Nexmo Inc.

Nexmo Voice API

Enable an enriched calling experience adding powerful voice features to your inbound and outbound calling through Nexmo's Voice API.


  • Cloud-based (REST) API
  • Direct to carrier connections with over 1600 global carriers
  • Instant Provisioning and Management of Virtual Phone Numbers
  • Real-Time Analytics and Reporting Dashboard
  • Uptime/availability 99.997%
  • Extensive language, accentuation and gender personalization
  • Digital capture and validation via DTMF
  • Private communication via proxied phone numbers
  • Split Audio Recording & Pre-call prompts
  • Websocket Connectivity


  • Telco grade infrastructure in the cloud
  • Easily integration of Voice communication into business workflows
  • Instant global call handling
  • Per-second billing model


£0.004 to £0.0209 per unit per minute

Service documents

G-Cloud 10


Nexmo Inc.

Mark Summerson

+44 (0) 7802 466766

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Exmo Voice is available as an extension to many third party platforms and services, including:

Amazon Web Services (AWS), Zoho, Salesforce, Zendesk, Telerivet, MailChimp, Campaign Monitor, JIRA, Sugar CRM, Freshdesk, Google Cloud,, Magento, Microsoft Dynamics CRM, Miva Merchant, Heroku, Microsoft Azure, Confluence, Shopify
Cloud deployment model Public cloud
Service constraints None, features & restrictions are documentation in our knowledge base at and within the developer documentation at
System requirements HTTP REST API or web client support

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard Support Offering: During Monday to Friday High or Urgent priority tickets receive a response within 2 hours and Normal or Low priority tickets receive a response within 4 hours. During the weekend High or Urgent priority tickets receive a response within 4 hours whilst Normal or Low priority tickets will receive a response on Monday. Our Premium Support customers receive a response within 30 minutes for High or Urgent priority tickets and 1 hour for Normal or 2 hours for Low priority tickets, this response time is the same 24 hours a day and 7 days per week.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via Nexmo website
Web chat accessibility testing None
Onsite support No
Support levels We offer three levels of support; Standard Support - included at no cost and includes 24x7 email/web support. Standard Plus - which additionally includes Phone & Chat support at a cost of 1500 EUR/month. Premium Support - which adds faster response times and dedicated support engineer and custom monitoring at a cost of 5000 EUR/month. See - for details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Nexmo provide an online service including all documentation and tutorials.

New users can sign-up for services for free and start testing at
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Application and account data is available anytime via Nexmo's Customer Dashboard and Reporting tools
End-of-contract process Customer may terminate its use of the Services any time for any reason, and may close its Account by following the instructions on the Site or by contacting Nexmo at See -

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility None
Accessibility testing None
What users can and can't do using the API Nexmo offer a complete Voice service offering that's only available via API. Users can manage the complete service from provisioning, account management, through to initiating outbound calls or receiving inbound calls and reporting all via real-time API's:
- Provisioning telephone numbers globally
- Interact and drive calls in real time through API's
- Support Text-to-Speech, IVR and Speech Self-Service, Voice Messaging, etc
- Account management, pricing, and payments
- Application configuration and management
- Real-time Reporting API
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available No


Independence of resources We operate a globally scalable and flexible platform with spare capacity and the ability to load balance and throttle customer use of the APIs within known capacity parameters.


Service usage metrics Yes
Metrics types Dashboard Analytics - Inbound & Outbound volumes & success
Download of Call Detail Records (CDR)
Search Calls
Call Quality (ASR, NER, PDD)
Real-time call flow reporting via API
Reporting API for historical downloads
Integration to your apps or 3rd party systems
SIP Reason Codes
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach See for further details
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Application and account data is available anytime via Nexmo's Customer Dashboard and Reporting tools. Reporting data can be downloaded in Excel format and is also available via a dedicated Reporting API.
Data export formats Other
Other data export formats
  • Microsoft Excel Open XML format (.xlsx)
Data import formats Other
Other data import formats HTTP REST API

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Nexmo’s data processing environment is separated from the outside world and from the test environment with firewalls. Fine-grained segmentation inside production and test environments is achieved with the help of VLANs.

