Send SMS with Node.js, Express, and Vonage - code-examples -

This guide provides a complete walkthrough for building a Node.js application using the Express framework to send SMS messages via the Vonage API. We'll cover everything from initial project setup to handling credentials securely, sending messages, basic error handling, and testing.

By the end of this tutorial, you will have a functional Express API endpoint capable of accepting a recipient phone number and a message, and then using the Vonage API to deliver that message as an SMS.

This solution is ideal for applications needing programmatic SMS capabilities for notifications, alerts, two-factor authentication (though Vonage's Verify API is often better suited for 2FA), or other communication needs.

Project overview and goals

What we'll build:

A simple Node.js Express server with a single API endpoint (POST /send-sms). This endpoint will receive a destination phone number and a text message body, then use the Vonage Node.js SDK to send the SMS message.

Problem Solved:

This guide provides a foundational implementation for developers needing to integrate SMS sending capabilities into their Node.js applications quickly and reliably using a leading communication platform provider.

Technologies Used:

  • Node.js: A JavaScript runtime environment for building server-side applications.
  • Express.js: A minimal and flexible Node.js web application framework used to create the API endpoint.
  • Vonage API: A communication platform as a service (CPaaS) used for sending the SMS message. We will specifically use the Vonage SMS API via their Node.js SDK.
  • dotenv: A module to load environment variables from a .env file into process.env, keeping sensitive credentials out of the codebase.

System Architecture:

The flow is straightforward:

  1. A client (e.g., Postman, curl, another application) sends a POST request to the /send-sms endpoint of our Express server.
  2. The Express server parses the request body to get the recipient number and message text.
  3. The server uses the Vonage Node.js SDK, configured with your API credentials, to make a request to the Vonage SMS API.
  4. Vonage processes the request and sends the SMS message to the recipient's phone number.
  5. Vonage returns a response to our server, which then sends a response back to the original client.
[Client] ---- HTTP POST ----> [Node.js/Express App] -- Vonage SDK --> [Vonage API] ---> [Recipient Phone]
   |                                |                        ^
   <--- HTTP Response <---- [Server Response] <-------------| (API Response)

Prerequisites:

  • Node.js and npm: Installed on your system. You can download them from nodejs.org.
  • Vonage API Account: Sign up for a free account at Vonage API Dashboard. New accounts receive free credit for testing.
  • Vonage API Key and Secret: Found on the main page of your Vonage API Dashboard after signing in.
  • A Vonage Phone Number: You need to rent a virtual number from Vonage to send SMS messages from. You can do this in the Vonage Dashboard under Numbers > Buy numbers. Ensure the number is SMS-capable in your target region.
  • A Verified Test Phone Number (for trial accounts): If you are using a Vonage trial account, you can only send SMS to phone numbers that you have verified in the dashboard. Go to the Sandbox / Test Numbers page to add and verify numbers.
  • A Text Editor or IDE: Such as VS Code, Sublime Text, or WebStorm.
  • Basic Terminal/Command Line Knowledge.

1. Setting up the project

Let's initialize our Node.js project and install the necessary dependencies.

  1. Create a Project Directory: Open your terminal or command prompt and create a new directory for your project, then navigate into it.

    bash
    mkdir vonage-sms-guide
cd vonage-sms-guide

  2. Initialize the Node.js Project: This command creates a package.json file, which keeps track of your project's dependencies and other metadata. The -y flag accepts the default settings.

    bash
    npm init -y

  3. Install Dependencies: We need express for the web server, @vonage/server-sdk to interact with the Vonage API, and dotenv to manage environment variables.

    bash
    npm install express @vonage/server-sdk dotenv

    This command downloads the packages and adds them to your node_modules directory and lists them as dependencies in package.json.

  4. Create Core Files: Create the main application file and a file for environment variables.

    bash
    # On macOS/Linux
touch index.js .env .gitignore

# On Windows (Command Prompt)
type nul > index.js
type nul > .env
type nul > .gitignore

# On Windows (PowerShell)
New-Item index.js -ItemType File
New-Item .env -ItemType File
New-Item .gitignore -ItemType File

  5. Configure Environment Variables (.env): Open the .env file and add your Vonage API credentials and the Vonage number you rented. This file stores sensitive information securely, preventing it from being committed to version control.

