This guide provides a step-by-step walkthrough for building a Node.js application using the Express framework to both send outbound SMS messages and receive inbound SMS messages via the Vonage Messages API. We will cover project setup, sending messages, handling incoming messages via webhooks, configuration, error handling, and deployment considerations.

By the end of this tutorial, you will have a functional Node.js application capable of:

1. Sending SMS messages programmatically using the Vonage Messages API.
2. Receiving incoming SMS messages sent to your Vonage virtual number via webhooks.
3. Handling API credentials securely.
4. Understanding the basic requirements for deploying such an application.

Project Overview and Goals

What we're building: A simple Node.js and Express application that serves two primary functions:

• A script to send an SMS message to a specified phone number.
• An HTTP server that listens for incoming SMS messages delivered by Vonage via webhooks.

Problem solved: This application provides the foundation for integrating SMS communication into Node.js projects. It enables developers to programmatically send notifications, alerts, or marketing messages, and to process responses or commands received via SMS.

Technologies used:

• Node.js: A JavaScript runtime environment for executing server-side code.
• Express: A minimal and flexible Node.js web application framework used here to create webhook endpoints.
• Vonage Messages API: A multi-channel API provided by Vonage for sending and receiving messages via SMS, MMS, WhatsApp, and more. We will focus on SMS.
• Vonage Node.js SDK (@vonage/server-sdk): Simplifies interaction with the Vonage APIs.
• dotenv: A module to load environment variables from a .env file for secure credential management.
• ngrok: A tool to expose local servers to the internet, essential for testing webhooks during development. (Note: Not suitable for production deployments).

System architecture:

+-----------------+      +-----------------------+      +----------------+
| Node.js App     |----->| Vonage Messages API   |----->| User's Phone   |
| (Send Script)   |<-----| (Send SMS Request)    |<-----| (Receives SMS) |
+-----------------+      +-----------------------+      +----------------+
       ^                                                      |
       | (Webhook POST)                                       | (Sends SMS)
       |                                                      v
+-----------------+      +-----------------------+      +----------------+
| Node.js App     |<-----| Vonage Messages API   |<-----| User's Phone   |
| (Express Server)|      | (Inbound Webhook)     |      |                |
+-----------------+      +-----------------------+      +----------------+

Prerequisites:

• A Vonage API account. Sign up if you don't have one.
• Node.js and npm (or yarn) installed locally.
• A Vonage virtual phone number capable of sending/receiving SMS. You can purchase one from the Vonage Dashboard.
• ngrok installed locally and a free ngrok account (for testing webhooks).
• Basic familiarity with JavaScript and the command line.

1. Setting up the Project

Let's initialize our Node.js project and install the necessary dependencies.

1. Create a project directory:

   bash

   mkdir vonage-sms-app
   cd vonage-sms-app
   

2. Initialize the Node.js project: This creates a package.json file.

   bash

   npm init -y
   

3. Install dependencies:

   • @vonage/server-sdk: The Vonage Node.js library.
   • express: The web framework for handling webhooks.
   • dotenv: To manage environment variables securely.
   bash

   npm install @vonage/server-sdk express dotenv
   

4. Create project files: We'll need a few files to organize our code and configuration.

   bash

   touch .env index.js server.js .gitignore
   
   • .env: Stores sensitive credentials and configuration. Never commit this file to version control.
   • index.js: Will contain the logic for sending SMS messages.
   • server.js: Will contain the Express server logic for receiving SMS messages via webhooks.
   • .gitignore: Specifies intentionally untracked files that Git should ignore.

5. Configure .gitignore: Add node_modules and .env to your .gitignore file to prevent committing them.

   node_modules/
   .env
   

6. Set up environment variables (.env): You need several pieces of information from your Vonage account. Populate the .env file with the following keys_ replacing the placeholder values with your actual credentials.

   bash

   # Vonage API Credentials (Find on Vonage Dashboard homepage)
   VONAGE_API_KEY=YOUR_API_KEY
   VONAGE_API_SECRET=YOUR_API_SECRET
   
   # Vonage Application Credentials (Generated when creating a Vonage Application)
   VONAGE_APPLICATION_ID=YOUR_APPLICATION_ID
   VONAGE_PRIVATE_KEY_PATH=./private.key # Path to your downloaded private key file
   
