Send SMS Messages with Node.js, Express, and Vonage - code-examples -

This guide provides a complete walkthrough for building a simple Node.js and Express application capable of sending SMS messages using the Vonage SMS API. We will cover everything from project setup to deployment considerations and troubleshooting common issues.

By the end of this tutorial, you will have a functional API endpoint that accepts a phone number and message text, then uses the Vonage API to send an SMS. This serves as a foundational building block for applications requiring SMS notifications, user verification, or other communication features.

Project Overview and Goals

What We're Building:

A minimal REST API built with Node.js and Express. This API will expose a single endpoint (POST /send-sms) that takes a recipient phone number and a message body, and uses the Vonage Node.js SDK to send the SMS message via the Vonage SMS API. This guide focuses on the core functionality and provides a strong starting point; production deployments would require further enhancements in areas like security, error handling, and scalability (discussed later).

Problem Solved:

Provides a straightforward, server-side mechanism to programmatically send SMS messages, abstracting the direct interaction with the Vonage API into a simple API call within your infrastructure.

Technologies Used:

  • Node.js: A JavaScript runtime environment for executing server-side code.
  • Express: A minimal and flexible Node.js web application framework used to create the API endpoint.
  • Vonage Node.js SDK (@vonage/server-sdk): Simplifies interaction with Vonage APIs, handling authentication and request formatting.
  • Vonage SMS API: The underlying service used to dispatch SMS messages globally.
  • dotenv: A module to load environment variables from a .env file into process.env, keeping sensitive credentials out of the codebase.

System Architecture:

An HTTP client (like curl or a web application) sends a POST request to the /send-sms endpoint of the Node.js/Express API server. The server uses the Vonage SDK, configured with API credentials, to make a request to the Vonage SMS API. The Vonage API then sends the SMS message to the recipient's phone.

Prerequisites:

  1. Node.js and npm: Installed on your development machine. You can download them from nodejs.org.
  2. Vonage API Account: Sign up for free at Vonage API Dashboard. You'll receive some free credit for testing.
    • Important Trial Account Limitation: New Vonage accounts start on a trial basis. You must whitelist recipient phone numbers in the Vonage Dashboard before you can send SMS to them during the trial. See the 'Troubleshooting' section for details.
  3. Vonage API Key and Secret: Found on the main page of your Vonage API Dashboard after signing up.
  4. Vonage Virtual Number: You need a Vonage phone number capable of sending SMS. You can rent one from the Vonage Dashboard under ""Numbers"" > ""Buy numbers"". Note that trial accounts may have limitations on sending destinations (see Troubleshooting).
  5. (Optional) HTTP Client: Tools like curl or Postman for testing the API endpoint.

Expected Outcome:

A running Node.js server with an endpoint /send-sms. Sending a POST request to this endpoint with a valid to number and text will result in an SMS being sent to the recipient via Vonage.

1. Setting up the project

Let's initialize our Node.js project and install the necessary dependencies.

  1. Create Project Directory: Open your terminal or command prompt and create a new directory for the project, then navigate into it.

    mkdir vonage-sms-guide
cd vonage-sms-guide

  2. Initialize npm: Initialize the project using npm. The -y flag accepts the default settings.

    npm init -y

    This creates a package.json file to manage project dependencies and scripts.

  3. Install Dependencies: Install Express for the web server, the Vonage Server SDK, and dotenv for managing environment variables.

    npm install express @vonage/server-sdk dotenv

  4. Create Project Files: Create the main application file and a file for environment variables.

    touch index.js .env .gitignore

  5. Configure .gitignore: Add node_modules and .env to your .gitignore file. This prevents accidentally committing your dependencies folder and sensitive credentials to version control.

    # .gitignore

node_modules/
.env

  6. Configure Environment Variables (.env): Open the .env file and add your Vonage API credentials and virtual number. Replace the placeholder values with your actual credentials found in the Vonage Dashboard. Also, define a port for your server.

