Front OTP – SMS Gateway API (Product description)

This document describes only the OTP (one-time code) functionality in the Front SMS Gateway API. It is a simplified and targeted specification for sending one-time codes via SMS using pre-approved message templates. This functionality uses the parameter type=otp along with related OTP parameters.

1 Overview

The OTP SMS API is used for sending one-time codes for authentication, login and verification. The API is HTTP-based and uses JSON over HTTPS.

The OTP SMS API supports only OTP messages and does not allow free-text messages. The message template and structure are automatically generated by the gateway and cannot be customized.

2 Endpoint

POST https://www.pling.as/psk/push.php

Only HTTPS is permitted.

3 Authentication

Authentication is performed using serviceid and optionally IP restriction or password, depending on account configuration. Authentication settings are configured in the SMS Gateway administration panel.

4 Mandatory Parameters for OTP

For the OTP SMS API, predefined sender values are configured when ordering the service.

The following values are included in the message but are not sent as parameters in the API request:

fromid – Sender ID displayed as the message sender on the recipient’s phone

sendername – Name of the company or service displayed in the message text

These values are static per account and cannot be overridden in the API request.

The OTP SMS API supports only HTTP POST with JSON.

Parameter	Description	Allowed Values	Comment
serviceid	Service identifier	Unique service identifier for authentication of the API request	Mandatory
password	Gateway password	No restrictions	Not required when IP authentication is used
phoneno	Recipient mobile number	International phone number with country code (004799999999 or +4799999999)	Mandatory
code	One-time code / password	4-15 characters. Allowed characters: A-Z, a-z, 0-9, ! @ # $ % & * – _	Mandatory – For best compatibility with automatic OTP detection on Android and iOS, numeric codes (0–9) of 4–8 characters are recommended. Longer or alphanumeric codes may reduce support for automatic autofill on some devices.
username	Username for login	Text up to 255 characters. May contain arbitrary text (username, email or other identifier). URL (http:// or https://) not allowed.	Optional Used only in OTP messages to countries requiring pre-approved template. If omitted or empty, the corresponding text segment is automatically removed.
ref	Your ID or reference	Your message reference, max 100 characters or an integer	Optional. If ref is included, ref and phoneno will also be included in the delivery status report.

5 Example JSON Request

Example of HTTP POST with a JSON document:

POST /psk/push.php HTTP/1.1
Host: www.pling.as
Content-Type: application/json

{
  "serviceid": "3",
  "phoneno": "+4799999999",
  "code": "123456",
  "username": "bruker@eksempel.no",
  "ref": "abc"
}

Example message:

Sender (fromid): Min Bedrift

Din kode er 123456

Brukernavn: bruker@eksempel.no

Hilsen Min Bedrift

6 Message Template

Standard OTP template (automatically generated by the gateway with static sender configuration):

Din kode er <code> Brukernavn: <username> Hilsen <sendername>

7 Example Response

{
  "id": 145099,
  "errorcode": 0,
  "description": "OK"
}

8 Error Codes (OTP Relevant)

When sending a message, the gateway returns a response to the URL you submit. This response consists of an errorcode number and an ID reference number unique to the transmission.

Response	Description
errorcode=0	OK (Message sent)
errorcode=1	Invalid mobile number
errorcode=2	Message sent from unauthorized IP address
errorcode=5	No remaining SMS messages on account
errorcode=7	Account blocked by Front, or incorrect serviceid
errorcode=8	serviceid is blank / parameter missing
errorcode=9	phoneno is blank / parameter missing
errorcode=13	Invalid password
errorcode=17	Duplicate message. Message with same phoneno and code sent within 120 seconds.
errorcode=18	Encryption required. Use https instead of http.
errorcode=21	Mobile number blacklisted. Number is known invalid for SMS reception or previously used in connection with misuse.
errorcode=25	ref cannot exceed 100 characters
errorcode=29	code is required for OTP messages and must be 4-15 character
errorcode=39	username invalid

Please note that new error codes may be added in future versions.

9 Delivery Status (Optional)

The delivery status of a message is continuously posted to the URL you have configured to receive it. This service is optional.

Parameter	Description	Allowed Values	Comment
status	New status on SMS	-1, 4, 5	See below
origid	ID Reference Number	Same number as confirmation ID when the message was sent	Unique number for each text message
ref	Your reference	text up to 100 characters	The «ref» that was supplied when the text was sent
phoneno	Mobile number the text was sent to	E164 mobile number	Only included when «ref» was supplied

Sample status: https://customer.no/sms?status=4&origid=14509

Sample status with ref: https://customer.no/sms?status=4&origid=14509&ref=abc&phoneno=%2B4799999999

Status -1:

The message is received by the carrier but not delivered to the mobile phone. Note: this status can come after status 4 if the message is delivered immediately.

Status 4:

The message has been received by the recipient’s mobile phone. It is not known whether the recipient has read the message, but the operator has registered the delivery.

Status 5:

The message has failed. In most cases, this is due to sending a message to a mobile phone number that is not in use. It may also occur due to operational errors among telecom operators.

If another telecom provider than Telenor is used, missing status normally indicates that the message is still in transit. The most common reason for not attaining the status is that the recipient has turned off the mobile phone or is located in an area without coverage. In some cases, no status is received even if the message is delivered.

10 SMS Character Set and Segment Calculation

OTP messages are sent either as GSM 7-bit or Unicode (UCS-2), depending on the characters included in the message.

GSM (GSM 03.38)

1 SMS: up to 160 characters

Multipart SMS: 153 characters per segment

Certain extended GSM characters (e.g. { } [ ] \ ^ ~ | €) count as 2 characters

Unicode (UCS-2)

1 SMS: up to 70 characters

Multipart SMS: 67 characters per segment

Used when the message contains characters outside the GSM standard (for example certain special characters or emoji)

The character set is automatically determined by the gateway. The customer cannot override this in the OTP SMS API.

If the username parameter contains characters outside the GSM standard, the message will be sent as Unicode. This reduces the number of available characters per SMS and may result in multiple segments.

Segment calculation is handled automatically by the gateway. Concatenated messages are displayed as a single message to the recipient but are billed per SMS segment.

11 Security and Recommendations

It is recommended to implement rate limiting, IP restrictions and protection against misuse for OTP functionality.

12 History

V1.01 (01.03.2026): First published version.