Nexmo Inc.

Nexmo SMS API (1-way & 2-way including alerts & notifications)

Business can now programmatically send SMS to any mobile handset in the world. Nexmo removes the telecommunications complexity via a simple-to-use API, and automatically delivers via the best performing routes using Nexmo Adaptive Routing.

Use cases include:
• Alerts and Notifications
• 2-way communications with end-users
• Two-factor authentication

Features

  • Cloud-based (REST) SMS API
  • Global Connectivity with access to 1600+ networks
  • Direct-to-carrier connectivity allowing for better deliverability
  • Adaptive Routing automatically routes traffic to the best performing route
  • Persistent Sender ID: use the same number to facilitate conversations
  • Local Number Match: Local phone numbers to increase engagement
  • Advanced Content Delivery: automatically select the best route by content
  • Instant Provisioning and Management of Virtual Phone Numbers
  • Real-Time Analytics and Reporting

Benefits

  • Reach end-users all over the globe with high read rates
  • Remove the complexity of sending messages globally
  • Use a single API to engage with end-users
  • Conduct rich conversations with end-users using SMS
  • Use local numbers to communicate with end-users, high engagement
  • Everything is programatic, using an API to manage your campaign

Pricing

£0.025 to £0.029 per unit

Service documents

G-Cloud 10

762754516486910

Nexmo Inc.

Mark Summerson

+44 (0) 7802 466766

Mark.summerson@vonage.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Nexmo SMS is available as an extension to many third party platforms and services, examples include: Amazon Web Services (AWS), Amazon Simple Notification Server (SNS), Zoho, Salesforce, Zendesk, Telerivet, MailChimp, Campaign Monitor, JIRA, Sugar CRM, Freshdesk, Google Cloud, Desk.com, Magento, Microsoft Dynamics CRM, Miva Merchant, Heroku, Microsoft Azure, Confluence, Shopify
Cloud deployment model Public cloud
Service constraints None, features & restrictions are documentation in our knowledge base at https://help.nexmo.com/ and within the developer documentation at https://developer.nexmo.com/
System requirements HTTP REST API or web client support

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard Support Offering: During Monday to Friday High or Urgent priority tickets receive a response within 2 hours and Normal or Low priority tickets receive a response within 4 hours. During the weekend High or Urgent priority tickets receive a response within 4 hours whilst Normal or Low priority tickets will receive a response on Monday. Our Premium Support customers receive a response within 30 minutes for High or Urgent priority tickets and 1 hour for Normal or 2 hours for Low priority tickets, this response time is the same 24 hours a day and 7 days per week. https://www.nexmo.com/about-support/
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via Nexmo website
Web chat accessibility testing None
Onsite support No
Support levels We offer three levels of support; Standard Support - included at no cost and includes 24x7 email/web support. Standard Plus - which additionally includes Phone & Chat support at a cost of 1500 EUR/month. Premium Support - which adds faster response times and dedicated support engineer and custom monitoring at a cost of 5000 EUR/month. See - https://www.nexmo.com/about-support/ for details.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Nexmo provide an online service including all documentation and tutorials.

New users can sign-up for services for free and start testing at https://dashboard.nexmo.com/sign-up
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Application and account data is available anytime via Nexmo's Customer Dashboard and Reporting tools
End-of-contract process Customer may terminate its use of the Services any time for any reason, and may close its Account by following the instructions on the Site or by contacting Nexmo at support@nexmo.com. See - https://www.nexmo.com/terms-of-use

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards None or don’t know
Description of accessibility None
Accessibility testing None
API Yes
What users can and can't do using the API Nexmo offer a complete SMS service offering via API. Users can manage the complete service from provisioning, account management, through to message delivery and reporting all via real-time API's:
- 1-way & 2-way SMS messaging, delivery receipts
- 2FA Conversion API to benefit from patented adaptive routing
- Provisioning telephone numbers globally
- Account management, pricing, and payments
- Application configuration and management
- Real-time Reporting API documentation
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
API sandbox or test environment Yes
Customisation available No

Scaling

Scaling
Independence of resources We operate a globally scalable and flexible platform with spare capacity and the ability to load balance and throttle customer use of the APIs within known capacity parameters.