    # .env

# Found on your Vonage API Dashboard
VONAGE_API_KEY=YOUR_API_KEY
VONAGE_API_SECRET=YOUR_API_SECRET

# Your Vonage virtual number capable of sending SMS
VONAGE_VIRTUAL_NUMBER=YOUR_VONAGE_NUMBER

# Port for the Express server to listen on
PORT=3000
    • VONAGE_API_KEY / VONAGE_API_SECRET: Used by the SDK to authenticate requests to the Vonage API.
    • VONAGE_VIRTUAL_NUMBER: The "From" number that will appear on the recipient's phone. Must be a number associated with your Vonage account.
    • PORT: The local port your Express server will run on.

Project Structure:

Your project directory should now look like this:

vonage-sms-guide/
├── node_modules/
├── .env                # Stores API keys and secrets (DO NOT COMMIT)
├── .gitignore          # Specifies intentionally untracked files
├── index.js            # Main application code
├── package-lock.json   # Records exact dependency versions
└── package.json        # Project metadata and dependencies

This structure separates configuration (.env) from code (index.js) and keeps sensitive data secure.

2. Implementing core functionality (SMS Sending)

Now, let's write the code in index.js to set up the Express server, initialize the Vonage SDK, and create the function for sending SMS.

// index.js
'use strict';

// 1. Import necessary modules
require('dotenv').config(); // Load environment variables from .env file
const express = require('express');
const { Vonage } = require('@vonage/server-sdk');

// 2. Initialize Vonage SDK
// Ensure API Key and Secret are loaded from environment variables
const vonage = new Vonage({
  apiKey: process.env.VONAGE_API_KEY,
  apiSecret: process.env.VONAGE_API_SECRET
});

// 3. Initialize Express app
const app = express();
app.use(express.json()); // Middleware to parse JSON request bodies
app.use(express.urlencoded({ extended: true })); // Middleware for URL-encoded data

// 4. Define the SMS sending function
async function sendSms(recipient, message) {
  const from = process.env.VONAGE_VIRTUAL_NUMBER;
  const to = recipient;
  const text = message;

  try {
    // This specific method (`sms.send`) uses Vonage's older SMS API.
    // We chose it for this introductory guide due to its straightforwardness
    // for sending simple text messages, although Vonage also offers a newer,
    // more feature-rich Messages API.
    const responseData = await vonage.sms.send({ to, from, text });
    console.log(`Message sent successfully to ${to}. Message ID: ${responseData.messages[0]['message-id']}`);
    // Check status specifically - '0' indicates success
    if (responseData.messages[0]['status'] === '0') {
      return { success: true, data: responseData };
    } else {
      // Log the specific error text from Vonage
      const errorText = responseData.messages[0]['error-text'];
      console.error(`Message failed with error: ${errorText}`);
      return { success: false, message: `Message failed: ${errorText}` };
    }
  } catch (err) {
    // Catch errors during the API call (e.g., network issues, SDK errors)
    console.error(""Error sending SMS:"", err);
    // Provide a generic error message back, but log the detailed error
    return { success: false, message: 'Failed to send SMS due to an internal error.' };
  }
}

// 5. Define the API endpoint (Covered in next section)
// ... Endpoint code will go here ...

// 6. Start the server
const port = process.env.PORT || 3000; // Use port from .env or default to 3000
app.listen(port, () => {
  console.log(`Server listening at http://localhost:${port} on ${new Date().toLocaleString()}`);
  console.log(`Using Vonage Number: ${process.env.VONAGE_VIRTUAL_NUMBER}`);
  // Basic check for API credentials presence
  if (!process.env.VONAGE_API_KEY || !process.env.VONAGE_API_SECRET || !process.env.VONAGE_VIRTUAL_NUMBER) {
      console.warn(""***********************************************************************"");
      console.warn(""WARNING: Vonage API credentials or virtual number missing in .env file!"");
      console.warn(""SMS sending will likely fail. Please check your .env configuration."");
      console.warn(""***********************************************************************"");
  }
});

// Export the sendSms function if needed elsewhere (optional for this guide)
// module.exports = { sendSms };