    • VONAGE_API_KEY: Your API key from the Vonage Dashboard.
    • VONAGE_API_SECRET: Your API secret from the Vonage Dashboard.
    • VONAGE_FROM_NUMBER: The virtual phone number you rented from Vonage, which will appear as the sender ID. Use the number without any special characters or spaces (e.g., 14155550100).
    • PORT: The port your Express server will listen on (e.g., 3000).
    plaintext
    # .env
VONAGE_API_KEY=YOUR_VONAGE_API_KEY
VONAGE_API_SECRET=YOUR_VONAGE_API_SECRET
VONAGE_FROM_NUMBER=YOUR_VONAGE_VIRTUAL_NUMBER
PORT=3000

    Important: Replace the placeholder values with your actual credentials and number.

  6. Configure Git Ignore (.gitignore): To prevent accidentally committing your sensitive environment variables and the large node_modules directory, add them to the .gitignore file.

    plaintext
    # .gitignore
node_modules
.env

Your basic project structure is now set up.

2. Implementing the Express server and Vonage integration

Now, let's write the code for our Express server in index.js.

  1. Require Dependencies and Load Environment Variables: At the top of index.js, require the installed packages and immediately load the environment variables from the .env file using dotenv.config().

    javascript
    // index.js
const express = require('express');
const { Vonage } = require('@vonage/server-sdk');
require('dotenv').config(); // Loads .env file contents into process.env

// Check if essential environment variables are set
if (!process.env.VONAGE_API_KEY || !process.env.VONAGE_API_SECRET || !process.env.VONAGE_FROM_NUMBER) {
  console.error('Error: Missing Vonage API credentials or FROM number in .env file.');
  process.exit(1); // Exit the application if configuration is missing
}

    Why dotenv.config() first? It needs to run before you access process.env variables derived from the .env file. We also add a basic check to ensure critical variables are loaded.

  2. Initialize Express App and Vonage Client: Create an instance of the Express application and the Vonage SDK client, configuring the latter with your API key and secret from the environment variables.

    javascript
    // index.js (continued)
const app = express();
const port = process.env.PORT || 3000; // Use port from .env or default to 3000

const vonage = new Vonage({
  apiKey: process.env.VONAGE_API_KEY,
  apiSecret: process.env.VONAGE_API_SECRET
});

  3. Add Middleware: Configure Express to use middleware for parsing JSON request bodies. This is essential for reading data sent in the POST request.

    javascript
    // index.js (continued)
app.use(express.json()); // Parses incoming requests with JSON payloads
app.use(express.urlencoded({ extended: true })); // Parses incoming requests with URL-encoded payloads

  4. Create the SMS Sending Endpoint (/send-sms): Define a POST route that will handle requests to send SMS messages. This is the core logic of our application.

    javascript
    // index.js (continued)
app.post('/send-sms', async (req, res) => {
  // Basic input validation
  const { to, text } = req.body;
  if (!to || !text) {
    return res.status(400).json({ success: false, message: 'Missing `to` or `text` parameter in request body.' });
  }

  const from = process.env.VONAGE_FROM_NUMBER;

  try {
    const resp = await vonage.sms.send({ to, from, text });

    console.log('Message sent successfully:', resp);

    // Check response status from Vonage
    // Note: Vonage SMS API might return a 0 status even if delivery ultimately fails.
    // Delivery receipts (DLRs) are needed for confirmed delivery status.
    // The structure `resp.messages[0].status` might vary slightly based on SDK version or API response nuances.
    // It's good practice to check the specific response structure.
    if (resp.messages && resp.messages.length > 0 && resp.messages[0].status === '0') {
       res.status(200).json({
         success: true,
         message: 'SMS submitted successfully.',
         messageId: resp.messages[0]['message-id'] // Provide the message ID back to the client
       });
    } else {
      console.error('Vonage API reported an issue:', resp);
      // Extract error text if available
      const errorText = (resp.messages && resp.messages.length > 0) ? resp.messages[0]['error-text'] : 'Unknown Vonage API error';
       res.status(500).json({
         success: false,
         message: `Failed to send SMS. Vonage error: ${errorText}`,
         details: resp // Include the full response for debugging if needed
       });
    }

