Integrate InstantSMS into your apps and automated test suites. Use our REST API and official SDKs to list temporary numbers, poll inboxes, and extract verification codes - ideal for QA, staging, and SMS onboarding flows.
Four steps from zero to your first automated verification code.
API access is available to registered developers. Sign in with your existing account (passkey or email) at the login page.
Open Dashboard → Developer → API Keys, then click Create key. Copy the token immediately - it is shown only once.
Pick the JavaScript or PHP SDK for the fastest start, or call the REST endpoints directly with any HTTP client.
List numbers for a country, reserve one for your test, trigger the SMS in your app, then poll the messages endpoint until the verification code arrives.
Send your API key in the Authorization header on every request. Keep keys secret - never commit them to source control or expose them in client-side browser code.
Authorization: Bearer YOUR_API_KEY
All endpoints are versioned under /api/v1. Responses are JSON with standard HTTP status codes.
https://instant-sms.com/api/v1
Install a client library to skip boilerplate - both SDKs wrap the same REST API.
@instantsms/sdk
Works in Node.js, Bun, and browser test runners like Playwright and Cypress.
npm install @instantsms/sdk
instantsms/sdk
First-class support for Laravel, Pest, and PHPUnit integration tests.
composer require instantsms/sdk
Read-only endpoints for listing numbers and reading public inbox messages.
/countries
List all enabled countries with number counts and activity stats.
/countries/{iso}/numbers
List available temporary numbers for a two-letter country code (e.g. us, ca, gb).
/numbers/{slug}
Get details for a single number by its numeric slug.
/numbers/{slug}/messages
List SMS messages for a number. Supports ?after={unix_timestamp} for incremental polling.
{
"data": [
{
"id": 1042,
"service": "Google",
"body": "Your Google verification code is 847291",
"code": "847291",
"received_at": 1719859200
}
],
"meta": {
"cursor": 1719859200
}
}
Copy a working snippet and replace YOUR_API_KEY with your dashboard token.
# List US numbers
curl -s "https://instant-sms.com/api/v1/countries/us/numbers" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"
# Poll new messages (pass cursor from last poll)
curl -s "https://instant-sms.com/api/v1/numbers/14165550198/messages?after=1719859000" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"
import { InstantSmsClient } from '@instantsms/sdk';
const client = new InstantSmsClient({
apiKey: process.env.INSTANTSMS_API_KEY,
});
// Pick a Canadian number for your test
const { data: numbers } = await client.numbers.list('ca');
const number = numbers.find((n) => n.active);
console.log('Using number:', number.number);
// Poll until a verification code arrives
let code;
for (let i = 0; i < 24; i++) {
const { data: messages } = await client.messages.list(number.slug, {
after: messages?.meta?.cursor,
});
code = messages.find((m) => m.code)?.code;
if (code) break;
await new Promise((r) => setTimeout(r, 5000));
}
console.log('Verification code:', code);
use InstantSms\InstantSmsClient;
$client = new InstantSmsClient(apiKey: config('services.instantsms.key'));
// List numbers and pick one
$numbers = $client->numbers()->forCountry('ca');
$number = collect($numbers)->firstWhere('active', true);
// Poll for the verification code
$code = null;
$cursor = null;
for ($attempt = 0; $attempt < 24; $attempt++) {
$response = $client->messages()->forNumber($number->slug, after: $cursor);
$cursor = $response->meta->cursor;
$code = collect($response->data)->firstWhere('code', '!=', null)?->code;
if ($code !== null) {
break;
}
sleep(5);
}
// Use $code in your Pest / PHPUnit assertion
A repeatable pattern for E2E and integration tests that depend on SMS verification.
Call GET /countries/{iso}/numbers and pick an active number that matches the region your app expects.
Enter the E.164 number in your sign-up or login flow so the service sends an SMS to the public inbox.
Poll GET /numbers/{slug}/messages?after={cursor} every few seconds. Stop when detected_code is present in the response.
Pass the extracted code back into your app or test assertion to finish the onboarding step automatically.
Public inboxes are visible to anyone. Use the API for QA, staging, and development - not for production user authentication or sensitive account recovery flows.
Yes. Developer access and reasonable test volumes are free. Rate limits apply to keep the platform fair for everyone.
Yes. Sign in and create an API key from the dashboard. Public registration is limited, so contact us if you need a developer account.
Use the JavaScript SDK for Node-based E2E tests (Playwright, Cypress) and the PHP SDK for Laravel or Pest feature tests. Both wrap the same REST API.
Poll the messages endpoint with the after cursor from your last read message. Most codes arrive within 10-30 seconds; retry for up to two minutes in CI.
The API is designed for development, QA, and staging workflows. Do not rely on public temporary numbers for production user verification.
401 means your API key is missing or invalid. 429 means you hit the rate limit - back off and retry with exponential delay.
Sign in, create an API key, and start polling verification codes in minutes.