iRestWEB SMS
A simple REST API for sending SMS on Israeli networks — with per-customer billing, credit lines, bulk queueing, and a full audit trail on every message.
iRestWEB SMS sits between your applications and the Israeli SMS carrier network. Client apps — websites, contact forms, backend systems — call a simple REST API with an API key and token; the gateway validates the account, checks the balance, normalizes the destination numbers (+972/972/0 prefixes all accepted), and relays the message upstream. The sender name shown on the recipient's phone is your account name.
Billing is per-customer and Unicode-aware: messages are split into 134-character segments counted with multibyte awareness, so Hebrew, Arabic, and emoji content is priced correctly. A dedicated endpoint previews the segment count before you send, and a balance endpoint reports your remaining credit. For postpaid-style arrangements, accounts can be granted a negative-balance credit line with a hard limit.
Sending to one number is synchronous — you get the delivery result and a tracking reference immediately. Passing an array of numbers switches to bulk mode: the batch is fully validated up front (credentials, balance, destinations), queued, and fanned out asynchronously while the API returns at once.
Every request — successful, failed, or queued — is logged with the real client IP (proxy-aware, spoofing-validated), device type, OS, browser, sanitized headers and payload (tokens and passwords automatically redacted), and the delivery outcome. That gives you a complete per-message trace for debugging, fraud detection, and compliance. This is the same gateway that powers SMS verification in iRestDC and notifications in iRSHOP.
What you get
Simple send API
POST /api/sms/send with api_key, api_token, to, and message. Accepts JSON, form URL-encoded, or query-string input — works from backends, HTML forms, and low-code tools alike.
Bulk via queue
Pass an array of numbers to fan one message out to many recipients. The batch is validated before queueing and rejected up front if it would breach your balance.
Segment calculator
A dedicated endpoint returns exactly how many 134-character segments a message will consume — multibyte-aware, so Hebrew, Arabic, and emoji are counted correctly. Preview cost before sending.
Balance API
Check your money balance, per-segment price, and derived remaining-segments count at any time with one GET request.
Credit lines
Accounts can be allowed to go below zero up to a configured limit — enabling postpaid, trial, and VIP billing models with a hard stop and a descriptive error when exhausted.
Dual-credential auth
Every call requires two per-account credentials — an API key and an API token — via query, body, or Authorization: Bearer header. Invalid credentials get a clean 401.
Forensic audit log
Every request is logged with real client IP (proxy-aware), device type, OS, browser, method, URL, and sanitized payload — secrets are redacted automatically before storage.
Israeli number handling
All common Israeli number formats are accepted and normalized automatically, and invalid destinations are rejected before a message is ever sent.
Form-to-SMS forwarding
Extra fields on a send request are appended to the message body automatically — wire a website contact form straight to SMS with zero formatting code.
Where it shines
- Contact-form alerts: forward website form submissions — including extra fields — straight to the owner's phone.
- Transactional notifications from backend apps: order confirmations, appointment reminders, OTP-style notices.
- Bulk announcements to a recipient list with one queued API call.
- Reselling SMS capacity with per-customer pricing, balances, and expiry dates managed from the admin panel.
- Fraud investigation using the per-request audit log: IP, device, OS, browser, and full sanitized payload.
Under the hood
Hosted API service operated by iRestWEB. Accounts are created per customer with individual per-SMS pricing, prepaid balance, and optional negative-balance credit lines. Contact us for an account and pricing.
Common questions
Every request needs two credentials issued with your account: an api_key and an api_token. Send them as query parameters, in the JSON or form body, or pass the token as an Authorization: Bearer header.
Interested in iRestWEB SMS?
Tell us about your use case and we'll come back within one business day — with answers, a demo, or a clear quote.
Ask about iRestWEB SMS