  } catch (error) {
    console.error('Error sending SMS:', error);
    res.status(500).json({ success: false, message: 'Internal server error while sending SMS.', error: error.message });
  }
});
    • Explanation:
      • We define an async function to use await for the asynchronous vonage.sms.send call.
      • Basic validation checks if to and text are present in the request body (req.body).
      • The from number is retrieved from environment variables.
      • vonage.sms.send({ to, from, text }) makes the API call. Note: We use vonage.sms.send here, which aligns with using the API Key/Secret for the simpler SMS API flow. The Vonage Messages API (vonage.messages.send) is more versatile for multiple channels but often uses Application ID/Private Key authentication, which adds setup complexity not covered in this basic guide.
      • A try...catch block handles potential network errors or issues within the SDK call itself.
      • We inspect the resp object from Vonage. A status of '0' generally indicates successful submission to the network. Non-zero statuses indicate errors (e.g., invalid number, insufficient funds). We return the Vonage message-id on success.
      • Appropriate JSON responses (success or error) are sent back to the client with relevant status codes (200, 400, 500).

  5. Start the Server: Add the code to make the Express application listen for incoming requests on the configured port.

    javascript
    // index.js (continued)
app.listen(port, () => {
  console.log(`Server listening at http://localhost:${port}`);
  console.log(`SMS sending endpoint available at POST http://localhost:${port}/send-sms`);
});

Your index.js file is now complete.

3. Running and testing the application

Let's run the server and test the SMS sending functionality.

  1. Run the Server: Open your terminal in the project directory (vonage-sms-guide) and run:

    bash
    node index.js

    You should see output indicating the server is running:

    Server listening at http://localhost:3000
SMS sending endpoint available at POST http://localhost:3000/send-sms

  2. Test with curl or Postman: You can use a tool like curl (command-line) or Postman (GUI) to send a POST request to your endpoint.

    Using curl: Replace YOUR_RECIPIENT_NUMBER with the phone number you want to send the SMS to (remember trial account restrictions: use a verified number). Format the number including the country code (e.g., 14155550123).

    bash
    curl -X POST http://localhost:3000/send-sms \
     -H 'Content-Type: application/json' \
     -d '{
           ""to"": ""YOUR_RECIPIENT_NUMBER"",
           ""text"": ""Hello from your Vonage Node.js App!""
         }'

    Using Postman:

    • Create a new request.
    • Set the method to POST.
    • Enter the URL: http://localhost:3000/send-sms.
    • Go to the Body tab, select raw, and choose JSON from the dropdown.
    • Enter the JSON payload:
      json
      {
  ""to"": ""YOUR_RECIPIENT_NUMBER"",
  ""text"": ""Hello from your Vonage Node.js App!""
}
    • Click Send.

  3. Check the Response:

    • Successful Submission: You should receive a JSON response similar to this with a 200 OK status:
      json
      {
  ""success"": true,
  ""message"": ""SMS submitted successfully."",
  ""messageId"": ""some-message-id-from-vonage""
}
      Check the recipient phone; the SMS should arrive shortly. You should also see confirmation logs in the terminal where node index.js is running.
    • Error Response: If something goes wrong (e.g., invalid credentials, incorrect 'to' number format, trial account restrictions), you'll get an error response with a non-200 status code:
      json
      // Example: Missing parameter
{
  ""success"": false,
  ""message"": ""Missing `to` or `text` parameter in request body.""
}
      json
      // Example: Vonage API error (e.g., non-whitelisted number)
{
    ""success"": false,
    ""message"": ""Failed to send SMS. Vonage error: Non White-listed Destination - rejected"",
    ""details"": { /* ... full Vonage response ... */ }
}
      json
      // Example: Internal server error
{
    ""success"": false,
    ""message"": ""Internal server error while sending SMS."",
    ""error"": ""Some specific error message""
}
      Check the terminal logs for more detailed error information.