Availability and resilience

Availability and resilience
Guaranteed availability Nexmo shall use commercially reasonable efforts to ensure that the Nexmo Platform is available 99.99% of the time and has historically exceeded this target availability.
Approach to resilience Nexmo's platform resides in our suppliers data centres and has failover, DR and load-balancing attributes configured over the resilient infrastructures across our global data centres. Nexmo fails-over to a secondary environment within each data centre but also across region, providing true global redundancy.
Outage reporting Public dashboard

Subscription to alerts via email, SMS, Twitter, API (Webhook), RSS feed

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Management is done via SSH and authentication is performed by LDAP.
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Securitymetrics
PCI DSS accreditation date 23/05/2018
What the PCI DSS doesn’t cover Nexmo is PCI Merchant compliant. Customers are responsible for PCI compliance of applications built using Nexmo's APIs.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Nexmo ensures that we design our infrastructure and software with security in mind. We select datacenter providers with security compliance certification, and continuously review our system for vulnerabilities in-house and through 3rd parties.
We are planning to be SOC II type 2 compliant by Q4 2018, HITRUST compliant in Q4 2018, and ISO 27001 in 2019. For more information on Security processes see:
Information security policies and processes Nexmo takes data security very seriously. Nexmo’s servers are hosted by IBM Softlayer and AWS in data centres in Europe, the United States and SE Asia. Softlayer provides us with hardware, network connectivity and secure physical space relating to our customer data. Softlayer is compliant with ISO 27001, SOC 2 and other standards (see, and security information about their data centers can be found at

For more information on Nexmo Security see:

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Nexmo's development process is built on the principle of segregation of duties and employs mandatory reviews and approvals. Each change to production environment is submitted by Development, tested by Quality Assurance, and reviewed by Operations before deployment.

Web applications and APIs provided by Nexmo go through a rigid assessment process which includes review of security controls following the OWASP Application Security Verification Standard. Assessment is done by the external entity.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Nexmo employs a three-fold vulnerability management strategy which includes proactive updates of 3rd-party applications, internal monthly vulnerability scans, and external penetration tests. External penetration tests covering APIs, web applications, and SDKs are performed quarterly. External infrastructure vulnerability assessment is done annually.

Nexmo utilizes a risk-based approach to the patch management process and commits to mitigate vulnerabilities according to the following time frame:

Critical, CVSS Score > 8 - in 30 days
Severe, 4 ≤ CVSS Score ≤ 8 - in 90 days
Other - in the next patch cycle
Emergency patching - within 7 days.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Apart from system level logging to ensure traceability of account actions, Nexmo logs all API requests to recognize, investigate, and protect customers from fraudulent activity. Successful/unsuccessful authentication attempts are logged and investigated as appropriate. Actions performed using the customer dashboard are recorded. Internal administration activities are accessible only by authorized Nexmo personnel.

Nexmo monitors for attacks, with frequent scheduled checks. Services have attack detection logic implemented to detect malicious actions and fraudulent behaviour. Automatic account breach alerting is in place that look at public services for data breaches. Alerts are sent to the security team and follow incident management processes.
Incident management type Supplier-defined controls
Incident management approach Security incidents are managed through an incident report form within the ticketing system (JIRA), this records details of the incident and tracks the onward investigation until remediation actions can be put in place. Upon issue resolution, if necessary, the security team defines any further/longer-term remediation requirements, and assigns these to the appropriate team (e.g. operations, product engineering, etc). At each stage there are defined communications covering Identification, Investigation, Remediation, and Documentation (Reporting) of security incidents. Where customers are impacted; the “critical situations” team is notified (includes senior management), and Support communicates to affected customers, providing advisory, or specific remediation instructions.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.004 to £0.0209 per unit per minute
Discount for educational organisations No
Free trial available Yes
Description of free trial Nexmo offer free account sign-up, upon completion of which the account with receive €2 free credit for the purposes of trialling our CPaaS solution.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