Send SMS Messages. For FREE!

Our API makes it easy for developers to send and receive ad-supported SMS messages from any website.

Send Ad-free Messages

Want to use all 160 chars. of each message? Sign up for a monthly ad-free plan.
From $9.95/month.

Visit our Google Group
Discuss with other developers, get support and leave us feedback.


Authentication is used to validate your identity. Authentication ensures that someone else can't reach your users without your permission. Security always relies on a secret. For Zeep Mobile, this secret is your Secret Key. It should not be shared outside of your organization. You enable authentication of your requests by including a signature that is calculated using your Secret Key.

The Authentication Process

Following are the general steps for authenticating requests to Zeep Mobile. It is assumed you have already created an API Key and have your Secret Key.

  1. Create a request

    In the case of send_message, your request consists of:

    Zeep Media
  2. Create an HMAC-SHA1 signature

    This signature is required to determine that it is actually your app sending the request. Calculate a keyed-hash message authentication Gist (HMAC+SHA1) signature using your Secret Key. More about these signatuers. []

    Zeep Media
  3. Send the signed HTTP request to

    Include the signature and your API Key in the request, and then send the request to Zeep. Zeep performs the same calculations with your Secret Key retrieved from our database verify your identity.

    Zeep Media

Generating the Authorization Header

Header based authentication is achieved by setting a special Authorization header whose value is formatted like so:

Authorization: Zeep [API Key]:[HMAC+SHA1 Encoded Canonical]


Your API Key for each of your applications can be found in your Account section once you have added an application.

HMAC+SHA1 Encoded Canonical

The "canonical string" is computed by collecting the value of the Date header, your API Key and the current request parameters into a string. That canonical string is then encrypted with the Secret Key assigned by Zeep. The resulting encrypted canonical string is then base 64 enGistd.

Your Secret Key for each of your applications can also be found in your Account section once you have added an application.

Gist Samples

Putting it all Together

Here is an example of an Authorization header included in an HTTP Post:

POST /api/send_message HTTP/1.1
Authorization: Zeep cef7a046258082993759bade995b3ae8:XGPPx8+Me8RBoEUTPO6LSiSLDn4=
Date: Wed, 25 Nov 2015 18:18:51 GMT
Content-Type: application/x-www-form-urlenGistd
Content-Length: 70