Overview
Send and receive messages globally over SMS, RCS, WhatsApp, Viber Business, Facebook messenger and other popular channels using the Sinch Conversation API.
Note:
If you would like help setting up your Conversation API solution, and want to quicklky get started sending and receiving messages, review our Getting Started guide.
The Conversation API endpoint uses built-in transcoding to give you the power of conversation across all supported channels and, if required, full control over channel specific features.
Download the OpenAPI specification here.
Authentication
OAuth2.0 authentication
Achieve more secure API authentication with OAuth 2.0 access tokens.
Access tokens are short lived. Typically, they will only last one hour. This is done to keep your data (and ours) safer.
In exchanging credentials, you'll get a long string called an access token. This access token will serve as your bearer token in the authorization header of API calls.
Find your credentials in the Sinch Customer Dashboard.There are two pieces of information needed to obtain an access token: the key ID and key secret corresponding to your project ID.
To get an access token, do the following:
- Login to the Sinch Client Dashboard to get your access keys.
- Click on Create Access Key and when prompted, enter a display name, then click Confirm.
Does it have to be a new key?
Not at all. If you have existing credentials saved, feel free to use them.
- A Key ID and Key Secret will display. Save the project ID, key ID, and key secret someplace safe.
Important:
The key secret is only viewable at the time of initial creation.
If you accidentally misplace they key secret, no worries! Create a new key.
- Using the following curl command, get your access token using the key ID and key secret.
curl https://auth.sinch.com/oauth2/token \ -d grant_type=client_credentials \ -u YOUR_Key_ID:YOUR_Key_Secret - You'll see your new access token in the response. Now you're ready to use this token on calls to the API. The access token will be useable for one hour.
Short lived
The access token is meant to be short lived for enhanced security. Generate one as often as it is necessary.
Basic authentication
HTTP Basic authentication works on all Sinch REST APIs. Basic auth is often the preferred option for testing because it is simple and easy to use.Important!
Basic authentication is intended for test purposes only, and should only be used for experimenting with APIs and building prototypes. API calls using basic authentication are heavily rate limited, and these limits may change at any time without warning. Production systems should use OAuth access tokens instead.
Basic authentication is sent in the authorization header with each call.
No matter the programming language, there are three main components for successful basic authentication in a request:
- The designation of authorization type, which is
basic - The
username, which in Sinch's case isYOUR_Key_ID, corresponding to your project - The
password, which isYOUR_Key_Secret, again, corresponding to the project
Need help?
To use basic auth in an API call, do the following:
- First, create a new access key in the Customer Dashboard by clicking Create Access Key.
- Copy your project ID, key ID, and key secret.
Important:
Keep your key secret somewhere safe as it is only viewable upon initial project creation. The project ID and key ID are always readily available in the Customer Dashboard. If you misplace your key secret, simply generate a new key!
- Use your key ID as the username (sometimes called the
client_id) and your key secret as the password (can be referred to as theclient_secret) in every call made to a Sinch API.
Base URL
The following URLs can be used when making calls to the Conversation API (or Template Management API, which is used in coordination with the Conversation API). The Conversation Batch API endpoints, which are available for beta testing, are also listed.
| Server | URL |
|---|---|
| Conversation API (US Production) | https://us.conversation.api.sinch.com |
| Conversation API (EU Production) | https://eu.conversation.api.sinch.com |
| Conversation API (BR Production) | https://br.conversation.api.sinch.com |
| Template Management API (US Production) | https://us.template.api.sinch.com |
| Template Management API (EU Production) | https://eu.template.api.sinch.com |
| Template Management API (BR Production) | https://br.template.api.sinch.com |
| Conversation Batch API (Beta) (US) | https://us.conversationbatch.api.sinch.com |
| Conversation Batch API (Beta) (EU) | https://eu.conversationbatch.api.sinch.com |
| Conversation Batch API (Beta) (BR) | https://br.conversationbatch.api.sinch.com |
Note that, when making a call to the Conversation API or Template Management API, you must target the regional server that corresponds to the region in which you created your Conversation API app.
Postman collection
Sinch offers a Postman collection for easy setup and testing during development. For ease of use, follow the next link Postman Collection, into a Firefox browser or, use the Import option in Postman.
