Pun-a-day service

Introducing secretGeek's Pun-a-day SMS service as a service. Subscribe now. (Australian customers only, sorry)

Visit PunAday.SecretGeek.net

Telstra, the dominant telco in Australia, just announced a new API for sending/receiving SMS messages, and it seems to be looked after by Frank Arrigo, a top bloke who was once the (very popular) head of Microsoft's evangelism efforts in Australia (if not the world).

You can learn about their API here, and register to get your own key at dev.telstra.com.

Sending a message, in C#, is as simple as this:

// Step 0. Let's prepare the message we're going to send.
// Recipient number should be in the format of "04xxxxxxxx" where x is a digit
string recipientNumber = "0455555555";
var messageBody = "Hello from Leon's Pun-a-day service! Reply STOP for more!" 
var message = "{\"to\":\"" + recipientNumber + "\", \"body\":\"" + messageBody + "\"}";
    
var consumerKey  = "YOURCONSUMERKEY";
var consumerSecret = "YOURCONSUMERSECRET";
using (var client = new System.Net.WebClient { UseDefaultCredentials = true })
{
    // Step 1: Get a token
    var tokenURI = string.Format("https://api.telstra.com/v1/oauth/token?client_id={0}&client_secret=
{1}&grant_type=client_credentials&scope=SMS", consumerKey, consumerSecret);
    var response = client.DownloadString(tokenURI);
    var token = JsonConvert.DeserializeObject<AccessToken>(response);

    string URI = "https://api.telstra.com/v1/sms/messages";

    // Step 2: Send the message you prepared earlier
    client.Headers[HttpRequestHeader.ContentType] = "application/json";
    client.Headers[HttpRequestHeader.Authorization] = "Bearer " + token.access_token; 
    string result = client.UploadString(URI, message);
    // e.g. result == '{ "messageId":"CBCB3DCC991D8AF0" }'


    // Step 3. There is no step 3. Well... you can get the messageid out of the response,
    // and store it. That way when the network calls you back with a reply you know which
    // message they're talkin' about.
    
    // In my first sample app, i just put the string into a viewbag message 
    // so i could view it, without any fuss.
    ViewBag.Message = result;
}

public class AccessToken
{
    public string access_token { get; set; }
    public int expires_in { get; set; }
}

Note that when crafting the message, if any part of the messagebody has been provided by users, then you'll need to protect against Json injection. In fact, I need to just go off on a big tangent at this point demonstrating how dangerous this JSON-Injection voodoo can be...

A quick word about JSON Injection!

So the message we sent to the network looks like this:

{ "to":"0455555555", "body":"Welcome to the pun a day service!"}

Let's say that we've used a form to collect people's phone numbers. And this is the phone number some nasty assailant provided:

0455555555", "body":"Send $100 in bitcoin to address ABCD or your dog will die!"} // { "to":"0455555556

When the message is put together, we might have something like this:

{ "to":"0455555555", "body":"Send $100 in bitcoin to address ABCD or your dog will die!"} //{ "to":"0455555556", "body":"Welcome to the pun a day service!"}

Which could (with only a little more work) slip past Telstra, and allow our malicious person to send arbitrary messages to any victim they wish and have the federal police kicking in your door before you can say "Snap!".

So definitely validate the phone number, using a regular expression (e.g. '^04\d{8}$' ?? Suggestions welcome!) (and remember the ^ and $!!). And if you're putting user content into message bodies, for the love of all that is scientifically validated, please escape any double quotes, restrict the message length, etc, etc. It's cheaper than replacing your front door!

A neat API

All told, I'd rate this a very neat little api. A joy to use.

Now, I only need to come up with a clever idea for an SMS app, that can nett me my retirement goal of 5 million in crisp bills, before my current contract ends. Thoughts?

In the meantime, get your Pun-A-Day!

 

My book "Choose Your First Product" is available now.

It gives you 4 easy steps to find and validate a humble product idea.

Learn more.

(By the way, I read every comment and often respond.)

Your comment, please?

Your Name
Your Url (optional)
Note: I may edit, reuse or delete your comment. Don't be mean.