Sign in with your access seed — that is all. No email, no password.
new here?
Two-factor authentication
Type the 6-digit code from your authenticator app, or any one of your recovery codes.
Create an anonymous account
No email, no password, no KYC. On the next step you get a seed phrase — that phrase is the entire account.
already have a seed?
Account Created
Your access seed:
Write this seed down now — it is shown only this once.
The seed is the one and only key to your account. Lose it and the balance is gone for good — there is no reset, no recovery and no support override.
SMS Verification API — SMSNoKYC
Automate OTP verification end to end. Claim virtual numbers across 190+ countries, read SMS codes within seconds, rent dedicated long-term lines, and drive every order through one REST surface — no API key, no KYC, paid in cryptocurrency.
Authentication required. Every request rides a session cookie, so you must be signed in to your SMSNoKYC account. Establish a session through the web interface or the auth endpoint before calling.
Why developers choose the SMSNoKYC API
SMSNoKYC is the most flexible SMS verification API for developers who need anonymity, global coverage and predictable pricing. Unlike legacy SMS-OTP providers that gate access behind enterprise contracts, monthly minimums and KYC questionnaires, SMSNoKYC works with any HTTPS client, charges strictly per-number, and accepts 20+ cryptocurrencies including Bitcoin, Monero, Ethereum, USDT, USDC, Solana, Litecoin, XRP, TRON and Toncoin.
Typical use cases include automating account signups for scaled QA, retrieving one-time passwords for headless agents and CI bots, validating phone-required flows in continuous integration, renting dedicated long-term numbers for Telegram or WhatsApp accounts that need uninterrupted SMS reception, and powering geo-distributed verification across 190+ countries with explicit operator-tier control — virtual, physical or premium.
Authentication
The API uses cookie-based session authentication. To authenticate programmatically:
Send a POST request to /auth-api.php with your seed phrase
Store the session cookie from the response
Include the cookie in all subsequent API requests
POST/auth-api.php
Authenticate with your seed phrase and establish a session.
Parameter
Type
Required
Description
action
string
required
Must be "login"
seed
string
required
Your 16-character access seed (e.g. AbC3-dEf4-gHj5-kLm6)
cURL
Python
JavaScript
# Login and save session cookie
curl -X POST https://smsnokyc.com/auth-api.php \
-d "action=login&seed=AbC3-dEf4-gHj5-kLm6" \
-c cookies.txt
import requests
session = requests.Session()
resp = session.post("https://smsnokyc.com/auth-api.php", data={
"action": "login",
"seed": "AbC3-dEf4-gHj5-kLm6"
})
data = resp.json()
print(data) # {"success": true, "user": {...}}# session object now holds the cookie for all future requests
All responses are JSON. POST endpoints accept both application/json and application/x-www-form-urlencoded request bodies.
Rate Limits
The API enforces the following rate limits:
Endpoint
Limit
Window
Authentication
5 attempts
15 minutes
All other endpoints
No hard limit
—
Rate limiting: Authentication is limited to 5 attempts per 15 minutes. Other endpoints are not currently rate-limited, but excessive usage may be throttled. Use reasonable request intervals.
Error Handling
All errors return a JSON object with an <code>error</code> field:
{
"error": "Description of what went wrong"
}
HTTP Code
Meaning
200
Success (check response body for application-level errors)
403
Invalid CSRF token
405
Wrong HTTP method (e.g. GET on a POST-only endpoint)
429
Rate limit exceeded
Common application-level errors:
Error
Cause
"Login required"
Session expired or not authenticated
"Insufficient balance"
Not enough funds — includes need and have fields
"Service not available for this country"
No stock or service inactive for the selected country
"Missing country or service"
Required parameters were not provided
List Countries
GET/api.php?action=countries
Returns all active countries with available virtual numbers. No authentication required.
resp = session.get("https://smsnokyc.com/api.php", params={"action": "countries"})
countries = resp.json()
for c in countries:
print(c["code"], c["name"])
const resp = await fetch("https://smsnokyc.com/api.php?action=countries");
const countries = await resp.json();
Operator types:virtual — VoIP numbers, cheapest, may be blocked by some services. physical — real SIM cards, higher success rate. premium — fastest delivery (~10s), highest success rate.