After importing the collection, fill in the following variables:
| Variable | Value |
|---|---|
PROJECT | Your PROJECT ID |
APP | Your app ID |
CLIENT_ID | Your CLIENT_ID |
CLIENT_SECRET | Your client secret |
For testing purposes, fill the WEBHOOK_URL by visiting https://webhook.site/ and use the generated link - the one under the Your unique URL label.
Caution:
The https://webhook.site/ URL given above should only be used for testing purposes. Using the Conversation API can generate high volumes of callbacks, which can easily exceed the TPS limits of certain webhook services. Additionally, sensitive information may be included in the callback, including message content and contact information. Ensure that you use a scalable and secure callback/webhook processor after your initial testing is complete.
Values for other variables can be obtained by calling corresponding requests:
CONTACT- ID of contact created by calling **Create contact** request.WEBHOOK_ID- ID of webhook created by calling **Create webhook** request.CONVERSATION- a Conversation is created automatically when sending a new message. For example, with a Text Message request, send a message, then call [List conversations](https://developers.sinch.com/reference#conversation_listconversations) to get the ID of the conversation for this variable.
Errors
When requests are erroneous, the Sinch Conversation API will respond with standard HTTP status codes, such as4xx for client errors. All responses include a JSON body of the form:{
"error": {
"code": 401,
"message": "Request had invalid credentials.",
"status": "UNAUTHENTICATED",
"details": [{
"@type": "type.googleapis.com/google.rpc.RetryInfo",
...
}]
}
}The table below describes the fields of the error object:
| Name | Description | JSON Type |
|---|---|---|
| Code | HTTP status code | Number |
| Message | A developer-facing error message | String |
| Status | Response status name | String |
| Details | List of detailed error descriptions | Array of objects |
Common error responses
| Status | Description |
|---|---|
| 400 | Malformed request. For example, the message body of a request made to the message/send endpoint does not contain the app_id field, which is required. Alternatively, this error may be triggered if required fields are included, but populated incorrectly. For example, the app_id field is included in a message/send request, but the value is not a ULID (and, therefore, fails a basic form check). |
| 401 | Incorrect credentials. For example, you may get this error if you provide incorrect client_id and client_secret values when using basic authentication. You may also get this error if you provide a bearer token generated using incorrect basic authentication credentials or if you provide an expired token (generated using the OAuth2.0 client credentials flow). |
| 403 | Correct credentials but you don't have access to the requested resource. This typically occurs paired with an UNAUTHORIZED message when the provided client_id and client_secret are not associated with the project_id required for most Conversation API calls. Starting February 19, 2025, this error may also be paired with a BILLING_CREDIT_LIMIT_BREACHED message. If paired with BILLING_CREDIT_LIMIT_BREACHED message, the project is blocked due to credit reasons. In this case, check your project's billing configuration and balance. |
| 404 | The resources provided for the call are insufficient to complete the call, or the server cannot locate the required resources. For example, if the app_id provided in the call doesn't match a Conversation API app contained within the corresponding project, or the region in which the app was created does not match the regional server targeted by the call. Additionally, this error occurs if you provide designate Conversation API endpoint that doesn't actually exist. |
| 429 | See Rate Limits. |
| 500 | Something went wrong on our end, try again with exponential back-off |
| 501 | Something went wrong on our end, try again with exponential back-off |
| 503 | Something went wrong on our end, try again with exponential back-off |
Rate Limits
The Conversation API has two kinds of rate limits that may result in status429 Too Many Requests:- Conversation API apps have a maximum MT ingress queue size of 500000 messages, which are drained towards the channel at a rate of 20 messages per second by default (this rate may be higher if the channel has been purchased with a higher capacity).
- Projects are limited to 800 requests per second across all apps and most endpoints. Making over 800 requests per second over an extended period of time may saturate the app-specific ingress queue, resulting in rate limiting.
429 Too Many Requests error. In some cases (for example, the SMS channel), these rate limits can be adjusted. In others (for example, the Instagram channel), they can't be adjusted. For more information about raising project, app, or channel rate limits, contact your Sinch account manager.