Skip to main content
Webhooks are available on request. Contact support to enable for your account.
VirtualSMS can send HTTP POST requests to your endpoint when:
  • An SMS arrives on your number
  • An order expires
  • A deposit is confirmed

Payload format

{
  "event": "sms_received",
  "order_id": "abc123",
  "phone_number": "+447911123456",
  "service": "telegram",
  "sms_code": "12345",
  "full_text": "Telegram code: 12345",
  "received_at": "2026-03-15T12:00:00Z"
}

Events

EventDescription
sms_receivedSMS arrived on your number
order_expiredOrder expired with no SMS
deposit_confirmedCrypto deposit credited to balance

Security

Requests include an X-Signature header — HMAC-SHA256 of the raw body using your webhook secret. 
import hmac, hashlib

def verify(secret, body, signature):
    expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, signature)