Introduction
Overview
The MegaSMS API is a REST-style JSON API for sending SMS from your own systems. Every request is isolated to your vendor account, and only sender IDs approved for that account can be used.
application/json. All responses, including errors, are JSON.Before you begin
- Create or sign in to an active MegaSMS vendor account.
- Request a sender ID and wait for it to be approved.
- Purchase SMS units.
- Open API Tokens in your vendor portal and create a token.
Security
Authentication
Authenticate every API request using an API token in the HTTP Authorization header.
Authorization: Bearer ms_live_your_token_here
Permissions
| Permission | Allows |
|---|---|
| messages:send | Submit new SMS requests. |
| messages:read | Read message request and recipient statuses. |
| balance:read | Read the vendor SMS balance and current rate. |
First request
Quickstart
Replace the example token, phone number, and sender ID with values from your vendor account.
api_token environment variable. The send request automatically saves its request_id for the status request.curl -X POST "https://megasms.co.tz/api/v1/messages" \
-H "Authorization: Bearer ms_live_your_token_here" \
-H "Content-Type: application/json" \
-d '{
"to": "255712345678",
"sender_id": "MEGASMS",
"message": "Your verification code is 482913"
}'
PHP
$payload = json_encode([
'to' => '255712345678',
'sender_id' => 'MEGASMS',
'message' => 'Your verification code is 482913',
]);
$curl = curl_init('https://megasms.co.tz/api/v1/messages');
curl_setopt_array($curl, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Authorization: Bearer ' . getenv('MEGASMS_API_TOKEN'),
'Content-Type: application/json',
],
CURLOPT_POSTFIELDS => $payload,
]);
$response = curl_exec($curl);
Node.js
const response = await fetch('https://megasms.co.tz/api/v1/messages', {
method: 'POST',
headers: {
Authorization: `Bearer ${process.env.MEGASMS_API_TOKEN}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
to: '255712345678',
sender_id: 'MEGASMS',
message: 'Your verification code is 482913'
})
});
const result = await response.json();
API reference
Send messages
/messagesSend the same message to one or as many as 100 unique recipients.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| to | string | array | Yes | One Tanzanian number or an array of up to 100 numbers. |
| sender_id | string | Yes | An approved, active sender ID belonging to your account. Maximum 11 characters. |
| message | string | Yes | Message content, up to 1,600 characters. |
{
"to": ["255712345678", "0712345679"],
"sender_id": "MEGASMS",
"message": "Your order is ready for collection."
}
Success response
{
"success": true,
"data": {
"request_id": "4be7e780-f127-4da4-8d93-63d1c5bd0ea0",
"status": "completed",
"encoding": "gsm",
"segments_per_message": 1,
"total_recipients": 2,
"successful": 2,
"failed": 0,
"units_charged": 2,
"balance": 998,
"messages": [
{"id": "481", "to": "255712345678", "status": "delivered", "segments": 1}
]
}
}
Save request_id. It is the stable identifier used to retrieve this request later.
API reference
Retrieve message status
/messages/{request_id}Returns the request summary and the status of every recipient. Requests from other vendors are never visible.
curl "https://megasms.co.tz/api/v1/messages/4be7e780-f127-4da4-8d93-63d1c5bd0ea0" \ -H "Authorization: Bearer ms_live_your_token_here"
API reference
Retrieve balance
/balanceReturns available SMS units, the account rate per segment, and currency.
{
"success": true,
"data": {
"balance": 998,
"rate_per_segment": 25,
"currency": "TZS"
}
}
Formatting
Phone numbers
MegaSMS accepts valid Tanzanian mobile numbers. International format is recommended:
- Recommended:
255712345678 - Also accepted:
0712345678or+255 712 345 678 - The normalized number must begin with
2556or2557.
Duplicate numbers in the same request are automatically removed.
Billing
Segments and SMS units
Billing is based on message segments per recipient. One successful segment consumes one SMS unit; failed sends are refunded automatically.
| Encoding | Single segment | Multipart segment |
|---|---|---|
| GSM / basic Latin | Up to 160 characters | 153 characters each |
| Unicode / UCS-2 | Up to 70 characters | 67 characters each |
Example: a two-segment message sent successfully to 10 recipients consumes 20 SMS units.
Troubleshooting
Errors
Error responses use one consistent structure:
{
"success": false,
"error": {
"code": "invalid_sender_id",
"message": "The sender ID is not approved and active for this vendor."
}
}
| HTTP | Code | Meaning |
|---|---|---|
| 400 | invalid_json | The request body is missing or is not valid JSON. |
| 401 | unauthenticated | The token is missing, invalid, expired, or revoked. |
| 402 | insufficient_balance | The vendor does not have enough SMS units. |
| 403 | forbidden | The token lacks the required permission. |
| 403 | vendor_inactive | The vendor account is not active. |
| 404 | not_found | The request ID does not exist for this vendor. |
| 422 | validation_error | One or more request fields are invalid. |
| 422 | invalid_sender_id | The sender ID is not approved and active. |
| 500 | internal_error | The request could not be processed. Retry safely after checking status. |
Production checklist
Security practices
- Create separate tokens for development, staging, and production.
- Grant only the permissions each integration needs.
- Store tokens in environment variables or a secrets manager.
- Set an expiry date and rotate tokens regularly.
- Revoke a token immediately if it may have been exposed.
- Use the production API over HTTPS only.