Analyze Single SMS

Submit an SMS message for real-time threat analysis. OrbGuard evaluates the sender, message body, embedded URLs, phone numbers, and language patterns to detect smishing, phishing, fraud, and social engineering attacks.

POST/api/v1/sms/analyze

Analyze a single SMS message for threats and scam patterns

Authentication:Bearer Token

Parameter	Type	Required	Description
`sender`	string	Required	The sender identifier (phone number, short code, or alphanumeric sender ID)
`body`	string	Required	The full text body of the SMS message
`timestamp`	string	Optional	ISO 8601 timestamp of when the message was received (e.g., 2026-02-08T10:30:00Z)
`device_id`	string	Optional	Unique identifier of the device that received the SMS

curl -X POST https://guard.orbai.world/api/v1/sms/analyze \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "sender": "+1-555-0199",
    "body": "URGENT: Your bank account has been compromised. Verify your identity immediately at https://secure-bank-verify.example.com/login or your account will be frozen.",
    "timestamp": "2026-02-08T10:30:00Z",
    "device_id": "pixel-8-abc123"
  }'

200SMS analysis complete - threat detected

{
  "id": "sms_a1b2c3d4e5f6",
  "message_id": null,
  "is_threat": true,
  "threat_level": "critical",
  "threat_type": "smishing",
  "confidence": 0.96,
  "description": "This SMS is a smishing (SMS phishing) attack impersonating a bank. It uses urgency and fear tactics to trick the recipient into clicking a malicious link that leads to a credential-harvesting page.",
  "recommendations": [
    "Do not click the link in this message.",
    "Do not reply to the sender.",
    "Block the sender number.",
    "Report this message to your carrier by forwarding it to 7726 (SPAM).",
    "Contact your bank directly using the number on your card if you are concerned about your account."
  ],
  "urls": [
    {
      "url": "https://secure-bank-verify.example.com/login",
      "is_malicious": true,
      "category": "phishing",
      "domain_age_days": 3
    }
  ],
  "phone_numbers": [],
  "pattern_matches": [
    "urgency_language",
    "bank_impersonation",
    "account_threat",
    "suspicious_url"
  ],
  "sender_analysis": {
    "number": "+1-555-0199",
    "type": "mobile",
    "is_known_scammer": false,
    "report_count": 0,
    "country": "US"
  },
  "intent_analysis": {
    "primary_intent": "credential_theft",
    "urgency_level": "high",
    "manipulation_technique": "fear_and_urgency",
    "target_action": "click_malicious_link"
  },
  "analyzed_at": "2026-02-08T10:30:02Z"
}

200SMS analysis complete - safe message

{
  "id": "sms_safe_7g8h9i0j",
  "message_id": null,
  "is_threat": false,
  "threat_level": "safe",
  "threat_type": null,
  "confidence": 0.99,
  "description": "This message appears to be a legitimate delivery notification from a known shipping carrier.",
  "recommendations": [],
  "urls": [
    {
      "url": "https://tracking.ups.com/track/12345",
      "is_malicious": false,
      "category": "safe",
      "domain_age_days": 9125
    }
  ],
  "phone_numbers": [],
  "pattern_matches": [],
  "sender_analysis": {
    "number": "UPS",
    "type": "alphanumeric",
    "is_known_scammer": false,
    "report_count": 0,
    "country": null
  },
  "intent_analysis": {
    "primary_intent": "notification",
    "urgency_level": "none",
    "manipulation_technique": "none",
    "target_action": "track_package"
  },
  "analyzed_at": "2026-02-08T10:31:00Z"
}

400Invalid request parameters

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "sender and body fields are required"
  }
}

Threat Levels

Level	Description
`safe`	No threats detected. Message appears legitimate.
`low`	Minor suspicious patterns detected. Likely safe but worth noting.
`medium`	Moderate risk. Contains suspicious elements that may indicate a scam attempt.
`high`	High risk. Strong indicators of phishing, fraud, or social engineering.
`critical`	Confirmed threat. Message contains malicious links, known scam patterns, or verified fraud indicators.