Explanation:

  1. Imports: We import dotenv to load our credentials, express for the server, and the Vonage class from the SDK.
  2. Vonage Initialization: We create a new Vonage instance, passing our API key and secret loaded from process.env. The SDK handles authentication using these credentials.
  3. Express Initialization: We create an Express application instance and apply middleware (express.json, express.urlencoded) to parse incoming request bodies.
  4. sendSms Function:
    • This async function encapsulates the SMS sending logic.
    • It retrieves the from number from the environment variables.
    • It uses vonage.sms.send(), passing the to, from, and text parameters. We chose this method for simplicity in this guide.
    • Crucially, it checks the status property in the first message object of the response (responseData.messages[0]['status']). A status of '0' indicates success according to the Vonage API documentation for this method.
    • It handles both successful sends and API-level errors reported by Vonage (like invalid numbers, insufficient funds, etc.) by inspecting the response.
    • It includes a try...catch block to handle potential network errors or exceptions during the SDK call.
    • It returns an object indicating success: true or success: false along with relevant data or an error message.
  5. Server Start: The code retrieves the PORT from .env (defaulting to 3000 if not set) and starts the Express server, logging confirmation messages and a warning if credentials seem missing.

3. Building the API Layer

Now, let's add the actual API endpoint to index.js that will use our sendSms function. Add this code before the app.listen call (e.g., where the "// 5. Define the API endpoint" comment is).

// index.js (Add this section before app.listen)

// 5. Define the API endpoint
app.post('/send-sms', async (req, res) => {
  // Basic Input Validation
  const { to, text } = req.body;

  if (!to || !text) {
    console.warn('Received invalid request: Missing "to" or "text" field.');
    return res.status(400).json({
      success: false,
      message: 'Missing required fields: "to" (recipient phone number) and "text" (message body).'
    });
  }

  // Example: Basic E.164 format check
  const phoneRegex = /^\+[1-9]\d{1,14}$/;
  if (!phoneRegex.test(to)) {
      console.warn(`Received invalid phone number format: ${to}`);
      return res.status(400).json({
          success: false,
          message: 'Invalid phone number format. Please use E.164 format (e.g., +14155552671).'
      });
      // Note: Real-world phone number validation is complex due to varying lengths,
      // prefixes, and country-specific rules. For production, consider using a
      // dedicated library like 'google-libphonenumber'.
  }


  console.log(`Received request to send SMS to: ${to}`);

  // Call the SMS sending function
  const result = await sendSms(to, text);

  // Send response back to the client based on the result
  if (result.success) {
    res.status(200).json({
      success: true,
      message: 'SMS potentially sent successfully.', // Use 'potentially' as final delivery is asynchronous
      details: result.data // Include Vonage response details
    });
  } else {
    // Use 500 for internal errors, could use 400/502 for specific Vonage errors
    res.status(500).json({
      success: false,
      message: result.message // Forward the error message from sendSms
    });
  }
});

Explanation:

  1. Route Definition: app.post('/send-sms', ...) defines a route that listens for HTTP POST requests on the /send-sms path.
  2. Input Validation:
    • It extracts the to (recipient number) and text (message content) from the JSON request body (req.body).
    • It performs a basic check to ensure both fields are present. If not, it logs a warning and sends a 400 Bad Request response with an error message.
    • A simple regex check for E.164 phone number format is added. As noted, production validation should ideally be more robust.
  3. Call sendSms: It calls the sendSms function (defined earlier) with the validated to and text.
  4. Response Handling:
    • Based on the success property of the result object returned by sendSms, it sends an appropriate JSON response back to the client.
    • On success (200 OK), it includes a success message and the detailed response data from Vonage.
    • On failure (500 Internal Server Error), it includes the error message provided by the sendSms function. Note that the code uses a general 500 error; a more refined implementation might map specific Vonage errors to different HTTP status codes (like 400 or 502).