4. Error handling and logging

Our current implementation includes basic try...catch blocks and logs errors to the console. For production systems, consider:

  • Structured Logging: Use libraries like Winston or Pino for structured logging (e.g., JSON format), which makes logs easier to parse and analyze, especially when sending them to log aggregation services (like Datadog, Splunk, ELK stack).
  • Centralized Logging: Configure your logger to send logs to a centralized platform instead of just console.log.
  • More Granular Error Handling: Check specific Vonage error codes (returned in the error-text or status fields) to provide more informative feedback or trigger specific actions (e.g., retry logic for temporary network issues, alerts for authentication failures). Refer to the Vonage SMS API documentation for a list of error codes.
  • Delivery Receipts (DLRs): Sending the message successfully only means Vonage accepted it. To confirm delivery to the handset, you need to set up a webhook endpoint to receive DLRs from Vonage. This is beyond the scope of this basic guide but crucial for reliable tracking.

5. Security considerations

  • API Key Security: Never commit your .env file or hardcode API keys/secrets directly in your source code. Use environment variables and ensure .env is in your .gitignore. In production environments, use your hosting provider's mechanism for managing secrets (e.g., AWS Secrets Manager, Heroku Config Vars, Kubernetes Secrets).
  • Input Validation: Our current validation is minimal. In a real application, you should perform more robust validation on the to phone number (e.g., check format using a library like libphonenumber-js) and sanitize the text input to prevent potential injection attacks if the text is ever displayed elsewhere.
  • Rate Limiting: Protect your endpoint from abuse by implementing rate limiting (e.g., using express-rate-limit). This prevents users from sending excessive numbers of messages rapidly.
  • Authentication/Authorization: The current endpoint is open. In a real application, you would protect this endpoint, ensuring only authorized users or services can trigger SMS sending. This might involve API keys, JWT tokens, or session-based authentication added as middleware to the Express route.

6. Troubleshooting and caveats

  • Non-Whitelisted Destination Error: This is the most common issue for trial accounts. Ensure the to number you are sending to has been added and verified in your Vonage Sandbox / Test Numbers page. You need to upgrade your account (add payment details) to send to any number.
  • Invalid Credentials: Double-check that VONAGE_API_KEY and VONAGE_API_SECRET in your .env file are correct and have no extra spaces.
  • Incorrect FROM Number: Ensure VONAGE_FROM_NUMBER is a valid number you rented from Vonage in the correct format (e.g., 14155550100).
  • Insufficient Funds: If your Vonage account runs out of credit, sending will fail. Check your balance in the dashboard.
  • Carrier Filtering: Sometimes, mobile carriers might filter messages, especially if they appear spammy. Ensure your content is appropriate and consider using features like Alphanumeric Sender IDs (where supported) or Short Codes for higher volume/better deliverability, although these involve additional setup and cost.
  • SDK/API Changes: APIs and SDKs evolve. While @vonage/server-sdk is stable, always refer to the official Vonage documentation for the latest methods and response structures.
  • SMS API vs. Messages API: This guide uses the simpler Vonage SMS API flow via vonage.sms.send(). For multi-channel messaging (WhatsApp, Facebook Messenger, MMS) or more advanced features, explore the Vonage Messages API and its corresponding SDK methods (like vonage.messages.send()), which typically use Application ID and Private Key authentication.

7. Deployment considerations

Deploying this application involves hosting it on a server or platform (like Heroku, Render, AWS EC2, Google Cloud Run, etc.). Key steps include:

  1. Environment Variables: Set the VONAGE_API_KEY, VONAGE_API_SECRET, and VONAGE_FROM_NUMBER as environment variables on your chosen hosting platform. Do not upload the .env file.
  2. Dependencies: Ensure npm install is run in the deployment environment to install dependencies.
  3. Starting the App: Configure the platform to run your application using node index.js.
  4. Port: Ensure your application listens on the port assigned by the hosting environment (often provided via a PORT environment variable, which our code already handles).