Analytics

Analytics
Service usage metrics Yes
Metrics types Inbound & Outbound message delivery
Delivery Status (Submitted, Delivered, Rejected, Expired)
Per Day/Week/Month/Year
Search by message/recipient, rejected messages
Detailed Submission records and Delivery Receipts
Quality (Success Ratio %, DLR Ratio %), by Country, by Network
2FA Conversion data (% Conversion, by Country, by Network)
Number Verification Success
Cost Reporting
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach See for further details https://www.nexmo.com/security-information
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Application and account data is available anytime via Nexmo's Customer Dashboard and Reporting tools. Reporting data can be downloaded in Excel format and is also available via a dedicated Reporting API.
Data export formats Other
Other data export formats
  • HTTP REST API
  • Microsoft Excel Open XML format (.xlsx)
Data import formats Other
Other data import formats HTTP REST API

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network Other
Other protection within supplier network Nexmo’s data processing environment is separated from the outside world and from the test environment with firewalls. Fine-grained segmentation inside production and test environments is achieved with the help of VLANs.

Availability and resilience

Availability and resilience
Guaranteed availability Nexmo shall use commercially reasonable efforts to ensure that the Nexmo Platform is available 99.99% of the time and has historically exceeded this target availability.
Approach to resilience Nexmo's platform resides in our suppliers data centres and has failover, DR and load-balancing attributes configured over the resilient infrastructures across our global data centres. Nexmo fails-over to a secondary environment within each data centre but also across region, providing true global redundancy.
Outage reporting Public dashboard https://www.nexmostatus.com/.

Subscription to alerts via email, SMS, Twitter, API (Webhook), RSS feed

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Management is done via SSH and authentication is performed by LDAP.
Access restriction testing frequency Never
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Securitymetrics
PCI DSS accreditation date 23/05/2018
What the PCI DSS doesn’t cover Nexmo is PCI Merchant compliant. Customers are responsible for PCI compliance of applications built using Nexmo's APIs.
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Nexmo ensures that we design our infrastructure and software with security in mind. We select datacenter providers with security compliance certification, and continuously review our system for vulnerabilities in-house and through 3rd parties.
We are planning to be SOC II type 2 compliant by Q4 2018, HITRUST compliant in Q4 2018, and ISO 27001 in 2019. For more information on Security processes see: https://www.nexmo.com/security-information
Information security policies and processes Nexmo takes data security very seriously. Nexmo’s servers are hosted by IBM Softlayer and AWS in data centres in Europe, the United States and SE Asia. Softlayer provides us with hardware, network connectivity and secure physical space relating to our customer data. Softlayer is compliant with ISO 27001, SOC 2 and other standards (see softlayer.com/compliance), and security information about their data centers can be found at http://www.softlayer.com/data-centers.

For more information on Nexmo Security see: https://www.nexmo.com/security-information

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Nexmo's development process is built on the principle of segregation of duties and employs mandatory reviews and approvals. Each change to production environment is submitted by Development, tested by Quality Assurance, and reviewed by Operations before deployment.

Web applications and APIs provided by Nexmo go through a rigid assessment process which includes review of security controls following the OWASP Application Security Verification Standard. Assessment is done by the external entity.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Nexmo employs a three-fold vulnerability management strategy which includes proactive updates of 3rd-party applications, internal monthly vulnerability scans, and external penetration tests. External penetration tests covering APIs, web applications, and SDKs are performed quarterly. External infrastructure vulnerability assessment is done annually.

Nexmo utilizes a risk-based approach to the patch management process and commits to mitigate vulnerabilities according to the following time frame:

Critical, CVSS Score > 8 - in 30 days
Severe, 4 ≤ CVSS Score ≤ 8 - in 90 days
Other - in the next patch cycle
Emergency patching - within 7 days.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Apart from system level logging to ensure traceability of account actions, Nexmo logs all API requests to recognize, investigate, and protect customers from fraudulent activity. Successful/unsuccessful authentication attempts are logged and investigated as appropriate. Actions performed using the customer dashboard are recorded. Internal administration activities are accessible only by authorized Nexmo personnel.

Nexmo monitors for attacks, with frequent scheduled checks. Services have attack detection logic implemented to detect malicious actions and fraudulent behaviour. Automatic account breach alerting is in place that look at public services for data breaches. Alerts are sent to the security team and follow incident management processes.
Incident management type Supplier-defined controls
Incident management approach Security incidents are managed through an incident report form within the ticketing system (JIRA), this records details of the incident and tracks the onward investigation until remediation actions can be put in place. Upon issue resolution, if necessary, the security team defines any further/longer-term remediation requirements, and assigns these to the appropriate team (e.g. operations, product engineering, etc). At each stage there are defined communications covering Identification, Investigation, Remediation, and Documentation (Reporting) of security incidents. Where customers are impacted; the “critical situations” team is notified (includes senior management), and Support communicates to affected customers, providing advisory, or specific remediation instructions.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.025 to £0.029 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial Nexmo offer free account sign-up, upon completion of which the account with receive €2 free credit for the purposes of trialling our CPaaS solution.
Link to free trial https://dashboard.nexmo.com/sign-up

Documents

Documents
Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