Hello,

I guess it depends on exactly what you mean, but all of AT&T's APIs require HTTPS protocol, which is a secure connection to AT&T's servers. After it hits the servers, it will be on a secure network.

Does that help?

Cheers,

     --brett

Thanks  for the response.

I was speaking of when the SMS/MMS is sent using SMPP. My understanding was that shortcodes use SMPP while longcodes use SMTP(?) Is this correct?

>>AT&T's APIs require HTTPS protocol, which is a secure connection to AT&T's servers.

Can the APIs be called using a AJAX-like scenario - or - from javascript?

TIA

Hello,

Ok. So, from your application, all requests are sent using REST. This is intentional so that the developer doesn't need to know SMPP or MM7. Our gateway takes care of the underlining protocol for you. And after it hits our gateway, it's on AT&T's internal network, which is secure.

SMPP - This is a binary protocol used for external applications (ESMEs) to send/receive SMS messages to a messaging infrastructure (i.e. SMSC).

MM7 - This is a XML based protocol used for external applications to send/receive MMS messages to a message infrastructure (i.e. MMSC).

You will never have to worry about the above 2 protocols, since AT&T does the transformations for you from REST to SMPP/MM7.

Our APIs are just REST requests so can be called from Javascript and through AJAX.

Hope that helps,

     --brett

Hello and thanks for the response :)

Almost there. Have 2 more questions. I found the following items:

>> http://dspace.cityu.edu.hk/handle/2031/6414

However, SMS and MMS are facing significant security challenges. Today since content of most messages sent through the services is totally plain, SMS and MMS messages may be read by unauthorized and unwanted people when they are being transmitted or stored somewhere.

>> http://stackoverflow.com/questions/4164669/sms-encryption-over-gsm

A5/1 is being used on the radio link between mobile and base station controller (BSC, the network entity entity that manages the radio resources). The radio link transports a couple of higher level protocols, among them MAP which is used to transport SMS.

>> http://en.wikipedia.org/wiki/A5/1

or SMS encrypted with A5/1

With that said, 

QUESTION: When one uses the AT&T network and sends out SMS/MMS messages (that are not using the AT&T API), are they A5/1 encrypted?

Finally,

>> http://developer.att.com/developer/forward.jsp?passedItemId=10100299

Multimedia Messaging Service (MMS) greatly enhances the power of your communications by moving beyond the text-only capabilities of Short Message Service (SMS) messaging. With MMS, users can send messages from their mobile device to your application ("mobile originate")

 My understanding is that this refers to the following scenario:
CLIENT      : Browser-written code (written by us) running on any network/phone
SERVER     : on AT&T network - it is to receive the MMS/SMS sent by the client.
QUESTION: The client can only be a part of the AT&T network - right? In other words, this API is only available to AT&T customers

while the API below:
>>https://gsma.securespsite.com/access/default.aspx
Is usable by all customers (AT&T, Verizon, Cricket, etc.)

Is this correct?

Thanks again for your input.

Best regards.

For your first question, I will need to get back to you.

Your second question:

First off, the server could be the developer's server. Imagine some alert service that sends weather updates to phones via SMS/MMS. Those alerts could originate from a developer's server application. Or a voting application, where the user sends a SMS to a shortcode with a certain message. That message would route to the application's server.

In order to use our APIs, then the end customers need to be AT&T customers. Note that the GSMA OneAPI is just a specification, and most of our APIs implement that specification as well. It's just a common API that all carriers may use. However, the FQDN would be different for each of the carriers that support GSMA OneAPI.

Thanks again for your resonses.

Will be looking forward to the answer to the first question :smileywink:

Hi there, below you wrote:

In order to use our APIs, then the end customers need to be AT&T customers.

So, in the case of voting with a shortcode, the customer would be charged for sending the text and the application developer would be charged for receiving the text?

TIA

Hi again,

And what about an answer to the first question ...

TIA

Hello,

The customer would be charged the standard text messaging charges. Currently, the platform does not charge the appication developer for text messages.

Cheers,

    --brett