Authentication
The LightSMS API uses MD5 signature-based authentication to secure all API requests. Every request must include your login, a timestamp, and a cryptographic signature generated from your API key.
How Authentication Works
LightSMS authentication requires three key components:
- Login - Your LightSMS account login (username)
- API Key - Your secret API key (used to generate signatures, never sent directly)
- Timestamp - Current UTC timestamp (valid for 10 seconds)
Security
Never expose your API key in client-side code or commit it to version control. The API key is used only to generate signatures and should never be sent as a request parameter.
Getting Your Credentials
To obtain your LightSMS API credentials:
- Create a LightSMS account - Follow the account setup guide
- Retrieve your credentials from LightSMS panel:
- Log in to LightSMS admin panel
- Navigate to MISC → API
- Your credentials will be displayed:
- Login (e.g.,
YourLogin) - API Key (e.g.,
your_api_key_here)
- Login (e.g.,
Alternatively, contact Paysera support if you need assistance:
- Email: [email protected]
- Phone: Contact Information
- Hours: Monday-Friday, 8:00-20:00 (EET)
Sandbox Access
LightSMS does not have a separate sandbox environment. All testing is done in the production environment with real charges. Start with small test messages to verify your integration.
Authentication Process
Step 1: Get Current Timestamp
All requests require a fresh timestamp that is valid for only 10 seconds.
Endpoint:
GET https://www.lightsms.com/external/get/timestamp.php
Example:
curl https://www.lightsms.com/external/get/timestamp.php
Response:
1732809600
Timestamp Validity
Timestamps expire after 10 seconds. If you get error code 5 (Invalid timestamp), request a new timestamp and retry.
Step 2: Create Signature
The signature ensures request integrity and authenticity.
Signature algorithm:
- Collect all request parameters (except
signature) - Sort parameters alphabetically by parameter name
- Concatenate parameter values (not keys) into a single string
- Append your API key to the end
- Calculate MD5 hash of the concatenated string
- Use lowercase hexadecimal format
Example parameters:
login: YourLogin
timestamp: 1732809600
return: json
Signature generation:
1. Sort alphabetically: login, return, timestamp
2. Concatenate values: "YourLogin" + "json" + "1732809600"
3. Append API key: "YourLoginjson1732809600" + "your_api_key_here"
4. MD5 hash: md5("YourLoginjson1732809600your_api_key_here")
5. Result: "abc123def456..." (32-character lowercase hex)
Code Examples
PHP
<?php
function getTimestamp() {
return trim(file_get_contents('https://www.lightsms.com/external/get/timestamp.php'));
}
function createSignature($params, $apiKey) {
// Sort parameters alphabetically
ksort($params);
// Concatenate values only
$concatenated = implode($params);
// Append API key and generate MD5
return md5($concatenated . $apiKey);
}
// Configuration
$login = 'YourLogin';
$apiKey = 'your_api_key_here';
// Get timestamp
$timestamp = getTimestamp();
// Prepare parameters (without signature)
$params = [
'login' => $login,
'timestamp' => $timestamp,
'return' => 'json'
];
// Generate signature
$signature = createSignature($params, $apiKey);
// Add signature to parameters
$params['signature'] = $signature;
// Make request
$url = 'https://www.lightsms.com/external/get/balance.php?' . http_build_query($params);
$response = file_get_contents($url);
echo $response;
?>
Python
import requests
import hashlib
from urllib.parse import urlencode
def get_timestamp():
response = requests.get('https://www.lightsms.com/external/get/timestamp.php')
return response.text.strip()
def create_signature(params, api_key):
# Sort parameters alphabetically
sorted_params = sorted(params.items())
# Concatenate values only
param_string = ''.join([str(value) for key, value in sorted_params])
# Append API key and generate MD5
signature_string = param_string + api_key
return hashlib.md5(signature_string.encode()).hexdigest()
# Configuration
LOGIN = 'YourLogin'
API_KEY = 'your_api_key_here'