Buy Number (SMS Activation)
POST/api.php?action=buy
Purchase a virtual number for one-time SMS verification. The number is active for 20 minutes. If no SMS is received, your balance is automatically refunded.
Order statuses:active — waiting for SMS. completed — SMS received. cancelled — cancelled by user. refunded — auto-refunded (no SMS received before timeout). expired — timed out.
Here's a full Python example that authenticates, finds a service, buys a number, and polls for the SMS code:
Python
import requests, time
BASE = "https://smsnokyc.com"
SEED = "AbC3-dEf4-gHj5-kLm6"
s = requests.Session()
# 1. Authenticate
s.post(f"{BASE}/auth-api.php", data={"action": "login", "seed": SEED})
# 2. Check balance
user = s.get(f"{BASE}/api.php?action=user").json()
print(f"Balance: ${user['balance']}")
# 3. Get services for USA
services = s.get(f"{BASE}/api.php?action=services&country=us").json()
whatsapp = next(svc for svc in services if svc["name"] == "WhatsApp")
print(f"WhatsApp: ${whatsapp['price']} ({whatsapp['stock']} in stock)")
# 4. Buy a number
order = s.post(f"{BASE}/api.php?action=buy", json={
"country": "us",
"service_id": whatsapp["id"]
}).json()
print(f"Order #{order['order_id']} created")
# 5. Poll for SMS codefor _ in range(60):
orders = s.get(f"{BASE}/api.php?action=orders").json()
my_order = next(o for o in orders if o["id"] == order["order_id"])
if my_order["sms_code"]:
print(f"SMS code: {my_order['sms_code']}")
print(f"Phone: {my_order['phone_number']}")
breakprint("Waiting for SMS...")
time.sleep(5)
else:
print("Timeout — balance will be refunded automatically")
Frequently Asked Questions
What is the SMSNoKYC verification API for?
It opens the same catalogue the site uses to your own code: virtual numbers in 190+ countries for one-time OTP verification and for 7-to-90-day rentals. Over a plain JSON REST interface you can browse apps, read live prices, claim numbers, pull incoming codes and refund failed activations — no KYC, crypto-only billing.
Is an API key or OAuth token required?
No. Auth is a session cookie: POST your 16-character access seed once to /auth-api.php, then carry the returned cookie on every later call. Nothing to provision, rotate or revoke — you sign in once per session and stay signed in for the life of that cookie.
What does the API cost?
The API is free to call — no monthly fee, no subscription, no minimum volume. You pay only per number: one-time activations from $0.05, dedicated rentals from a few dollars for 7 days. Everything draws on your prepaid balance, and any activation that never receives an SMS is refunded on its own.
Which languages and frameworks can call it?
Anything that can make an HTTPS request works — Python (requests, httpx), Node.js (fetch, axios), Go, PHP, Ruby, Java, C#, cURL from Bash and the rest. The docs include copy-paste examples in cURL, Python and JavaScript, and a full OpenAPI 3.0 file at /openapi.json lets you generate a typed client in whatever language you prefer.
What if a verification code never arrives?
Each activation runs on a 20-minute window. If nothing lands before it closes, the order cancels itself and the full price returns to your balance — no ticket, no manual retry. You can spend that refunded balance right away on another number, perhaps on a different operator tier (virtual, physical or premium) for a better hit rate.
Does the API have rate limits?
Sign-in is capped at 5 tries per 15 minutes per IP to block seed guessing. The rest — catalogue, buy, orders, rentals — has no hard cap right now, but please keep intervals sensible: polling /api.php?action=orders every 3-5 seconds is ample for reading SMS, and sustained bursts past roughly 10 req/s may be throttled at the WAF.