Batch SMS Analysis

Submit up to 100 SMS messages for batch threat analysis. Ideal for scanning an entire message inbox or processing message queues.

POST/api/v1/sms/analyze/batch

Batch analyze up to 100 SMS messages for threats

Authentication:Bearer Token

Parameter	Type	Required	Description
`messages`	array	Required	Array of SMS message objects. Each must contain sender (string) and body (string). Optional: timestamp (string). Maximum 100 messages.
`device_id`	string	Optional	Unique identifier of the device that received the messages

curl -X POST https://guard.orbai.world/api/v1/sms/analyze/batch \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "messages": [
      {
        "sender": "+1-555-0199",
        "body": "Your package is waiting. Track it here: https://pkg-track.example.com/t/abc",
        "timestamp": "2026-02-08T09:00:00Z"
      },
      {
        "sender": "BANKOFAM",
        "body": "Your Bank of America statement is ready. View it in the app or at bankofamerica.com",
        "timestamp": "2026-02-08T08:30:00Z"
      },
      {
        "sender": "+44-7911-123456",
        "body": "You have won 500 GBP! Reply YES to claim your prize now!",
        "timestamp": "2026-02-08T07:15:00Z"
      }
    ],
    "device_id": "pixel-8-abc123"
  }'

200Batch SMS analysis results

{
  "results": [
    {
      "id": "sms_batch_001",
      "is_threat": true,
      "threat_level": "high",
      "threat_type": "smishing",
      "confidence": 0.91,
      "description": "Fake package tracking message with suspicious URL. The domain was registered 2 days ago and has no association with legitimate carriers.",
      "recommendations": ["Do not click the tracking link.", "Block the sender."],
      "urls": [{"url": "https://pkg-track.example.com/t/abc", "is_malicious": true, "category": "phishing"}],
      "phone_numbers": [],
      "pattern_matches": ["fake_delivery", "suspicious_url"],
      "sender_analysis": {"number": "+1-555-0199", "type": "mobile", "is_known_scammer": false},
      "intent_analysis": {"primary_intent": "credential_theft", "urgency_level": "medium"},
      "analyzed_at": "2026-02-08T10:35:01Z"
    },
    {
      "id": "sms_batch_002",
      "is_threat": false,
      "threat_level": "safe",
      "threat_type": null,
      "confidence": 0.98,
      "description": "Legitimate bank notification from verified sender.",
      "recommendations": [],
      "urls": [],
      "phone_numbers": [],
      "pattern_matches": [],
      "sender_analysis": {"number": "BANKOFAM", "type": "alphanumeric", "is_known_scammer": false},
      "intent_analysis": {"primary_intent": "notification", "urgency_level": "none"},
      "analyzed_at": "2026-02-08T10:35:01Z"
    },
    {
      "id": "sms_batch_003",
      "is_threat": true,
      "threat_level": "high",
      "threat_type": "advance_fee",
      "confidence": 0.95,
      "description": "Classic prize scam. Requests the recipient to reply to claim a fake prize.",
      "recommendations": ["Do not reply.", "Block the sender.", "Report to your carrier."],
      "urls": [],
      "phone_numbers": [],
      "pattern_matches": ["prize_scam", "reply_to_claim"],
      "sender_analysis": {"number": "+44-7911-123456", "type": "mobile", "is_known_scammer": true},
      "intent_analysis": {"primary_intent": "financial_fraud", "urgency_level": "high"},
      "analyzed_at": "2026-02-08T10:35:02Z"
    }
  ],
  "total_count": 3,
  "threat_count": 2,
  "analyzed_at": "2026-02-08T10:35:02Z"
}

Real-Time Protection

For real-time SMS protection on mobile devices, integrate the single-message endpoint into your SMS receiver pipeline. The average response time is under 500ms, making it suitable for intercepting messages before they are displayed to the user.

SMS Protection

Analyze Single SMS

Threat Levels

Batch SMS Analysis

Real-Time Protection

On this page