4. Integrating with Vonage (Recap)

Integration primarily happens during setup and initialization:

  1. Credentials: Securely stored in the .env file (VONAGE_API_KEY, VONAGE_API_SECRET, VONAGE_VIRTUAL_NUMBER).
  2. SDK Initialization: The Vonage SDK instance is created using these credentials in index.js.
  3. API Call: The vonage.sms.send() method handles the actual communication with the Vonage API endpoint, including authentication headers based on the initialized SDK.
  4. Dashboard Configuration (Important for Trial Accounts):
    • Log in to the Vonage API Dashboard.
    • Navigate to ""Numbers"" > ""Your numbers"" to confirm you have a virtual number capable of sending SMS.
    • If using a trial account: Navigate to your profile/settings or look for a ""Test Numbers"" section. You must add and verify any recipient phone numbers you want to send SMS to during the trial period. Sending to unverified numbers will fail. Upgrade your account by adding payment details to remove this restriction. This is a very common point of failure for beginners.
    • API Settings: Go to ""API settings"" in the dashboard. Ensure the ""Default SMS Setting"" is appropriate. While this guide uses the basic SMS API (vonage.sms.send), Vonage also has a newer ""Messages API"". For simple sending, either default works, but ensure your chosen number is compatible. If you were receiving messages, this setting would be more critical as it changes webhook formats.

5. Error Handling, Logging, and Retries

  • Error Handling:
    • The sendSms function uses try...catch to handle network or SDK-level errors during the API call.
    • It inspects the Vonage API response (responseData.messages[0].status and responseData.messages[0]['error-text']) to detect and report API-specific errors (e.g., invalid number, insufficient balance).
    • The API endpoint (/send-sms) returns appropriate HTTP status codes (400 for bad input, 500 for server/API errors, 200 for success).
  • Logging:
    • Basic console.log, console.warn, and console.error are used throughout index.js to provide visibility into the request flow, successful sends, and errors.
    • In production, you would replace console.* with a more robust logging library (like Winston or Pino) to log structured data (e.g., JSON) to files or logging services, allowing for easier searching and analysis. Example log points: receiving a request, validation failure, calling Vonage API, Vonage success response, Vonage error response, caught exceptions.
  • Retry Mechanisms:
    • This basic guide does not implement automatic retries.
    • For production systems, especially for transient network errors or specific Vonage rate-limiting errors (like status code 1), you might implement a retry strategy with exponential backoff using libraries like async-retry. This involves wrapping the vonage.sms.send() call in a retry loop that waits progressively longer between attempts for certain types of failures. Be cautious not to retry errors that are clearly permanent (e.g., invalid API key, invalid recipient number).

6. Database Schema

Not applicable for this simple SMS sending API. If you needed to track sent messages, store templates, or manage users, you would add a database (e.g., PostgreSQL, MongoDB) and a data layer (e.g., using an ORM like Prisma or Sequelize).

7. Security Features

  • Secrets Management: Handled via .env and .gitignore. In production, use environment variables provided by the deployment platform or a dedicated secrets manager.
  • Input Validation: Basic validation for to and text presence and format is included. Use libraries like joi or express-validator for more complex validation rules in production. Sanitize inputs if they are used in ways beyond direct API parameters (though not strictly necessary for to and text here).
  • Rate Limiting: Not implemented. Use middleware like express-rate-limit to prevent abuse of the API endpoint (e.g., limit requests per IP address).
  • Authentication/Authorization: The endpoint is currently open. In a real application, you would protect it using API keys, JWT tokens, or session authentication depending on who should be allowed to trigger SMS sends.

8. Special Cases

  • International Numbers: The E.164 format (+ followed by country code and number) is standard. Vonage handles routing based on this. Ensure your Vonage account/number is enabled for the destination countries.
  • Character Limits & Encoding: Standard SMS has character limits (160 GSM-7 chars, fewer for UCS-2). Longer messages may be split (concatenated SMS) by Vonage, potentially incurring costs for multiple message segments. Be mindful of message length. Special characters might force UCS-2 encoding, reducing the per-segment limit.
  • Delivery Reports (DLRs): This guide doesn't handle DLRs. You can configure a webhook URL in Vonage settings to receive status updates about message delivery (e.g., delivered, failed, rejected). This requires adding another endpoint to your Express app to receive these callbacks.

