Skip to main content

Overview

The Lamah SMS API uses Bearer token authentication for all requests. This guide covers everything you need to know about obtaining, using, and managing your API tokens securely.

Getting Your API Token

1

Create Account

Sign up for a Lamah account at https://sms.lamah.com
2

Create Project

Navigate to the Projects section and create a new project
3

Generate Token

Copy the API token from your project settings
4

Secure Storage

Store your token securely using environment variables

Using Your Token

Include your API token in the Authorization header of every request: 
Authorization: Bearer YOUR_API_TOKEN

curl --request GET \
  "https://sms.lamah.com/api/project/details" \
  --header "Authorization: Bearer YOUR_API_TOKEN"

Security Best Practices

Environment Variables

Store tokens in environment variables, never in code

Rotate Regularly

Generate new tokens periodically for security

Limit Scope

Use project-specific tokens with minimal required permissions

Monitor Usage

Regularly monitor API usage for suspicious activity

Token Management

Environment Variables

LAMAH_API_TOKEN=your_actual_token_here
LAMAH_BASE_URL=https://sms.lamah.com

Token Validation

Test your token with a simple API call: 
const validateToken = async (token) => {
  try {
    const response = await fetch('https://sms.lamah.com/api/project/details', {
      headers: { 'Authorization': `Bearer ${token}` }
    });
    
    if (response.ok) {
      console.log('✅ Token is valid');
      return true;
    } else {
      console.log('❌ Token is invalid');
      return false;
    }
  } catch (error) {
    console.log('❌ Network error:', error.message);
    return false;
  }
};

Common Authentication Errors

401 Unauthorized

{
  "error": "Invalid API token",
  "code": "UNAUTHORIZED"
}
Solutions:
  • Verify your token is correct
  • Check the Authorization header format
  • Ensure the token hasn’t expired

403 Forbidden

{
  "error": "Insufficient permissions",
  "code": "ACCESS_DENIED"
}
Solutions:
  • Verify your project has access to the endpoint
  • Check if your account has the required permissions
  • Contact support if you believe this is an error

SDK Examples

JavaScript/Node.js SDK

class LamahSMS {
  constructor(apiToken) {
    this.apiToken = apiToken;
    this.baseUrl = 'https://sms.lamah.com';
  }

  async request(endpoint, options = {}) {
    const url = `${this.baseUrl}${endpoint}`;
    const config = {
      headers: {
        'Authorization': `Bearer ${this.apiToken}`,
        'Content-Type': 'application/json',
        ...options.headers
      },
      ...options
    };

    const response = await fetch(url, config);
    
    if (!response.ok) {
      const error = await response.json();
      throw new Error(`API Error: ${error.error}`);
    }

    return response.json();
  }

  async sendSMS(messageData) {
    return this.request('/api/sms/messages', {
      method: 'POST',
      body: JSON.stringify(messageData)
    });
  }
}

// Usage
const sms = new LamahSMS(process.env.LAMAH_API_TOKEN);

Python SDK

import requests
import os

class LamahSMS:
    def __init__(self, api_token=None):
        self.api_token = api_token or os.getenv('LAMAH_API_TOKEN')
        self.base_url = 'https://sms.lamah.com'
        
        if not self.api_token:
            raise ValueError('API token is required')

    def _request(self, endpoint, method='GET', data=None):
        url = f'{self.base_url}{endpoint}'
        headers = {
            'Authorization': f'Bearer {self.api_token}',
            'Content-Type': 'application/json'
        }
        
        response = requests.request(method, url, headers=headers, json=data)
        
        if not response.ok:
            error = response.json()
            raise Exception(f"API Error: {error.get('error')}")
        
        return response.json()

    def send_sms(self, message_data):
        return self._request('/api/sms/messages', 'POST', message_data)

# Usage
sms = LamahSMS()

Rate Limiting

The API includes rate limiting to ensure fair usage:
  • SMS Endpoints: 100 requests per minute
  • OTP Endpoints: 10 requests per minute per phone number
  • Other Endpoints: 1000 requests per minute
Rate limit headers are included in responses: 
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200

Troubleshooting

Wait a few minutes after generating a new token, as there may be a brief propagation delay.
Check if you’re hitting rate limits or if there are network connectivity issues.
Ensure you’re using the correct token for your production environment and that environment variables are properly set.

Next Steps

Once you have authentication working:

Send Your First SMS

Follow our quickstart guide to send your first message

Explore API Endpoints

Browse all available API endpoints and features