Login
SMS API

The SMS API behind
100+ Hong Kong
securities firms.

Stable delivery · Honest reporting · Full submission pledge · Complete DLR records

One REST API connects your website, mobile app, and backend — from a single OTP to bulk scheduled sends at scale. Dual-route failover means no single point of failure.

How it works

One API call. Seconds to deliver.

  1. 01
    POST request
    Your system calls the send API
  2. 02
    Direct to carrier
    SS7 route — no grey paths
  3. 03
    OTP on handset
    DLR webhook confirms delivery
SMS received on mobile preview
Fast setup
Configure API right after signup
Dashboard test
Admins send a test SMS in one click
# Send one HK SMS via UFOSEND (X Lead) API
POST https://api.connect.xleadfunnel.com/v1/sms/send
{
"sender": "XLEAD",
"country_code": "852",
"mobile": "912345678",
"content": "Your login code is 482910",
"send_also_ofca_registrants": false
}

Ready to connect?

Get started →See pricing
SMS Dashboard

Track delivery status and DLR webhooks in real time

From send to delivery to webhook callback — every message logged and traceable.

SMS delivery dashboard preview
Proprietary

Link click tracking — SMS & MMS

Each recipient gets a unique identifier at send time — no manual URL building. Compare SMS, MMS, and EDM performance on one platform.

Campaign link (unique per recipient)
gosms.app/···a3f9
847
Clicks
612
Unique
28.4%
CTR
  • · Handled automatically at send — you only supply the destination URL
  • · Dashboard shows clicks, unique clicks, CTR, and time-of-day patterns
  • · Pair MMS campaigns with X Lead redemption tracking — click to redeem, fully measured
Dedicated # Sender IDs such as #BankA, #XLEAD and #UFOSEND shown in the inbox, with an OFCA-verified badge
# Sender ID setup

End-to-end help — our experienced team gets your # Sender ID live

A sender name is the first line of defense for a company’s digital identity, and the bedrock of customer trust. A dedicated # Sender ID precisely establishes brand authenticity — essential for securities firms, banks, and major brands.

Under Hong Kong’s OFCA SMS sender-registration scheme, activating a dedicated # Sender ID involves naming-rule checks, corporate document submission, and secure network configuration — a complex set of steps. Our experienced team provides a one-stop done-for-you service, assisting you all the way and turning complexity into simplicity, so your dedicated Sender ID deploys smoothly and goes live without a hitch.

Get the right format

We help choose and validate a # Sender ID that meets OFCA naming rules.

Set up a secure network

A secure network environment that meets OFCA requirements, to a finance-grade standard.

Why securities firms pick us

3 reasons — each measurable and reconcilable in your dashboard.

01 · Reliability

Finance-grade uptime

Dual-route failover across regional telcos worldwide. If a route degrades, we switch automatically. DLR webhooks confirm the carrier-side state — not just "submitted".

02 · Speed to live

Fast API setup

Full API documentation with sample code included — admins can test from the dashboard in one click and start integrating shortly after signup. We then help you apply your own Sender ID.

03 · Honest reporting

100% submitted to the carrier

Full submission pledge: accepted API requests match network submissions — reconcilable in your dashboard. DLR carries carrier-level error codes; no silent "submitted = success".

Your peers are already using SMS like this

We serve B2C and B2B customers — from retail promotions and clinic reminders to bank statements, securities trade OTPs, and transaction alerts, all running in production.

Web Mobile app

OTP & 2FA

Login codes for trading platforms, banking, exchanges. Sub-second carrier handoff. Dedicated OTP route, separated from marketing traffic.

Transactional notifications

Order status, delivery alerts, appointment reminders, payment confirmations. Personalized at scale via template + variables.

Marketing & scheduled alerts

Promotional broadcasts, appointment reminders, event countdowns. Schedule sends from the dashboard; DLR reports the real delivery state of every message. Outbound-only — we focus on getting your message there on time.

Direct routes to regional telcos worldwide

Hong Kong (852)Taiwan (886)China (86)Japan (81)Korea (82)Singapore (65)Malaysia (60)Australia (61)UK (44)Americas (+1)Thailand (66)Indonesia (62)India (91)UAE (971)

One API, multi-region compliance

Most clients need to reach more than one region. We handle compliance paperwork for each region so your engineers only deal with the API.

Regulatory path
  • Each region has local sender registration and messaging rules
  • Marketing SMS must meet local opt-in and opt-out requirements
  • Some regions require template or content pre-approval
  • We connect you to the right regulatory path per region
What we handle
  • Sender ID / enterprise number / signature registration
  • We walk you through and prepare the OFCA "#" Sender ID application process
  • Set up a secure network that meets OFCA requirements
  • Sender naming and message content review advice
  • Sandbox: as fast as 1 hour where supported
  • easy API setup w/ example

Secure Network

Financial clients choose us not because the API is simple — but because the infrastructure underneath is built to finance-grade.

TLS 1.2+ encrypted API

All API endpoints accept HTTPS only — plain HTTP requests are rejected.