9. Performance Optimizations

Not critical for sending single SMS messages. If sending high volumes, consider:

  • Asynchronous Processing: Instead of waiting for the Vonage API call in the request handler, push the SMS task to a background job queue (e.g., using BullMQ with Redis) and return an immediate 202 Accepted response. A separate worker process would handle sending.
  • SDK Client Reuse: The vonage client is initialized once and reused, which is efficient.

10. Monitoring, Observability, Analytics

  • Logging: As discussed, use structured logging.
  • Health Checks: Add a simple /health endpoint that returns 200 OK for load balancers or monitoring systems.
  • Metrics: Track request counts, error rates, and latency for the /send-sms endpoint using monitoring tools (e.g., Prometheus/Grafana, Datadog). Track Vonage API call latency and success/error rates specifically.
  • Error Tracking: Use services like Sentry or Bugsnag to capture and aggregate runtime errors.

11. Troubleshooting and Caveats

  • Error: 401 Unauthorized (Authentication failed)
    • Cause: Incorrect VONAGE_API_KEY or VONAGE_API_SECRET in your .env file or environment variables.
    • Solution: Double-check your credentials in the .env file against the Vonage Dashboard. Ensure the .env file is being loaded correctly (require('dotenv').config(); is called early). Make sure there are no extra spaces or characters copied.
  • Error: Invalid 'From' number (or similar Vonage error text)
    • Cause: The VONAGE_VIRTUAL_NUMBER in your .env file is incorrect, not owned by your account, or not configured/capable of sending SMS.
    • Solution: Verify the number in the Vonage Dashboard under "Numbers" > "Your numbers". Ensure it's the correct E.164 format.
  • Error: Non-Whitelisted Destination (Status code 15 in Vonage response)
    • Cause: You are using a Vonage trial account and trying to send an SMS to a phone number that has not been added and verified in the "Test Numbers" list on your dashboard.
    • Solution: Add the recipient's phone number to the allowed list in your Vonage Dashboard settings, or upgrade your account by adding billing details. Remember this was mentioned in the Prerequisites.
  • Error: Missing Mandatory Field (e.g., Status code 4 or 5)
    • Cause: The to, from, or text parameter was likely missing or invalid when calling vonage.sms.send().
    • Solution: Check the sendSms function and the /send-sms endpoint logic to ensure all required parameters are correctly passed. Check logs for validation errors.
  • SMS Not Received, but API shows Success (status: '0')
    • Cause: Various reasons – carrier filtering, incorrect recipient number (but valid format), temporary network issues on the recipient side, destination country restrictions on your account.
    • Solution:
      • Verify the recipient number is correct and active.
      • Check Vonage Dashboard logs ("Logs" > "SMS") for more detailed delivery status or error codes.
      • Test sending to a different number or carrier if possible.
      • Ensure your Vonage account allows sending to the specific country.
      • Consider setting up Delivery Receipt (DLR) webhooks for detailed delivery status.
  • Caveat: Environment Variables Not Loading
    • Cause: require('dotenv').config(); was not called, called too late (after variables were accessed), or the .env file is not in the expected location (usually the project root where node is run).
    • Solution: Ensure require('dotenv').config(); is one of the very first lines in index.js. Verify the .env file location.
  • Caveat: Port Conflict (EADDRINUSE)
    • Cause: Another application is already running on the port specified in .env (or the default 3000).
    • Solution: Stop the other application or change the PORT value in your .env file to an available port.

