TurkeySMS
About Us
Who we are
Why TurkeySMS
Our advantages
Media Center
Press & media
Data Privacy
Privacy & security policy
How We Work
Our values and principles
Reseller Program
Join our reseller network
Bulk SMS
High-volume messaging
Turkey SMS
Domestic carrier-level SMS
Excel to SMS
Bulk send from Excel
OTP SMSNew
One-time password delivery
E-Commerce SMS
Order & campaign notifications
E-Invoice SMS
Digital invoice notifications
WordPress Plugin
SMS integration for WordPress
WooCommerce
E-commerce SMS notifications
Make.comNew
1,000+ ready-made scenarios
ZapierNew
2,000+ app connections
n8nNew
Open-source automation
SMS API
REST API integration
Integration Hub
All integrations
Pricing
Contact Us
Get in touch
Knowledge Base
Guides and how-tos
Compliance AcademyNew
Legal SMS sending guide
Support Center
Submit a support request
Developers
API & documentation
Documentation
API reference & guides
Log inGet Started
TurkeySMS
Pricing
Log inGet Started
DocumentationV4
Overview
Core
QuickstartAuthenticationSend SMSSend OTPBulk SMSQueriesWebhooks
Reference
Response CodesDelivery LifecycleReliabilityBillingVersioningn8n Community Node
Home/Documentation/Authentication
Stable

Authentication

Requests are authenticated with the api_key in the JSON body. Key management and security.

Every request is a POST request and must include the api_key field in its JSON body. There is no Authorization header and no Bearer token. The Content-Type: application/json header is required on every request.

Never expose your API key in client-side code (web/mobile), public repositories, or shared files. A key grants access to your entire account.

Validate a key

The /auth/check endpoint returns, in a single request, whether your key is valid, your account status, and which permissions are defined.

POSThttps://api.turkeysms.com.tr/auth/check
cURL
curl -X POST https://api.turkeysms.com.tr/auth/check \
  -H "Content-Type: application/json" \
  -d '{"api_key": "YOUR_API_KEY"}'
200 OKResponse
{
  "result": true,
  "result_code": "TS-1000",
  "key_details": {
    "status": "Active",
    "permissions": {
      "send_single_sms":  true,
      "send_otp":         true,
      "send_bulk_sms":    true,
      "check_balance":    true,
      "check_sms_status": true
    }
  },
  "account_summary": {
    "account_status": "Active",
    "balance": { "main": 1500, "international": 250 }
  }
}

Permission matrix

Each key has its own set of permissions (e.g. send_single_sms, send_otp, send_bulk_sms, check_balance). If a key lacks the permission for an operation, the request is rejected with TS-1065. Scoping permissions with a separate key per environment is recommended.

Key security

  • Keys are account-bound and can be rotated at any time.
  • Revocation is immediate — a revoked key is rejected at once.
  • An IP allowlist can be defined per key; only requests from listed IPs are accepted.
PreviousQuickstartNextSend SMS
BTK
Information and Communication Technologies Authority
İYS
Message Management System
KVKK
Personal Data Protection
ISO 27001
Information Security Management
USOM / SOME
Cyber Incident Response System
TurkeySMS

TURKEYSMS BİLİŞİM VE İLETİŞİM HİZMETLERİ TİCARET LİMİTED ŞİRKETİ
Licensed operator by the Information and Communication Technologies Authority of Turkey (BTK).

Services

Bulk SMSTurkey SMSOTP SMSSMS APIE-Commerce SMSIndustry SolutionsTest Our Service

Company

BlogNewsLicenses & CertificatesBank AccountsBrand GuideCase StudiesRequest a Callback

Support

Help CenterContact UsDeveloperIntegration HubWordPress PluginSMS Opt-Out / RETAccount Types

Legal

Trust & Compliance CenterCompliance AcademyReport Content Abuse
SSL Secure Connection
BTK Licensed Platform
© 2026 TurkeySMS. All rights reserved.
Service Status
SitemapKVKKTrust & Compliance Center