   # Vonage Virtual Number (Purchase from Dashboard -> Numbers)
   VONAGE_NUMBER=YOUR_VONAGE_VIRTUAL_NUMBER
   
   # Test Recipient Number (For sending test messages)
   TEST_RECIPIENT_NUMBER=E164_FORMATTED_PHONE_NUMBER # e.g., 14155552671
   
   # Server Port (For the Express webhook receiver)
   PORT=3000
   

   How to get these values:

   • VONAGE_API_KEY & VONAGE_API_SECRET: Found directly on your Vonage API Dashboard homepage.
   • VONAGE_APPLICATION_ID & VONAGE_PRIVATE_KEY_PATH: You will generate these in the ""Integrating with Vonage"" section below when creating a Vonage Application. When you generate the keys, a private.key file will be downloaded. It's recommended to place this file in your project's root directory and ensure the VONAGE_PRIVATE_KEY_PATH in your .env file matches this location (e.g., ./private.key).
   • VONAGE_NUMBER: The Vonage virtual phone number you purchased, in E.164 format (e.g., 14155552671).
   • TEST_RECIPIENT_NUMBER: The phone number you want to send test SMS messages to, also in E.164 format.
   • PORT: The local port your Express server will listen on. 3000 is a common choice.

7. Configure Vonage Account for Messages API: It's crucial to ensure your Vonage account is configured to use the Messages API as the default for SMS, as this affects webhook formats and SDK usage.

   • Navigate to your Vonage API Dashboard.
   • Go to Settings.
   • Under API keys > SMS settings, ensure the default API for sending SMS messages is set to Messages API.
   • Click Save changes.

2. Implementing Core Functionality (Sending SMS)

Now, let's write the code to send an SMS message using the Vonage Node.js SDK and the Messages API.

Filename: index.js

// index.js
// Load environment variables from .env file
require('dotenv').config();

// Import the Vonage SDK
const { Vonage } = require('@vonage/server-sdk');
const { Auth } = require('@vonage/auth');

// Retrieve credentials from environment variables
const applicationId = process.env.VONAGE_APPLICATION_ID;
const privateKeyPath = process.env.VONAGE_PRIVATE_KEY_PATH;
const vonageNumber = process.env.VONAGE_NUMBER;
const recipientNumber = process.env.TEST_RECIPIENT_NUMBER; // Use the test number from .env

// --- Input Validation (Basic Example - Needs Improvement for Production) ---
// Ensure necessary environment variables are set
if (!applicationId || !privateKeyPath || !vonageNumber || !recipientNumber) {
    console.error(
        'Error: Missing required environment variables. Check your .env file.',
    );
    process.exit(1); // Exit if configuration is missing
}

// Very basic E.164 format check - NOT production-ready.
// Strongly recommend using a library like 'libphonenumber-js' for robust validation.
const e164Regex = /^\+?[1-9]\d{1,14}$/;
if (!e164Regex.test(recipientNumber) || !e164Regex.test(vonageNumber)) {
    // TODO: Replace basic regex with validation using libphonenumber-js for production
    console.error(
        'Error: Phone numbers failed basic E.164 format check (e.g., 14155552671). Use a dedicated library for production validation.',
    );
    process.exit(1);
}

// --- Initialize Vonage ---
// Use Application ID and Private Key for authentication with Messages API
const credentials = new Auth({
    applicationId: applicationId,
    privateKey: privateKeyPath, // SDK reads the file path
});
const options = {}; // Optional configuration options for the SDK
const vonage = new Vonage(credentials, options);

// --- Define Message Content ---
const messageText = `Hello from Vonage! This message was sent using Node.js on ${new Date().toLocaleTimeString()}.`;

// --- Send SMS Function ---
async function sendSms() {
    console.log(`Attempting to send SMS from ${vonageNumber} to ${recipientNumber}...`);
    try {
        const resp = await vonage.messages.send({
            message_type: 'text',
            text: messageText,
            to: recipientNumber,
            from: vonageNumber,
            channel: 'sms', // Explicitly specify SMS channel
        });
        console.log(`Message sent successfully with Message UUID: ${resp.messageUuid}`);
    } catch (error) {
        console.error('Error sending SMS:');
        // Log detailed error information if available
        if (error.response) {
            console.error('Status:', error.response.status);
            console.error('Data:', error.response.data);
        } else {
            console.error(error.message);
        }
    }
}

// --- Execute Sending ---
sendSms();

Explanation:

1. require('dotenv').config(): Loads the variables from your .env file into process.env.
2. Import SDK: Imports the necessary Vonage class and Auth helper.
3. Retrieve Credentials: Reads the Application ID, private key path, Vonage number, and recipient number from process.env.
4. Input Validation: Basic checks ensure essential variables are present. The phone number check uses a very basic regex and includes a strong recommendation to use a dedicated library like libphonenumber-js for reliable production validation.
5. Initialize Vonage: Creates a Vonage client instance. Crucially, for the Messages API using Application ID/Private Key authentication, we pass an Auth object configured with these credentials.
6. Define Message: Sets the text content for the SMS. Note that SMS messages longer than 160 GSM-7 characters (or 70 UCS-2 characters for non-Latin scripts/emojis) will be split into multiple parts (multipart SMS), incurring charges for each part.
7. sendSms Function:
   • Uses an async function to handle the promise returned by the SDK.
   • Calls vonage.messages.send() with an object containing:
     • message_type: Set to text.
     • text: The message content.
     • to: The recipient's phone number.
     • from: Your Vonage virtual number.
     • channel: Explicitly set to sms.
   • Uses a try...catch block for error handling. It logs the messageUuid on success or detailed error information on failure.
8. Execute Sending: Calls the sendSms() function to initiate the process.

To run this script:

node index.js

If configured correctly, you should see the success message in your terminal, and the TEST_RECIPIENT_NUMBER should receive the SMS.

3. Building the API Layer (Receiving SMS via Webhooks)

To receive SMS messages sent to your Vonage number, Vonage needs a publicly accessible URL (a webhook endpoint) to send the message data to via an HTTP POST request. We'll use Express to create this endpoint.

Filename: server.js

// server.js
// Load environment variables from .env file
require('dotenv').config();

// Import Express
const express = require('express');
const { json, urlencoded } = express; // Import body parsing middleware

// Retrieve port from environment variables, default to 3000
const port = process.env.PORT || 3000;

// --- Create Express App ---
const app = express();

// --- Middleware ---
// Enable parsing of JSON request bodies
app.use(json());
// Enable parsing of URL-encoded request bodies (standard for webhooks)
app.use(urlencoded({ extended: true }));

// --- Webhook Endpoints ---

// 1. Inbound Message Webhook
// Vonage sends incoming SMS messages to this endpoint
app.post('/webhooks/inbound', (req, res) => {
    console.log('--- Inbound Message Received ---');
    console.log('Timestamp:', new Date().toISOString());
    console.log('Request Body:', JSON.stringify(req.body, null, 2)); // Pretty print JSON

    // Extract key information.
    // CRITICAL: Verify these field names against the current official Vonage Messages API
    // documentation for the inbound webhook payload, as API structures can change.
    const { msisdn, to, text, messageId, keyword } = req.body;
    console.log(`From: ${msisdn}`); // Sender's number
    console.log(`To: ${to}`);     // Your Vonage number
    console.log(`Text: ${text}`);
    console.log(`Message ID: ${messageId}`);
    if (keyword) {
        console.log(`Keyword: ${keyword}`); // Useful for shortcodes or specific triggers
    }

    // --- TODO: Add your business logic here ---
    // Examples:
    // - Store the message in a database
    // - Trigger a reply SMS
    // - Call another API
    // - Update user state

    // --- Acknowledge Receipt ---
    // Vonage requires a 200 OK response to confirm receipt.
    // Failure to respond or sending a non-200 status will cause Vonage to retry.
    console.log('Sending 200 OK response.');
    res.status(200).end();
});

// 2. Message Status Webhook
// Vonage sends delivery status updates to this endpoint
app.post('/webhooks/status', (req, res) => {
    console.log('--- Message Status Update Received ---');
    console.log('Timestamp:', new Date().toISOString());
    console.log('Request Body:', JSON.stringify(req.body, null, 2));

    // Extract key status information.
    // CRITICAL: Verify these field names against the current official Vonage Messages API
    // documentation for the status webhook payload, as API structures can change.
    const { message_uuid, status, timestamp, error } = req.body;
    console.log(`Message UUID: ${message_uuid}`);
    console.log(`Status: ${status}`); // e.g., 'delivered', 'failed', 'rejected'
    console.log(`Timestamp: ${timestamp}`);
    if (error) {
        console.error(`Error Code: ${error['error-code']}`);
        console.error(`Error Description: ${error['error-code-label']}`);
    }

    // --- TODO: Add status handling logic ---
    // Examples:
    // - Update message status in your database
    // - Trigger alerts on failure
    // - Analyze delivery rates