Direct carrier routes — no grey routes

Messages travel via SS7 direct connection to regional telcos worldwide. No third-party hops. DLRs come from the carrier itself.

IP allowlist + signed webhooks

Two-way authentication: client source IPs are allowlisted; our outbound DLR webhooks carry HMAC signatures to prevent forgery.

Data isolation, minimum retention

Message content is encrypted at rest and retained only for the compliance-required window, then purged.

Full audit trail

Every message has a complete audit trail. Financial clients can request monthly reports.

ISO 27001 (in progress)

ISMS certification is currently underway.

FAQ

Can I schedule sends? +

Yes. SMS, MMS, EDM, and WhatsApp all support send-at date and time in the dashboard — appointment reminders, event countdowns, flash offers, newsletters, and template broadcasts go out at the right moment. The API accepts scheduling parameters (e.g. scheduled_at) for system-driven sends. Edit or cancel before the window; SMS and MMS fire DLR after send; WhatsApp reports delivery and read; email has delivery and open tracking.

Will my SMS actually reach the recipient's phone? +

It's the first question every client asks — and the right one. We route SS7-direct to regional telcos worldwide, no grey-route hops. Every message gets a DLR webhook with carrier-level status: delivered, failed, specific error code — not a fake "submitted = success". Your dashboard shows the live state of every message; if it failed, you see why.

Can recipients receive SMS / MMS while they are overseas? +

Usually yes — as long as you send to their registered mobile number (e.g. a client's +852 HK line), the message reaches their home carrier first, then forwards abroad via international roaming. SMS and MMS work differently — delivery and cost are not the same, so we split them below.

Cost: sender (you) — Sending to +852 does not add a separate "roaming send" surcharge because the recipient happens to be abroad; you pay our standard SMS / MMS rate. If they have moved and you send to their new local number, that region's rate applies (see "Can one account send to other regions?").

Cost: recipient — Whether they pay anything depends on their own mobile plan and roaming terms; we cannot guarantee on behalf of their carrier. We recommend telling end users to check roaming SMS / data charges with their provider before travel.

SMS (text only)
Delivery: OTP and transactional messages usually arrive; occasional delays of seconds to a few minutes. Plain text does not require mobile data to be on.
Recipient cost: Some plans include free incoming SMS on roaming; others charge per message — carrier-dependent.
When it fails: Roaming disabled, weak signal, phone off / airplane mode, or some roaming carriers filtering marketing SMS.

MMS (multimedia message)
Delivery: Less reliable on roaming than SMS — use SMS for time-critical notices.
MMS with an image: A notification may arrive first, but downloading the image usually needs mobile data (MMS retrieval often does not work over Wi‑Fi alone). If data roaming is enabled, opening or auto-downloading the image can trigger roaming data charges — even when "receiving the message" is free on their plan, loading the image may still bill data.
Text-only MMS (no image): Still MMS on the network; the phone must fetch a small payload — far less data than image MMS. It may need a brief mobile-data connection but rarely causes noticeable roaming data fees; delivery is still less dependable than SMS.

For both SMS and MMS we submit to the home carrier as normal and report carrier-side status honestly via DLR.

Sender ID / # Sender ID — what are they and why do they matter? +

Sender ID is the sender name shown on the recipient's phone. In the 852 region there are two common forms: an alphanumeric Sender ID (e.g. YourBrand), typically live within one business day; and an OFCA # Sender ID under Hong Kong's SMS Sender Registration Scheme (e.g. #YourBank) — only businesses vetted and registered with OFCA and the Communications Authority may use the # prefix.

What's the difference? Alphanumeric shows your brand name; # additionally signals to recipients that the sender is officially registered, helping distinguish legitimate messages from phishing — they see #YourBank instead of plain YourBank.

Why does it matter? For finance and high-trust use cases, # Sender ID is becoming a baseline customer expectation. We handle alphanumeric and OFCA # registration, content review, and naming advice — you just provide company details.

How fast can my dev team integrate? +

After signup you can configure the API quickly and send a test SMS or MMS from the admin dashboard in one click. Most teams start integration with our 4-language sample code right away. A named integration engineer is assigned within 24 hours when you need help with blockers.

Do you submit every send request I make? +

Yes. That's our full submission pledge: every send request your API makes that we accept is submitted to the carrier network — counts you can reconcile against your own request logs in the dashboard, with exports for audit. Whether the carrier then delivers to the handset is reported honestly via DLR; we don't silently drop or shave volume before it leaves our platform. See the Honest Delivery Standard.

Do you really refuse grey routes? +

Yes — and we're happy to explain what they are. A grey route is a cheaper third-party hop that disguises sender identity. Carriers can detect and block them, hurting delivery rates silently. Our SMS and MMS routes are SS7-direct with the carrier, which costs more per message but produces honest DLRs.

Can one account send to other regions? +

Yes — one account, one API (SMS). We handle compliance registration and pre-approval for each region (852 · 886 · 86 and beyond). Timelines vary by region — contact us for a specific estimate.

Ready to get started?

Contact us — send soon after a quick account setup. Free trial credit lets you integrate first and confirm the platform fits your use case.

Talk to us See pricing