Changelog

API-side changes. Format follows Keep a Changelog.

Unreleased

Planned

Webhook HMAC signing (X-Lisoloo-Signature, X-Lisoloo-Timestamp, HMAC-SHA256 of the body). Currently unimplemented; webhooks are authenticated via HTTP Basic only. See Webhooks overview for the current posture.
Cancel-window for instant sends. A cancel_within: 30s flag on POST /send to let you abort a freshly-queued instant send before carrier handoff.
OpenAPI 3.1 spec published at /openapi.yaml (this docs site already serves a hand-authored version).
Inbound SMS — two-way messaging for keyword campaigns. Will require a separate inbound endpoint registration in the portal.

[v1.0.0] — current

The current public surface. Four endpoints across the API reference: POST /send, GET /status/{message_id}, GET /balance, GET /health, plus the management endpoints DELETE /cancel/{id}, POST /pause/{id}, POST /resume/{id} for scheduled and recurring sends.

Features

app-key authentication. Single header, per-merchant, per-environment.
Two environments: sandbox and production. The base URL for each is shown on the Bloonio dev portal → Lisoloo → Developer → API keys page.
Three sending types: instant, scheduled, recurring.
Webhook delivery receipts at every state transition, with HTTP Basic auth and 4-attempt exponential backoff.
Per-API-key rate limits: 60/min on POST /send, 120/min on GET /status, 30/min on GET /balance, unlimited on GET /health.
Stable error catalogue: error_code values 1001–1599. See Errors.

Stable surface

These contracts are guaranteed within v1:

All endpoint paths and methods listed in the API reference.
The error_code catalogue — codes never change meaning.
Field types in request and response bodies.
Webhook event types (sms.queued, sms.processing, sms.sent, sms.delivered, sms.failed) and envelope shape.

Breaking changes will be released under /api/v2/lisoloo/sms-api/; the v1 surface will be deprecated with a minimum 6-month notice period.