    // --- Acknowledge Receipt ---
    console.log('Sending 200 OK response.');
    res.status(200).end();
});

// --- Health Check Endpoint (Good Practice) ---
app.get('/health', (req, res) => {
    res.status(200).send('OK');
});

// --- Start Server ---
app.listen(port, () => {
    console.log(`Server listening for webhooks at http://localhost:${port}`);
    console.log(`Webhook endpoints:`);
    console.log(`  Inbound: POST /webhooks/inbound`);
    console.log(`  Status:  POST /webhooks/status`);
    console.log(`Health Check: GET /health`);
});

Explanation:

1. Load Env Vars & Imports: Similar to index.js, loads .env and imports express.
2. Get Port: Retrieves the PORT from environment variables.
3. Create App & Middleware: Initializes an Express application and applies crucial middleware:
   • express.json(): Parses incoming requests with JSON payloads.
   • express.urlencoded({ extended: true }): Parses incoming requests with URL-encoded payloads, common for webhook data.
4. /webhooks/inbound Endpoint (POST):
   • This route handles POST requests sent by Vonage when your number receives an SMS.
   • It logs the received request body (req.body). Crucially, it notes that developers must verify the extracted field names (msisdn, to, text, etc.) against the official Vonage Messages API documentation, as these can change.
   • It sends back a 200 OK status using res.status(200).end(). Vonage requires this acknowledgment. Failure to respond or returning an error status will cause Vonage to retry.
   • The // TODO: section marks where application-specific logic goes.
5. /webhooks/status Endpoint (POST):
   • This route handles POST requests with status updates for outbound messages.
   • It logs the status update (req.body) and extracts common fields (message_uuid, status, etc.), again emphasizing the need to verify field names against official documentation.
   • It also must return 200 OK.
   • The // TODO: section marks where status handling logic goes.
6. /health Endpoint (GET): A simple endpoint for monitoring.
7. app.listen: Starts the Express server on the specified port.

To run this server:

node server.js

The server is now running locally, but Vonage can't reach http://localhost:3000. We need ngrok for local development testing.

4. Integrating with Vonage (Application and Webhooks)

Now we tie everything together by creating a Vonage Application and configuring it to use our local server (via ngrok) for webhooks during development.

1. Start your local server: If it's not already running:

   bash

   node server.js
   

2. Start ngrok: Open a new terminal window/tab in the same project directory and run:

   bash

   ngrok http 3000
   

   (Replace 3000 if you used a different PORT in .env)

   ngrok will display output similar to this:

   Session Status                online
   Account                       Your Name (Plan: Free)
   Version                       x.x.x
   Region                        United States (us-cal-1)
   Web Interface                 http://127.0.0.1:4040
   Forwarding                    http://xxxxxxxxxxxx.ngrok.io -> http://localhost:3000
   Forwarding                    https://xxxxxxxxxxxx.ngrok.io -> http://localhost:3000
   
   Connections                   ttl     opn     rt1     rt5     p50     p90
                                 0       0       0.00    0.00    0.00    0.00
   

   Copy the https:// Forwarding URL (e.g., https://xxxxxxxxxxxx.ngrok.io). This is your temporary public URL for testing.

   Important: ngrok, especially the free tier with temporary URLs, is intended for development and testing only. It is not suitable for production environments. Production applications require a stable, publicly accessible HTTPS URL hosted on your deployment platform (see Section 12: Deployment).

3. Create a Vonage Application:

   • Go to your Vonage API Dashboard.
   • Navigate to Applications > Create a new application.
   • Give your application a Name (e.g., ""Node SMS App Tutorial"").
   • Click Generate public and private key. This will automatically download the private.key file. Save this file (as mentioned in Section 1, Step 6, place it in your project root or update .env). The public key is stored by Vonage.
   • Enable the Messages capability by toggling it on.
   • In the Messages capability section, enter your webhook URLs using the ngrok HTTPS URL:
     • Inbound URL: [Your Ngrok HTTPS URL]/webhooks/inbound (e.g., https://xxxxxxxxxxxx.ngrok.io/webhooks/inbound)
     • Status URL: [Your Ngrok HTTPS URL]/webhooks/status (e.g., https://xxxxxxxxxxxx.ngrok.io/webhooks/status)
     • Ensure the HTTP method selected for both is POST.
   • Scroll down and click Generate new application.
   • You will be shown your Application ID. Copy this value and paste it into your .env file for the VONAGE_APPLICATION_ID variable.

