Not sure which service might be the right one? Please visit our service comparison page!

Pay attention to off-the-shelf SMS scripts library as well.

Technical description

From technical point of view, sms:key is just a way of restricting user's ability to visit certain web-resources. In order to allow a user to view the restricted content, individual access passwords are generated; each one of these passwords can have a time and/or visit count limit, which is up to you to decide. Access for certain password is denied when the time is up or when the visit count limit is hit, whichever comes first. Be careful while adjusting the options though: note that when you change your sms:key settings, they will be applicable only for those users who signed up after  the change came into force.

Unique characteristics of sms:key are:

  • simplicity of installation (standard setup takes 5-10 minutes);
  • easiness of adaptation to the user's specific needs (it's possible not only to change the form appearance, but to replace the default form partially / totally with your own - without any functionality loss).

In order to set up sms:key service you should copy its' code in Control panel and paste it in the beginning of the page where the content is supposed to be hidden. Everything situated under the code wil be available to user only after he sends text message and activates secret code which he will get in reply message.

Sms:key service example

For sms:key service example click here. If you checked "Adult" check-box in the service's settings, then the result will slightly differ, as shown here.

Flash technology

Despite the fact that we do not provide a separate sms:key version for use on sites built entirely on Flash technology, you can use the following ActionScript code to check key passwords:

var key : String = new String("key id");
var pair : String = new String("password supplied by user");
var loadVars : LoadVars = new LoadVars();
loadVars.onLoad = function(success : Boolean) {
    if(success && loadVars.toString() == "true") {
        // password accepted
    } else {
        // password declined
loadVars.load("http://key." + key
    + "&s_pair=" + pair);

Note that you need to replace key id with your actual sms:key ID, to replace user password with the password supplied by the user, and following the password accepted and password declined comments, these situations should be handled accordingly - redirect to the restricted part of the website or inform of an error (for example, a suggestion to re-enter the password).

Code modifications

Default language setup

Russian is a default language set up in all our services. In case when part of your users are not Russian speakers, or you for some reason decide to change the default language of the service, simply replace request address in the above code from


(instead of english you can specify any other supported language).

Click here to see an example.

Version without styles

This modification is meant for closer integration with your resource structure and design. If the following parameter s_pure=1 ( is passed to the script, then the result will be that the actual HTML-layout request form will be displayed. This way, the external appearance of the form can be easily changed with the help of CSS. Click here to see an example. Click here to download default CSS.

Please note that default encoding for sms:key version without styles is windows-1251. It is possible to set encoding with the help of s_enc parameter (for example, ?s_enc=koi8-r).

// ****************** DESIGN STARTS HERE ******************
### SMS:Key v1.0.6 ###
$old_ua = @ini_set('user_agent', 'smscoin_key_1.0.6');
$key_id = <sms:key id>;
$response = @file("".$key_id
if ($response !== false) {
 if (count($response)>1 || $response[0] != 'true') {
  echo implode("", $response);
 } else{
// ****************** HIDDEN TEXT GOES HERE ******************
} else die('Не удалось запросить внешний сервер');
@ini_set('user_agent', $old_ua);
### SMS:Key end ###
// ****************** DESIGN END HERE ******************


The differential features of the script modification are the following:
  • the use of s_pure=1 parameter (the example of the parameter operation is provided here);
  • the possibility to specify the encoding by means of s_enc parameter (the encoding by default is windows-1251);
  • the possibility to use the design of the page top and foot;
  • the possibility to apply CSS for the form design (CSS used by default can be downloaded here);

in case of invalid access code the file processing isn't forcibly terminated.

If allow_url_fopen option is disabled

Some hostings disable the ability to send GET-request to remote script with the help of file() function. For such cases an alternative key code is available in this archive.

Your own interface display

When using sms:key, you're not only able to change the standard form appearance, but to display your own interface version as well. For password input display form replace the die(implode("", $response)); line with the following code:

die('<form action="http://'.$_SERVER["SERVER_NAME"]
.$_SERVER["REQUEST_URI"].'" method="get">
<input name="s_pair" type="text" value="" />
<input type="submit" value="Open" /></form>');

You can add necessary parameters here if needed, and if the password was entered correctly by the user, these parameters will be transferred to your code which follows sms:key.

To display instructions for sending an SMS, you will need a list of your sms:key rates. You can obtain this data in XML format according to address id/

and in JSON (JavaScript) format according to address id/

These addresses contain the entire identical information, the only difference is the way it is presented.

This data contains information about the short codes users have to send messages to (number field), and about keywords necessary to process the messages in our system (prefix field). In each country different short codes and keywords operate accordingly. In order for the message to be associated with your service, it should look like this

prefix key id

and should be sent to the short code operating within specific country according to the rate scale chosen by you.

If one of the countries doesn't appear in above-mentioned rate scale, that means the rate you have chosen during the setup process is unavailable within this specific country and that is why this country cannot be processed. Messages sent by the residents of this country will be ignored.

Detailed instructions for working with rates scales in XML and JSON formats could be found here

It is worth saying that all the above-mentioned updates are compatible with each other, e.g. you can use alternative key code while indicating the encoding, etc.

Remote sms:key handler

In standard sms:key version our server is responsible for issuing and verifying passwords. Given the popularity of sms:key services among our clients, we've created more flexible version of the above for those of you who possess good knowledge of WEB programming. The benefits of remote sms:key version as oppose to a standard one are:
- All passwords are stored and processed on your side, thus allowing you to locally manage user sessions;
- You can manage the appearance, as well as to some extent, functionality of the service;
- The service is most resistant to all sorts of attacks on our servers, network disruptions, etc.

Note: to be able to use the remote handler version of the key, one must understand the overall principle of how the scripts work on server side.

For more details about this sms:key version click here.


It is impossible to choose a country – the list is empty.

Please check the .htaccess file, it might contain rules which cut the parameters transferred to the script. Make sure that the rate chosen in sms:key settings is available at least in one of the countries. This kind of error often happens due to settings option which is set to "always use maximum rate", but "not more than" field is set to $0.

Page encoding is incorrect. What should I do?

Before the line die(implode(...)) in script code add the following line:
header('Content-Type: text/html; charset=utf-8');

I see a PHP code instead of password entry form.

Please make sure the file containing the key code ends with .php. Also make sure that your hosting supports PHP (contact the hosting support team to find out).

Share |