A Procfile for platforms like Heroku might look like this:

plaintext
web: node index.js

8. Complete code and repository

You can find the complete code for this guide in a dedicated repository. The repository includes index.js, package.json, .gitignore, and a .env.example file.

Next steps

Congratulations! You have successfully built a Node.js application capable of sending SMS messages using Express and the Vonage API.

From here, you could:

  • Implement webhook endpoints to receive incoming SMS messages or delivery receipts.
  • Integrate this functionality into a larger application.
  • Add more robust error handling, logging, and monitoring.
  • Build a frontend interface to interact with the API.
  • Explore the Vonage Messages API for multi-channel communication.

Frequently Asked Questions

Use the Vonage API and Express.js framework within your Node.js application. This involves setting up a POST route in Express to handle requests, and then utilizing the Vonage Node.js SDK to send messages via their SMS API. The server receives the recipient's number and message text, then uses Vonage to deliver the SMS.
The Vonage API, a Communication Platform as a Service (CPaaS), enables sending SMS messages programmatically. In Node.js, you interact with it using the Vonage Node.js Server SDK, which simplifies sending SMS messages, managing two-factor authentication, and other communication tasks. The article provides a tutorial on its usage for sending SMS.
Dotenv is a crucial module for storing sensitive information such as API keys and secrets as environment variables within a `.env` file. It's instrumental in keeping these credentials secure and outside your main codebase, protecting them from accidental exposure through version control systems like Git.
While you can use the Vonage SMS API for two-factor authentication (2FA), Vonage's Verify API is often better suited for this specific purpose. It provides more advanced 2FA features and simplifies the process, streamlining security implementations.
Store your Vonage `API_KEY`, `API_SECRET`, virtual `FROM_NUMBER`, and `PORT` within a `.env` file. Then, use `dotenv.config()` in your `index.js` file to load these variables into your Node.js environment so your application can use them to authenticate with Vonage and send messages.
You'll need `express` for creating the API endpoint, `@vonage/server-sdk` to interact with the Vonage APIs, and `dotenv` to manage your Vonage API credentials securely as environment variables.
Define a `POST` route handler in your Express app, typically at `/send-sms`. This endpoint receives the recipient's number (`to`) and the message body (`text`) as parameters in the request. Inside the handler, use the Vonage SDK to send the message using the provided parameters.
A '0' status from the Vonage SMS API usually indicates successful message *submission* to the network, not final delivery to the recipient. To get confirmed delivery status, you need to implement delivery receipts (DLRs) using webhooks. These provide real-time updates on the message status as it progresses.
No, trial accounts have restrictions. You can only send SMS to numbers you've specifically verified in the Vonage dashboard's Sandbox / Test Numbers page. To lift this restriction, you must upgrade to a paid Vonage account.
The `VONAGE_FROM_NUMBER` is your designated Vonage Virtual Number, which acts as the sender ID for your outgoing SMS messages. This number is what recipients will see as the source of the SMS.
The example code uses basic `try...catch` blocks. For production, use libraries like Winston or Pino for structured logs and send them to centralized logging services. Implement more detailed error handling by checking Vonage error codes (like 'Non White-listed Destination') returned in the API response and take appropriate actions (e.g., retries or alerts).
Once your Express server is running, use tools like `curl` or Postman to send `POST` requests to the `/send-sms` endpoint. The request body should be JSON formatted with the recipient's number (`to`) and message (`text`). Ensure your trial account numbers are whitelisted in the Vonage dashboard.
Never expose your API keys directly in your code. Always use environment variables (`.env` file) and make sure this file is included in your `.gitignore`. In production, manage secrets securely using your platform's specific mechanisms. Also implement input validation to prevent potential injection vulnerabilities and use rate limiting to protect against abuse.