4. Link your Vonage Number:

   • On the Application page you were just redirected to (or by navigating back to Applications and clicking your new app), find the Link virtual numbers section.
   • Click Link next to the Vonage virtual number you want to use for this application (the one specified in VONAGE_NUMBER in your .env file).
   • Confirm the linking.

Your Vonage setup for development is now complete. The application uses your generated keys for authentication when sending messages (index.js) and will forward incoming messages and status updates to your ngrok URL, which tunnels them to your local server.js. Remember to update the webhook URLs to your production URL when deploying.

5. Implementing Proper Error Handling, Logging, and Retry Mechanisms

Our current code includes basic console.log and try...catch. Production systems require more robust approaches.

• Error Handling Strategy:
  • Sending (index.js): The try...catch block catches SDK errors. Examining error.response.status and error.response.data provides specific Vonage API error details. Log these clearly.
  • Receiving (server.js): Wrap your business logic within webhook handlers in try...catch. If your internal processing fails (e.g., DB error), log the error but still return 200 OK to Vonage to prevent retries for your internal issues. Handle the internal failure separately (e.g., queue for reprocessing). Returning 200 OK is generally the safest way to prevent unwanted Vonage retries.
• Logging:
  • Use a dedicated logging library (winston, pino) in production.
  • Configure log levels and use structured logging (JSON) for easier analysis.
  • Include context like messageId, message_uuid, msisdn, timestamp.
• Retry Mechanisms (Vonage & Your App):
  • Vonage automatically retries webhook delivery if your endpoint doesn't return 200 OK quickly.
  • Your Responsibility: Ensure endpoints respond quickly with 200 OK (use async processing if needed) and make handlers idempotent. Processing the same webhook multiple times should not cause errors or duplicate actions (e.g., check if a message with the incoming messageId (for inbound) or message_uuid (for status) has already been processed by querying your database before taking action).

6. Creating a Database Schema and Data Layer (Conceptual)

A real application would need a database.

• Potential Entities: Users/Contacts, Messages, Campaigns.
• Entity Relationship Diagram (Simplified): (Conceptual model linking campaigns, messages, contacts)
• Data Access: Use an ORM (Sequelize, Prisma) or query builder (Knex.js).
• Migrations: Use tools to manage schema changes.
• Sample Data: Scripts for populating test data.

7. Adding Security Features

Security is paramount.

• Input Validation & Sanitization: Use libraries (joi, express-validator) for all inputs. Validate phone numbers robustly (e.g., libphonenumber-js). Sanitize data before storage/display.
• Webhook Security:
  • Signature Verification (Essential for Production): Vonage can sign webhook requests (e.g., JWT, Basic Auth header signature) to verify their authenticity. Configure this in your Vonage Application settings. You must verify this signature in your webhook handler before processing the request to ensure it genuinely came from Vonage and not a malicious actor. Consult the official Vonage documentation and the Vonage Node.js SDK documentation for specific implementation guides and potential helper functions for verifying signatures within an Express application based on your chosen method (JWT is common).
• Credential Security: Use environment variables (.env locally, secure config management in deployment). Never commit secrets to Git.
• Rate Limiting: Implement rate limiting (express-rate-limit) on your API endpoints.
• Dependency Security: Regularly run npm audit and update dependencies.
• HTTPS: Always use HTTPS for webhook endpoints in production.

8. Handling Special Cases Relevant to the Domain

• Phone Number Formatting: Use and validate E.164 format consistently. Use libphonenumber-js for reliable parsing, formatting, and validation globally.
• Message Encoding & Emojis: Be aware of GSM-7 (160 chars) vs. UCS-2 (70 chars for emojis/non-Latin) encoding affecting message length and cost. The Messages API typically handles this.
• Message Concatenation: Vonage handles splitting long messages; your inbound webhook receives the full text.
• Opt-in/Opt-out & Compliance: Implement mechanisms (e.g., STOP keyword handling) and store consent status to comply with regulations (TCPA, GDPR).
• Delivery Statuses: Handle various statuses (delivered, failed, rejected, expired) from the status webhook appropriately, checking error codes for failures.
• Time Zones: Store timestamps (usually UTC from Vonage) in UTC; convert to local time only for display.

