MyFreeText API

Send and receive SMS programmatically using your API key.

Authentication

  • Preferred: Authorization: Bearer <API_KEY> (also supports X-API-Key).
  • Legacy: username / password fields (backward compatible).

Send SMS

POST https://www.myfreetext.com/sms/api/api_send.php

Request (JSON)

{
  "from": "13051234567",
  "to": ["12125550100","(765) 369-3948"],
  "message": "Hello from MyFreeText",
  "dlr_callback_url": "https://client.example.com/dlr" // optional
}
  • from: your assigned DID (digits only). If omitted, we use your first DID.
  • to: string or array; we normalize to digits-only. US 10-digit → prefixed with 1.
  • message: UTF-8 text.

Example

curl -X POST https://www.myfreetext.com/sms/api/api_send.php \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"from":"13051234567","to":["12125550100","(765) 369-3948"],"message":"Hello"}'

Example (PHP)

<?php
$apiUrl = "https://www.myfreetext.com/sms/api/api_send.php";
$apiKey = "<API_KEY>";

$data = [
    "from" => "13051234567",
    "to" => ["12125550100","(765) 369-3948"],
    "message" => "Hello from PHP!"
];

$ch = curl_init($apiUrl);
curl_setopt_array($ch, [
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer $apiKey",
        "Content-Type: application/json"
    ],
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POSTFIELDS => json_encode($data)
]);

$response = curl_exec($ch);
curl_close($ch);

echo $response;
?>

Response

{
  "ok": true,
  "accepted": [{"to":"12125550100","gateway_http":200,"gateway_response":"..."}],
  "failed":   [],
  "invalid":  [],
  "balance":  12.3456,
  "price_each": 0.009
}

Receive SMS

Choose either (or both):

  1. Webhook push (recommended) — we POST to your URL in real time.
  2. Polling — you GET messages from our inbox endpoint.

A) Webhook push

We send JSON to your configured API Webhook URL with an HMAC signature.

{
  "from": "12125550100",
  "to": "13051234567",
  "message": "hello!",
  "timestamp": "2025-08-23T18:05:11Z",
  "account_number": "1234567",
  "portal_msg_id": "98765"
}

Header: X-MFT-Signature: sha256=<hex(HMAC_SHA256(raw_body, api_key))>

Verify (PHP) 
$raw = file_get_contents('php://input');
$sig = $_SERVER['HTTP_X_MFT_SIGNATURE'] ?? '';
$expected = 'sha256=' . hash_hmac('sha256', $raw, '<API_KEY>');
if (!hash_equals($expected, $sig)) { http_response_code(401); exit; }
$payload = json_decode($raw, true);

B) Polling inbox

GET https://www.myfreetext.com/sms/api/inbox.php

Header: Authorization: Bearer <API_KEY>

Params: direction=in|out|both (default in), since_id=0, limit=1–500, optional from/to filters (digits-only).

curl -G 'https://www.myfreetext.com/sms/api/inbox.php' \
  -H 'Authorization: Bearer <API_KEY>' \
  --data-urlencode 'direction=in' \
  --data-urlencode 'since_id=0' \
  --data-urlencode 'limit=100'

Number formatting

  • Carrier requires digits-only (no +).
  • US/CA: 10-digit numbers are sent as 1XXXXXXXXXX. International 8–15 digits accepted.

HTTP Status

  • 200 success (see accepted/failed)
  • 401 auth missing/invalid
  • 402 insufficient balance
  • 422 validation error
  • 5xx gateway/server error

Questions? Contact support and include sample request/response (redact keys).