Changelog

WhatsApp Business API — send template messages, manage approved templates, list conversations, and receive inbound events via webhook.

Auto top-up billing — configure balance thresholds and automatic Stripe charges to keep your wallet funded.

Usage export endpoint (GET /v1/billing/usage/export) — download a CSV of your usage for any date range.

API Documentation Portal at /docs — interactive reference with 7 language examples, copy-to-clipboard, pagination guide, webhook signature verification, and SDK examples.

Changelog page at /docs/changelog.

Notification preferences endpoint (GET/PATCH /v1/settings/notifications).

Performance: added B-tree and partial indexes on messages, campaigns, contacts, billing_transactions tables — 3–10× query speedup on dashboard.

DLR stats endpoint now cached in Redis for 60 seconds per tenant. Message logs first page cached for 10 seconds.

Reports endpoint now supports filtering by campaign_id, destination number, and date range.

Webhook timestamp validation — requests older than 5 minutes are now rejected automatically.

Stripe integration — create checkout sessions, handle webhooks, download PDF invoices.

Dynamic rates system — rates per country/carrier can now be updated without a code deploy.

Admin billing endpoints: revenue overview, per-tenant billing view, transaction export.

Admin rate management: bulk import (CSV), rate history per country code, individual rate CRUD.

Campaign approval workflow — campaigns over a configurable recipient threshold require admin approval before sending.

Audit log (GET /v1/admin/system/audit) — all admin actions recorded with actor, IP, and timestamp.

Billing transactions now include a breakdown field showing cost per segment.

Invoice PDF generation with professional letterhead, VAT breakdown, and QR code.

Race condition in wallet balance deduction when concurrent bulk sends were submitted simultaneously.

Incorrect segment count for messages containing emoji (now correctly treated as Unicode).

Contact management API — create, update, delete contacts with custom fields.

Contact groups — organise contacts into lists for targeted campaigns.

Tags — flexible label system for segmentation.

CSV import for contact groups (POST /v1/contacts/groups/{id}/import).

Opt-out list — STOP replies automatically recorded and enforced on every send.

Opt-out webhook event — receive real-time notifications when someone opts out.

Bulk send now validates against opt-out list before accepting, returning a rejected count in the response.

Contact import: duplicate phone numbers now deduplicated rather than inserted twice.

Campaign API — named batches with state machine (draft → approved → sending → completed).

Scheduled sending — set scheduled_at on any send request (up to 30 days ahead).

WebSocket endpoint (wss://app.bulksmsrates.com/ws) for real-time DLR, campaign progress, and balance updates.

Sender ID management — request and manage approved alphanumeric sender IDs per country.

Message templates API — save reusable message bodies with variable placeholders.

Campaign pause / resume — stop a campaign mid-send and continue later.

Template variable substitution now supports nested objects and array indexing.

WebSocket heartbeat: server sends a ping every 30s, closes after 3 missed pongs.

Webhook management — configure HTTP endpoints to receive DLR events.

HMAC-SHA256 webhook signature verification with timestamp replay protection.

Webhook retry policy: 3 attempts with 5s → 30s → 300s backoff.

SMPP v3.4 access credentials — get SMPP host, system_id, and password via API.

Reports API: message logs (GET /v1/reports/messages) with date/status/destination filters.

DLR stats (GET /v1/reports/dlr-stats) — delivery rate by period.

Account profile (GET/PATCH /v1/settings/profile).

Rate lookup endpoints — check per-country rates for your account tier.

API key secrets now only returned once at creation. Subsequent reads show masked key only.

Core SMS send API (POST /v1/sms/send) with E.164 validation.

Bulk SMS send (POST /v1/sms/bulk) — up to 10,000 recipients per call.

Message status and history endpoints.

JWT authentication with access + refresh token rotation.

API key + secret authentication for server-to-server use.

Google OAuth 2.0 sign-in.

Prepaid wallet billing model with GBP as base currency.

Transaction history and invoice listing.

Rate limiting via token bucket (100 req/s default, configurable).

Sandbox environment with bsms_test_ keys — no real SMS sent.

Cursor-based pagination on all list endpoints.

Consistent error response format with typed error codes.

Health and readiness endpoints for infrastructure monitoring.