CM API Docs

AutoCollect

The AutoCollect API is for customers who wants to be in charge of their scheduled payments. Set up a payment plan, link payment periods to it and attach your debtors. After this AutoCollect will suffice the payments over the set up periods and will notify when a payment is successful. Currently it is possible to handle payments via a direct debit without interaction with the debtor, or via iDEAL where a link is send to the debtor's e-mail or phonenumber.

To the docs

Bulk SMS

CM's Bulk SMS Gateway enables you to send text messages to mobile phones all around the world in very high volume. To integrate this functionality into your application, you (or your developers) should implement communication with our API. The Bulk SMS Gateway API covers the interface between your application and the CM Platform by means of the HTTP protocol. Only bulk (free of charge for the end user) text messages are supported.

To the docs

CM Authenticator

CM Authenticator is an easy to use authentication product that ensures the identity of your online users by adding an extra factor of authentication via the mobile phone. When a user tries to login on your environment, the extra authentication will be presented to verify their attempt. The user can approve or deny this request instantly and securely via the CM Authenticator app on their smartphone. If there is no app available, an SMS can be received instead. Once the attempt has been approved, the user can then safely proceed. Prerequisites Environment credentials (can be registered at and obtained from the Authenticator dashboard) Authentication flow Instant: Create an instant authentication request User has the app installed, but not your environment added? A QR code image will be returned. The API will deliver it to the user via SMS or push Check the authentication status: Listen for changes using the WebSocket and verify the JWT Checking the status manually If approved, grant the user access OTP: Create an OTP authentication request The API will deliver it to the user via SMS or push The user enters the OTP Verify the OTP If correct, grant the user access API implementations PHP library (sample) Request requirements The API endpoint is https://api.auth.cmtelecom.com/authenticator/v1.0 and will be called BASE_URL. To verify requests, the Authorization header is used. This header contains a JSON Web Token and follows the format: Authorization: Bearer JWT_TOKEN. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA. More about JWT and a list of implementing libraries: jwt.io. JWT structure JWT's are signed using the HMAC-SHA256 algorithm and your environment secret as the key. Header: { "alg": "HS256", "typ": "JWT" } Required: alg = algorithm: must be set to HS256 (HMAC SHA-256) typ = type: must be set to JWT Payload: { "iat": 1483228800, "nbf": 1483228800, "exp": 1483228860, "sig": "b648d17f048ec72f7e54b107faa2c87625ae9d639734cc5f978194e5d3a0c211", "auth_id": "2b1f49da-b05d-4f46-ec2f-3668d976fd2c" } Required: iat = issued at: claim identifies the time at which the JWT was issued. nbf = not before: claim identifies the time before which the JWT MUST NOT be accepted for processing. exp = expiration time: claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing. Depends on request (may be optional or required): sig = signature: the SHA-256 HMAC of the raw JSON body used to verify the integrity of the request body. Use your environment secret for the HMAC secret. auth_id = authentication ID: the ID of the authentication request

To the docs

Conversions

The purpose of the Conversion web api is to enable the third party to deliver conversion details per message to CM. A conversion is a confirmation by a third party that their end-user has used the contents of the sms/voice/push message that was processed by CM. Credentials will be provided by your account manager

To the docs

Hybrid Messaging

With Hybrid Messaging you are able to deliver messages to any phone number via SMS or Push. When the end users phone number has your app or our free Notifire app installed, the platform can deliver your message via push which is 50% of the SMS price. If the end user on the phone number does not have your app or Notifire installed, the message will automatically be send as an SMS.

To the docs

iDIN

iDIN is a service by the banks, that allows customers to identify themselves with websites, using the same secure methods as their own bank uses. It is similar to the iDEAL system in how it works and operates. In addition to identification, it can also provide the connecting website with information about name, address and age of the consumer, if the consumer agrees to provide these. CM provides a simple API to integrate these options into your website. How does it work ? The merchant asks the customer to select his bank Start the request for authentication/information The customer is redirected to this bank The customer logs into his bank and approves the transaction The bank sends the customer back to the merchants (your) landing page The merchant rejoins the customer to his session and retrieves the transaction. You check with the CM iDIN system if the transaction was successful and receive the requested customer information. If you are curious about how your consumers would be using iDIN, then you can experiment with CM's iDIN demonstration. Please let us know if you are interested in alternate methods like OpenID Connect and SAML. Usage The iDIN system allows you to service several use cases Checking if someone is known with a bank. To see if the user is a legal entity known to a bank To be able to trace the user in case of fraud. Being guaranteed that this is always the same person. For instance: To log a user into your system To avoid people registering multiple (fake) accounts in your system. To check if a user is above a certain age limit Retrieving name, address and age information of that person. You should always allow the user to override or change this information, because it is not guaranteed that the information is always correct or complete (someone could have moved but not yet have informed his bank). Match this against your own information and trigger audit signals Things you should not do: Matching an account in your system on the basis of name/address attributes. Either create a new account after user identified with iDIN or have the user log into your system before coupling with an iDIN identity Visual style There is a visual style that you are required to follow when using the iDIN brand. The logo's for iDIN can be downloaded here.

To the docs

Number Verifier

The NumberValidation API validates any phonenumber. It will tell you the formatting options and type of the number, and will determine the most likely carrier.

To the docs

One Time Passwords

Stay ahead of cybercrime and protect your organisation against fraudulent login attempts and potential catastrophic effects on your business. CM Secure solutions offer unique Hybrid Two-factor, One Time Password solution that can be delivered in your app via Push or via our reliable high quality SMS routes. With the OTP API you can generate one time passwords, deliver them via SMS or Push and verify the response. Version 1.0 The Base URL is https://api.cmtelecom.com HTTP Headers: X-CM-ProductToken - your product token (string)

To the docs

Payments

emphasized textCM payments offers a solution for online payment transactions. The system supports several payment methods eg iDEAL, Credit Cards, Afterpay and Bancontact.

To the docs

Sms Campaign

Do you know the SMS Campaign App? Well this is the API behind the app we all know and love. It allows you to manage and send out campaigns programatically, just like the app does.

To the docs

Transactions API

This API provides insight into all individual messages send through your account. A lot of details about every message are available, like deliverytime and the message content.

To the docs

Voice API

The Voice API is a system that enables you to easily write IVR (Interactive Voice Response) applications without setting up complicated telephone systems. The Voice API is actually not a web API, but rather a web client, as it will call your server to inform it of updates and ask for the next step(s) to perform. Only the endpoint that allows you to initiate an outbound call is an actual web API. The Voice API server will call your http(s) server using a POST command and it will send JSON data containing information on a new incoming call, a newly setup outgoing call or a status update on a call (done playing audio file for instance). Your server will have to acknowledge this new information and reply with the next steps, such as "play an audio file", "make a voice recording" or "get DTMF (number) input". When the Voice API has performed these steps, it will again contact your server with updates on these steps and your server will again give it the next step(s), etc. Only when the Voice API sends a "disconnected" message will it not be expecting a new step to take, it will just expect a 200 - OK message.

To the docs

Voice API Apps

The Voice API Apps are a set of pre-configured apps for outbound scenarios. Currently, the set consists of the following three apps: Notification One Time Password (OTP) Request DTMF These apps can be initiated by sending a request to the CM Server(s), which will initiate the call and once answered, will complete the process (flow) of the app.

To the docs