9. Implementing Performance Optimizations

• Asynchronous Processing: Use message queues (RabbitMQ, Redis, SQS) for long-running tasks in webhook handlers to ensure fast 200 OK responses.
• Batch Sending: Check Vonage docs for batch API options if sending bulk messages (the standard messages.send is single). Concurrent requests can also improve throughput.
• Database Indexing: Index tables (e.g., on messageId, vonageId, phoneNumber) for efficient queries.
• Caching: Cache frequently accessed data (Redis, Memcached).
• Load Testing: Use tools (k6, artillery) to test performance under load.

10. Adding Monitoring, Observability, and Analytics

• Health Checks: Implement comprehensive health checks beyond the basic /health.
• Performance Metrics: Use APM tools (Datadog, New Relic) to track latency, throughput, errors, resource usage.
• Error Tracking: Integrate services (Sentry, Rollbar) for exception aggregation and analysis.
• Logging Aggregation: Centralize structured logs (ELK, Datadog Logs, Splunk).
• Key Metrics Dashboard: Monitor messages sent/received, delivery rates, webhook latency/errors, resource usage.
• Alerting: Set up alerts for critical threshold breaches.

11. Troubleshooting and Caveats

• Invalid Credentials: Double-check .env variables and private.key path/permissions.
• Incorrect Phone Number Format: Verify E.164 format. Use libphonenumber-js for robust validation.
• Webhook Not Receiving Data: Check server.js is running, ngrok is active, the correct https:// ngrok URL (with paths /webhooks/inbound, /webhooks/status) is configured in Vonage (POST method), and inspect the ngrok web interface (http://127.0.0.1:4040) for incoming requests and responses.
• Webhook Receiving Data but Errors: Check handler logic, log req.body. Ensure you are verifying payload fields against current Vonage docs.
• Vonage Retrying Webhooks: Ensure your endpoint returns 200 OK quickly and consistently. Check for slow operations or unhandled errors. Implement idempotency checks.
• Messages API vs. SMS API: Ensure your code/config matches the API selected in Vonage settings (this guide uses Messages API).
• private.key Permissions: Ensure the Node.js process can read the key file.
• Rate Limits: Implement delays/throttling if hitting Vonage API limits.
• Number Capabilities: Verify the Vonage number is SMS-enabled for relevant regions and linked to the correct Application.
• ngrok Limitations: Free ngrok URLs are temporary and not for production. Paid plans offer stable subdomains, but a proper deployment host is standard for production (see Section 12).

12. Deployment and CI/CD

• Deployment Environment: Choose a host (Heroku, AWS, Google Cloud, DigitalOcean, etc.).
• Persistent URL: Replace the ngrok URL with your permanent public HTTPS deployment URL in the Vonage Application webhook configuration.
• Environment Variables: Configure secrets securely in your hosting environment.
• PORT: Ensure the app listens on the host's expected port (usually via process.env.PORT).
• Process Management: Use pm2 or similar for reliable Node.js process execution.
• CI/CD Pipeline (GitHub Actions, etc.): Automate checkout, dependency install (npm ci), linting/testing, building (if needed), and deploying to your host.
• Rollback Strategy: Plan for reverting deployments if issues arise.

13. Verification and Testing

1. Setup: Populate .env, place private.key, run npm install.
2. Start Services (Local Dev):
   • Terminal 1: node server.js
   • Terminal 2: ngrok http 3000 (Copy HTTPS URL)
3. Configure Vonage: Create/Update Application, link number, set webhook URLs (Inbound/Status POST) using the ngrok URL.
4. Test Sending:
   • Terminal 3: node index.js
   • Verify: Success log in terminal 3, SMS received on TEST_RECIPIENT_NUMBER, status webhook logs in terminal 1.
5. Test Receiving:
   • Send SMS to your VONAGE_NUMBER.
   • Verify: Inbound webhook logs in terminal 1 (showing sender number and text), check ngrok web interface for payload details.
6. Test Health Check: Access http://localhost:3000/health. Verify ""OK"" response.
7. (Optional) Automated Tests: Use Jest or Mocha/Chai with supertest (for endpoint testing) and SDK mocking to create unit and integration tests.

Conclusion

This guide provides a solid foundation for sending and receiving SMS messages using Node.js, Express, and Vonage. Remember to adapt the error handling, security (especially webhook signature verification), logging, validation (using dedicated libraries like libphonenumber-js), and data persistence strategies to meet the specific requirements of your production application. Always refer to the official Vonage API documentation for the most up-to-date information on API endpoints, request/response formats, security practices, and features.