Developers · REST API

Connect to send SMS and OTP through the REST API

Fire messages straight from your own system to every Thai network, authenticated with a single API Key. Read the details here before you sign up.

Base URL https://sepsms.com/api/v2
Quick start

Start connecting in 3 steps

1

Get an API Key

Sign up and create a key from the developer dashboard. Keys use the sk_sep_ format and are shown only once at creation.

2

Attach the header

Include the key in every request via the X-API-Key header. You can set scopes and restrict IPs per key.

3

Call an endpoint

Send a JSON request to the Base URL. All responses are JSON.

POST/message/send
curl -X POST https://sepsms.com/api/v2/message/send \
  -H "X-API-Key: sk_sep_..." \
  -H "Content-Type: application/json" \
  -d '{
    "origin": "SEPSMS",
    "recipients": ["66812345678", "66898765432"],
    "message": "สวัสดีคุณลูกค้า รับส่วนลด 10% วันนี้",
    "scheduledTime": null
  }'
Authentication

Authenticate with an API Key

Every request carries the X-API-Key header with your sk_sep_ key. Each key has task-specific scopes, IP restrictions, and its own per-minute limit.

Header
X-API-Key: sk_sep_3f9a...d21c
Scopes you can assign per key
  • sms:sendSend / schedule / cancel SMS
  • sms:readRead history and delivery status
  • otp:sendSend OTP codes
  • otp:verifyVerify OTP codes
  • credit:readRead remaining credit balance
  • webhooks:read / writeManage notification webhooks
Reference

Core endpoints

The most commonly used endpoints for integration

POST /message/send sms:send

Send SMS

Send a message to one or many destinations in a single request. Add per-recipient variables (personalize) or schedule it to send in advance.

originstringAn approved Sender Name
messagestringThe message to send
recipientsstring[]Destination numbers in 0xxxxxxxxx or 66xxxxxxxxx format
scheduledTimestring?Send time in ISO 8601 (leave blank = send immediately)
variablesobject?Per-recipient variable values for personalization
Request
curl -X POST https://sepsms.com/api/v2/message/send \
  -H "X-API-Key: sk_sep_..." \
  -H "Content-Type: application/json" \
  -d '{
    "origin": "SEPSMS",
    "recipients": ["66812345678", "66898765432"],
    "message": "สวัสดีคุณลูกค้า รับส่วนลด 10% วันนี้",
    "scheduledTime": null
  }'
Response
{
  "result": {
    "uuid": "9f8b2c1e-...",
    "refNo": "SP240115...",
    "totalMsisdn": 2,
    "totalCredit": 2,
    "blockedCount": 0,
    "status": "pending"
  }
}
POST /otp/send otp:send

Send OTP

Send a one-time verification code with a reference. The system generates the code and sends it by SMS; the code itself is not returned in the response.

destinationstringDestination number
originstringSender Name
templatestring?The message, which must include {code} (and may include {ref})
ttlSecondsnumber?Code lifetime, 60-600 seconds (default 300)
codeLengthnumber?Code length, 4-8 digits
Request
curl -X POST https://sepsms.com/api/v2/otp/send \
  -H "X-API-Key: sk_sep_..." \
  -H "Content-Type: application/json" \
  -d '{
    "destination": "66812345678",
    "origin": "SEPSMS",
    "template": "รหัสยืนยันของคุณคือ {code} (Ref: {ref})"
  }'
Response
{
  "result": {
    "uuid": "1a2b...",
    "reference": "A3K9X2",
    "destination": "66812345678",
    "expiresAt": "2026-01-15T10:35:00.000Z",
    "ttlSeconds": 300
  }
}
POST /otp/verify otp:verify

Verify OTP

Verify the code the user entered, using the reference returned when it was sent.

referencestringThe reference returned when the OTP was sent
pinstringThe code the user entered
Request
curl -X POST https://sepsms.com/api/v2/otp/verify \
  -H "X-API-Key: sk_sep_..." \
  -H "Content-Type: application/json" \
  -d '{ "reference": "A3K9X2", "pin": "123456" }'
Response
{ "result": { "reference": "A3K9X2", "verified": true } }
GET /message/{uuid} sms:read

Delivery status

View the delivery-status summary for a message you sent (see per-number detail at /message/{uuid}/recipients).

uuidpathThe uuid returned when the SMS was sent
Request
curl https://sepsms.com/api/v2/message/9f8b2c1e-... \
  -H "X-API-Key: sk_sep_..."
Response
{
  "result": {
    "uuid": "9f8b2c1e-...",
    "origin": "SEPSMS",
    "status": "completed",
    "totalMsisdn": 2,
    "drSummary": [
      { "drStatus": "success", "count": 2 }
    ],
    "refundedCount": 0
  }
}
GET /message/credit/balance credit:read

Remaining credit balance

Check the remaining credit balance in your account

Request
curl https://sepsms.com/api/v2/message/credit/balance \
  -H "X-API-Key: sk_sep_..."
Response
{ "result": { "balance": 18420 } }
POST /webhooks webhooks:write

Notification webhook

Register and manage your endpoint URLs from the developer dashboard (login required; not available via API key). Once registered, every event such as send success/failure, delivery results, and low credit is POSTed to your URL. Every payload is signed with HMAC-SHA256 (X-Webhook-Signature header).

urlstringThe HTTPS endpoint that will receive events
eventsstring[]The list of events you want to receive
Request
# Webhook endpoints are registered + managed in the
# developer dashboard (logged-in). Registration is not
# available to API keys. Registration payload:
{
  "url": "https://your-app.com/hooks/sepsms",
  "events": ["dr.success", "dr.failed"]
}
Response
// POST sent to your URL. The event name, timestamp and
// signature travel in headers, not the body:
//   X-Webhook-Event: dr.success
//   X-Webhook-Timestamp: 1737020405
//   X-Webhook-Signature: t=1737020405,v1=<hmac-sha256>
{
  "smsUuid": "9f8b2c1e-...",
  "msisdn": "66812345678",
  "txId": "8f3a1c9d...",
  "status": "success"
}

Webhook events: sms.sentsms.failedsms.completeddr.successdr.failedotp.verifiedcredit.loworder.completed

Rate limits

Call limits

Exceeding a limit returns status 429 with RateLimit-Remaining and Retry-After headers

Send SMS120 calls / minute
Send OTP5 calls / minute / IP
All endpoints combined2,400 calls / minute
Errors

Error format

Every kind of error responds with the same structure. Read error.code to handle it in your code.

e.g. 401 Unauthorized
{
  "success": false,
  "error": {
    "code": "auth.invalid_credentials",
    "message": "API key is missing or invalid"
  }
}

Ready to connect?

Sign up free and create an API Key right away. Start firing messages from your own system today.

Still on the old system (sep2p)? The v1 endpoints at /api/sms and /api/otp still support legacy connections with a Bearer token.