12. Deployment and CI/CD

  • Deployment Platforms: You can deploy this Node.js application to various platforms like Heroku, Render, AWS Elastic Beanstalk, Google Cloud Run, or a traditional VPS.
  • Environment Variables: Crucially, do not include your .env file in your deployment package or commit it to Git. Configure the environment variables (VONAGE_API_KEY, VONAGE_API_SECRET, VONAGE_VIRTUAL_NUMBER, PORT, NODE_ENV=production) directly within your chosen deployment platform's settings interface or configuration files.
  • package.json Scripts: Add a start script to your package.json: 
    {
  ""scripts"": {
    ""start"": ""node index.js"",
    ""dev"": ""node --watch index.js""
  }
}
    Note: The dev script uses the built-in --watch flag (Requires Node.js v18.11.0+). For broader compatibility, consider using nodemon index.js (requires npm install --save-dev nodemon). Most platforms will automatically run npm start to launch your application.
  • CI/CD Pipeline (Example using GitHub Actions):
    1. Push code to a Git repository (e.g., GitHub, GitLab).
    2. Set up repository secrets for your Vonage credentials and any deployment keys.
    3. Create a workflow file (e.g., .github/workflows/deploy.yml) that:
      • Checks out the code.
      • Sets up Node.js.
      • Installs dependencies (npm ci - usually preferred in CI for using package-lock.json).
      • (Optional) Runs tests (npm test).
      • (Optional) Builds the application if needed.
      • Deploys to your chosen platform using the platform's CLI or specific GitHub Actions (e.g., actions/heroku-deploy, google-github-actions/deploy-cloudrun). Ensure environment variables are passed securely during deployment.
  • Rollback: Deployment procedures vary by platform. Most offer mechanisms to redeploy a previous version if a new deployment fails (e.g., Heroku's heroku rollback, AWS CodeDeploy strategies).

13. Verification and Testing

  1. Start the Server Locally: Ensure your .env file is correctly populated.

    node index.js

    You should see the "Server listening..." message in the console.

  2. Manual Testing (using curl): Open a new terminal window. Replace +14155550100 with a valid test number (whitelisted if using a trial account). The YOUR_VONAGE_NUMBER is implicitly used from the .env file on the server side as the 'from' number.

    curl -X POST http://localhost:3000/send-sms \
     -H "Content-Type: application/json" \
     -d '{
           "to": "+14155550100",
           "text": "Hello from your Node.js Vonage App!"
         }'

    Note: For adding a dynamic timestamp in Bash (Linux/macOS/WSL), you could modify the text value like "text": "Hello! Sent at: $(date)". This specific syntax won't work in standard Windows Command Prompt.

  3. Check Expected Output:

    • Terminal running the curl command:
      • Success: You should receive a JSON response like: 
        {
  "success": true,
  "message": "SMS potentially sent successfully.",
  "details": {
    "message-count": "1",
    "messages": [
      {
        "to": "14155550100",
        "message-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "status": "0",
        "remaining-balance": "x.xxxx",
        "message-price": "x.xxxx",
        "network": "xxxxx"
      }
    ]
  }
}
      • Failure (e.g., validation): 
        {
  "success": false,
  "message": "Missing required fields: \"to\" (recipient phone number) and \"text\" (message body)."
}
      • Failure (e.g., API error): 
        {
  "success": false,
  "message": "Message failed: Invalid Sender Address - rejected"
}
    • Terminal running the Node.js server (node index.js): Check the console logs for messages like "Received request...", "Message sent successfully...", or error details.
    • Recipient Phone: The test phone number should receive the SMS message.
    • Vonage Dashboard: Check the "Logs" > "SMS" section in your Vonage dashboard to see the record of the sent message and its status.

  4. Automated Testing (Suggestions):

    • Unit Tests: Use a testing framework like Jest or Mocha/Chai to test the sendSms function in isolation. You would mock the @vonage/server-sdk to avoid making actual API calls during tests. Test different inputs and expected success/failure scenarios based on mocked Vonage responses.
    • Integration Tests: Use a library like supertest to make actual HTTP requests to your running Express application (potentially using a test-specific configuration or mocking Vonage at a higher level). Test the /send-sms endpoint directly, validating request inputs, responses, and status codes.

This guide provides a solid foundation for sending SMS messages using Node.js, Express, and Vonage. Remember to adapt the error handling, security, logging, and deployment strategies to fit the specific requirements of your production application.