth: None

Create a new account

POST/api/auth/loginAuth: None

Login and get JWT token

GET/api/auth/meAuth: JWT

Get current user profile

POST/api/sms/incomingAuth: API Key

Receive SMS from Flutter app

GET/api/smsAuth: JWT

List all SMS (paginated)

GET/api/sms/searchAuth: JWT

Search SMS (by sender, content, date range)

GET/api/sms/statsAuth: JWT

Get SMS statistics

GET/api/webhooksAuth: JWT/API Key

List webhooks

POST/api/webhooksAuth: JWT/API Key

Create webhook

PUT/api/webhooks/:idAuth: JWT/API Key

Update webhook

DELETE/api/webhooks/:idAuth: JWT/API Key

Delete webhook

POST/api/webhooks/:id/testAuth: JWT/API Key

Send test webhook

GET/api/device/statusAuth: JWT

Get device status

5. Code Examples

Receiving webhooks (Node.js / Express)

server.js
const express = require('express');
const app = express();
app.use(express.json());

app.post('/webhook', (req, res) => {
  const { event, data } = req.body;

  console.log('SMS received from:', data.sender);
  console.log('Content:', data.content);
  console.log('Received at:', data.receivedAt);
  console.log('Device:', data.deviceId, '| SIM:', data.sim);

  // Process the raw SMS however you need
  // e.g. check sender ID, parse content, update your database

  res.json({ received: true });
});

app.listen(3000);

Receiving webhooks (Python / Flask)

app.py
from flask import Flask, request, jsonify

app = Flask(__name__)

@app.route('/webhook', methods=['POST'])
def webhook():
    payload = request.json
    sms = payload.get('data', {})

    print(f"SMS from {sms.get('sender')}: {sms.get('content')}")

    # Process the raw SMS however you need
    # e.g. check sender ID, parse content, update your database

    return jsonify({"received": True})

if __name__ == '__main__':
    app.run(port=3000)

cURL — List your SMS

Terminal
curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  https://your-server.com/api/sms?page=1&limit=20

6. Flutter App Setup

  1. Install the SmsSync APK on your Android phone
  2. Open the app and go to Settings
  3. Enter your Server URL (e.g., https://your-server.com)
  4. Enter your API Key (from the dashboard settings page)
  5. Grant SMS permissions when prompted
  6. Tap Start Listening — the app will begin forwarding SMS
Tip: Lock the app in recent apps to prevent Android from killing it. For best results, disable battery optimization for SmsSync in your phone settings.

7. Webhook Signature Verification

If you configured a webhook secret, SmsSync signs each request with HMAC-SHA256. Verify the signature to ensure the webhook is authentic:

Node.js verification
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
  return signature === expected;
}

// In your webhook handler:
app.post('/webhook', (req, res) => {
  const signature = req.headers['x-webhook-signature'];
  const isValid = verifyWebhook(req.body, signature, 'your_secret');

  if (!isValid) {
    return res.status(401).json({ error: 'Invalid signature' });
  }

  // Process the webhook...
  res.json({ received: true });
});