What do you mean by API Security?


It is an option that allows you to send your messages only through whitelisted IPs via API.

If API security is enabled and you try to send the SMS via any other IP then those requests will be rejected with error code 418. 


Let us begin with how you can enable the API Security in your account -

1. Log in to the MSG91 panel. Select the Authkey option from the top row. You can also select it from the username dropdown or from the bottom left if you are inside any service dashboard.

2. Enter the registered mobile number and verify with the OTP you will receive on the registered number.

3. Now, select the arrow under the Actions tab of the authkey you wish to enable the IP security in. You can enable/disable the IP security from the toggle. Enter the IPs that you wish to whitelist for that particular authkey in the Whitelisted IPs section. The IPs that you have whitelisted for the company will be visible under the Company's whitelisted IPs section at the bottom.

4. The IPs you whitelist in the Company's whitelisted IPs then they will be whitelisted for all the authkeys created in your MSG91 account. The Recent IPs will show you the IPs from which we have recently received the submissions from your account. You can whitelist them by the + icon given beside them.


-> We support IPV6 & IPV4 addresses both. Eg: 2001:db8:3333:4444:5555:6666:7777:8888 (IPV6), 192.0. 2.146 (IPV4)

-> We strongly recommend you to keep it enabled as this provides an extra layer of security to your account.

-> If still you do not wish to have this security feature, you can disable it from the toggle in the authkey.

By doing so, the API will be called by any IP address that is not whitelisted, and MSG91 cannot be held liable for any spamming/fraudulent activities using the API.

How to check from which IP the API requests are failing -

1.  Goto the SMS section from your MSG91 Dashboard.

2. Select the Failed Logs section from the sidebar. The list of IPs by which the APIs got failed & you received the 418 error code is also available on the MSG91 Dashboard that you can copy & whitelist under Authkey section. 

2. We always send alerts on your registered mail ID as well as mobile number, when the API gets failed with 418 error i.e. API security is enabled and you try to call the API via any other IP then, those requests will be rejected.


-> We also send alerts on the registered email ID when any changes been made in API security option of your MSG91 account that is new IP is Added, any IP is Deleted, Additional Security is Enabled, and Additional Security is Disabled.