The Burst SMS API can be used by developers to build SMS functionality into programs, apps and websites.

You can find out more about the Burst SMS API, on our Developer Site.


The Burst SMS API uses a username and password, parsed in a Basic Authorization header.

The Burst SMS API does not support authentication via CGI parameters.

The API username and password are the API key and API secret (respectively) in the Settings screen of your Burst SMS account.

By Default, the API secret is blank. Please add a secret and press the 'Update Profile' button to save.

The API secret is not encrypted, so please do not use a password that you commonly use.

Response format

All API endpoints can be called with the xml or json extension. I.e.: OR

The extension you use will define the format of the response. So if you invoke the send-sms.json endpoint, the response will be in json format.

Common Errors

  • 401 - Unauthorized - Double check that you are using a Basic Auth header and that the username and password exactly match the API key and API secret in the Settings screen of your Burst SMS account.
    • In rare cases, artefacts may be included if you have copy\pasted the API key and API secret. Try testing your API key and API secret in Postman
  • 429 - Too Many Requests - Our API has throttling enabled in order to increase platform stability. By default, API throttling is set to 2 calls per second (r/s). If you require a greater throttling rate, please contact
  • 400 - Bad Request - These errors indicate a data issue with your API call. The error description should include more details.
    • If the cause of the error is not clear, test the API call using Postman

Callback is not saved correctly

If a callback is not saved, please check:

  1. Your application or network logging to verify if the callback has reached your server. The Webhook listener must be open for public access. If you want to secure the listener and white list our server, please contact for details.
  2. That the return object you have defined matches the structure of the return object. You can verify this by using an instance of this site to capture and inspect the return object -

Troubleshooting Tips

  • Use Postman to test API calls -
  • Pay careful attention to the error returned. It should tell you the cause of the error
  • Check the Developer Site to ensure that you have provided values for all mandatory fields

If you are still experiencing issues, please gather any relevant information (error messages, logs, screenshots) and sent to