# Get timestamp
timestamp = get_timestamp()
# Prepare parameters (without signature)
params = {
'login': LOGIN,
'timestamp': timestamp,
'return': 'json'
}
# Generate signature
signature = create_signature(params, API_KEY)
params['signature'] = signature
# Make request
url = f'https://www.lightsms.com/external/get/balance.php?{urlencode(params)}'
response = requests.get(url)
print(response.text)
JavaScript (Node.js)
const crypto = require('crypto');
const axios = require('axios');
async function getTimestamp() {
const response = await axios.get('https://www.lightsms.com/external/get/timestamp.php');
return response.data.trim();
}
function createSignature(params, apiKey) {
// Sort parameters alphabetically
const sortedKeys = Object.keys(params).sort();
// Concatenate values only
const paramString = sortedKeys.map(key => params[key]).join('');
// Append API key and generate MD5
const signatureString = paramString + apiKey;
return crypto.createHash('md5').update(signatureString).digest('hex');
}
// Configuration
const LOGIN = 'YourLogin';
const API_KEY = 'your_api_key_here';
(async () => {
// Get timestamp
const timestamp = await getTimestamp();
// Prepare parameters (without signature)
const params = {
login: LOGIN,
timestamp: timestamp,
return: 'json'
};
// Generate signature
const signature = createSignature(params, API_KEY);
params.signature = signature;
// Make request
const queryString = new URLSearchParams(params).toString();
const url = `https://www.lightsms.com/external/get/balance.php?${queryString}`;
const response = await axios.get(url);
console.log(response.data);
})();
Common Authentication Errors
Error 5: Invalid Timestamp
Problem: Timestamp is expired (older than 10 seconds)
Solutions:
- ✅ Get a fresh timestamp before each request
- ✅ Generate signature immediately after getting timestamp
- ✅ Don't cache timestamps
Error 6: Invalid Signature
Problem: Signature doesn't match server calculation
Solutions:
- ✅ Sort parameters alphabetically by key name
- ✅ Concatenate only parameter values, not keys
- ✅ Append API key at the end (not at the beginning)
- ✅ Use lowercase MD5 hash
- ✅ Don't include
signatureparameter when generating signature
Example of correct signature generation:
// CORRECT ✅
$params = ['login' => 'User', 'timestamp' => '123', 'return' => 'json'];
ksort($params); // Alphabetical order
$concatenated = 'User' . 'json' . '123'; // Values only
$signature = md5($concatenated . $apiKey); // API key at end
// INCORRECT ❌
$concatenated = 'loginUser' . 'returnjson' . 'timestamp123'; // Don't include keys
$signature = md5($apiKey . $concatenated); // API key should be at end, not beginning
Error 7: Invalid Login
Problem: Login parameter is incorrect or account doesn't exist
Solutions:
- ✅ Double-check login spelling (case-sensitive)
- ✅ Ensure account is active
- ✅ Contact support to verify login
Error 24: Timestamp Not Specified
Problem: timestamp parameter is missing
Solution: Include timestamp in all requests
Request Format
All authenticated requests include these parameters:
| Parameter | Required | Description |
|---|---|---|
login | Yes | Your LightSMS login |
timestamp | Yes | UTC timestamp (valid for 10 seconds) |
signature | Yes | MD5 hash of parameters + API key |
return | No | Response format: json or xml (default: plain text) |
Example request:
GET https://www.lightsms.com/external/get/balance.php?login=YourLogin×tamp=1732809600&signature=abc123def456&return=json
Testing Authentication
Test your authentication with a simple balance check:
# 1. Get timestamp
TIMESTAMP=$(curl -s https://www.lightsms.com/external/get/timestamp.php)
# 2. Generate signature (requires your login and API key)
# See code examples above for signature generation
# 3. Check balance
curl "https://www.lightsms.com/external/get/balance.php?login=YourLogin×tamp=$TIMESTAMP&signature=$SIGNATURE&return=json"
Success response:
{
"money": "150.50",
"currency": "EUR"
}
Next Steps
Need Help?
If you encounter authentication issues:
- Email: [email protected]
- Phone: Contact Information
- Hours: Monday-Friday, 8:00-20:00 (EET)