Skip to main content
The InteractSMS API v2 uses OAuth 2.0 password grant to issue short-lived JWT access tokens. Every API request must include a valid token in the Authorization header.

Step 1: Obtain a token

Send a POST request to the auth server with your credentials: 
curl -X POST https://auth.interactsms.com/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=password&client_id=ismstoken&username=YOUR_USERNAME&password=YOUR_PASSWORD"
Successful response: 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 120,
  "refresh_expires_in": 1200,
  "refresh_token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "scope": "email profile client_id"
}
Access tokens expire after 120 seconds. Refresh tokens expire after 1200 seconds. Build token refresh logic into your integration.

Step 2: Use the token

Pass the access_token as a Bearer token in all API requests: 
curl https://api.interactsms.com/api/v2/senderlist \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Token expiry & refresh strategy

TokenExpiry
access_token120 seconds
refresh_token1200 seconds
Because tokens are short-lived, the recommended approach is to re-authenticate before each request or implement proactive refresh. The safest pattern is to catch a 401 Unauthorized response and immediately re-authenticate with your credentials before retrying the request. 
async function getToken() {
  const res = await fetch('https://auth.interactsms.com/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    body: new URLSearchParams({
      grant_type: 'password',
      client_id: 'ismstoken',
      username: process.env.ISMSAPI_USERNAME,
      password: process.env.ISMSAPI_PASSWORD
    })
  });
  const { access_token } = await res.json();
  return access_token;
}

async function apiRequest(path, options = {}) {
  const token = await getToken();
  const res = await fetch(`https://api.interactsms.com${path}`, {
    ...options,
    headers: {
      ...options.headers,
      Authorization: `Bearer ${token}`,
      'Content-Type': 'application/json'
    }
  });
  if (res.status === 401) throw new Error('Authentication failed');
  return res.json();
}
Never hardcode credentials in your source code. Use environment variables or a secrets manager.

No sandbox environment

There is currently no sandbox or test environment. All API calls run against the live production system and will consume message credits. Test with a small number of your own numbers to verify your integration before going live.

Credentials

Your username and password are available from your Phonovation account. Contact support@phonovation.com if you need access.
Last modified on April 9, 2026