Instant SMS
REST API + Official SDKs

Developer API & SDK

Integrate InstantSMS into your apps and automated test suites. Use our REST API and official SDKs to list temporary numbers, poll inboxes, and extract verification codes - ideal for QA, staging, and SMS onboarding flows.

Getting Started

Four steps from zero to your first automated verification code.

1

Sign in to your account

API access is available to registered developers. Sign in with your existing account (passkey or email) at the login page.

2

Create an API key

Open Dashboard → Developer → API Keys, then click Create key. Copy the token immediately - it is shown only once.

3

Install an SDK or use cURL

Pick the JavaScript or PHP SDK for the fastest start, or call the REST endpoints directly with any HTTP client.

4

Pick a number and poll messages

List numbers for a country, reserve one for your test, trigger the SMS in your app, then poll the messages endpoint until the verification code arrives.

Need an API key?

Sign in and create a key from Dashboard → Developer → API Keys.

Sign in

Authentication & Base URL

Bearer token

Send your API key in the Authorization header on every request. Keep keys secret - never commit them to source control or expose them in client-side browser code.

Authorization: Bearer YOUR_API_KEY

Base URL

All endpoints are versioned under /api/v1. Responses are JSON with standard HTTP status codes.

https://instant-sms.com/api/v1

Official SDKs

Install a client library to skip boilerplate - both SDKs wrap the same REST API.

JavaScript / TypeScript

@instantsms/sdk

Works in Node.js, Bun, and browser test runners like Playwright and Cypress.

npm install @instantsms/sdk

PHP

instantsms/sdk

First-class support for Laravel, Pest, and PHPUnit integration tests.

composer require instantsms/sdk

API Endpoints

Read-only endpoints for listing numbers and reading public inbox messages.

GET /countries

List all enabled countries with number counts and activity stats.

GET /countries/{iso}/numbers

List available temporary numbers for a two-letter country code (e.g. us, ca, gb).

GET /numbers/{slug}

Get details for a single number by its numeric slug.

GET /numbers/{slug}/messages

List SMS messages for a number. Supports ?after={unix_timestamp} for incremental polling.

Example response - GET /numbers/{slug}/messages

{
  "data": [
    {
      "id": 1042,
      "service": "Google",
      "body": "Your Google verification code is 847291",
      "code": "847291",
      "received_at": 1719859200
    }
  ],
  "meta": {
    "cursor": 1719859200
  }
}

Code Examples

Copy a working snippet and replace YOUR_API_KEY with your dashboard token.

# List US numbers
curl -s "https://instant-sms.com/api/v1/countries/us/numbers" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

# Poll new messages (pass cursor from last poll)
curl -s "https://instant-sms.com/api/v1/numbers/14165550198/messages?after=1719859000" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"
import { InstantSmsClient } from '@instantsms/sdk';

const client = new InstantSmsClient({
  apiKey: process.env.INSTANTSMS_API_KEY,
});

// Pick a Canadian number for your test
const { data: numbers } = await client.numbers.list('ca');
const number = numbers.find((n) => n.active);
console.log('Using number:', number.number);

// Poll until a verification code arrives
let code;
for (let i = 0; i < 24; i++) {
  const { data: messages } = await client.messages.list(number.slug, {
    after: messages?.meta?.cursor,
  });
  code = messages.find((m) => m.code)?.code;
  if (code) break;
  await new Promise((r) => setTimeout(r, 5000));
}
console.log('Verification code:', code);
use InstantSms\InstantSmsClient;

$client = new InstantSmsClient(apiKey: config('services.instantsms.key'));

// List numbers and pick one
$numbers = $client->numbers()->forCountry('ca');
$number = collect($numbers)->firstWhere('active', true);

// Poll for the verification code
$code = null;
$cursor = null;

for ($attempt = 0; $attempt < 24; $attempt++) {
    $response = $client->messages()->forNumber($number->slug, after: $cursor);
    $cursor = $response->meta->cursor;
    $code = collect($response->data)->firstWhere('code', '!=', null)?->code;

    if ($code !== null) {
        break;
    }

    sleep(5);
}

// Use $code in your Pest / PHPUnit assertion

Automated Testing Workflow

A repeatable pattern for E2E and integration tests that depend on SMS verification.

Choose a test number

Call GET /countries/{iso}/numbers and pick an active number that matches the region your app expects.

Trigger verification in your app

Enter the E.164 number in your sign-up or login flow so the service sends an SMS to the public inbox.

Poll until the code arrives

Poll GET /numbers/{slug}/messages?after={cursor} every few seconds. Stop when detected_code is present in the response.

Complete the flow

Pass the extracted code back into your app or test assertion to finish the onboarding step automatically.

Rate Limits & Guidelines

Usage limits

  • Free tier: 60 requests per minute per API key.
  • Messages are retained for a limited window; poll promptly after triggering SMS.
  • Inboxes are public - never use API-fetched codes for banking, crypto, or account recovery.
  • Receive-only: numbers cannot send outbound SMS or place calls.

Testing environments only

Public inboxes are visible to anyone. Use the API for QA, staging, and development - not for production user authentication or sensitive account recovery flows.

API - Frequently Asked Questions

Yes. Developer access and reasonable test volumes are free. Rate limits apply to keep the platform fair for everyone.

Yes. Sign in and create an API key from the dashboard. Public registration is limited, so contact us if you need a developer account.

Use the JavaScript SDK for Node-based E2E tests (Playwright, Cypress) and the PHP SDK for Laravel or Pest feature tests. Both wrap the same REST API.

Poll the messages endpoint with the after cursor from your last read message. Most codes arrive within 10-30 seconds; retry for up to two minutes in CI.

The API is designed for development, QA, and staging workflows. Do not rely on public temporary numbers for production user verification.

401 means your API key is missing or invalid. 429 means you hit the rate limit - back off and retry with exponential delay.

Ready to automate your SMS tests?

Sign in, create an API key, and start polling verification codes in minutes.