Bandwidth.com FAQs

universally,

The “Subscribe to updates” feature lets you receive e-mail notifications on any notes or changes made to your order.

Subscriptions may be set on a per-order basis, or for all orders of a specific order type.

To set a subscription to a single order, perform the following steps:

Navigate to the Order Details page.

On the right side of the screen, set the frequency with which you’d like to receive updates.

Instantly: if you want to receive an email within a few minutes of a change being made to your order.

Daily: if you want a once daily report of order activity.

Type your email address into the box below and click ‘Add Notification’.

We will display a list of subscribers so that you'll be able to see who is receiving notifications on the order.

If you’d like to unsubscribe or stop receiving update notifications, find your email address in list, mark the checkbox, then click 'Delete'

Table of Contents

What is STIR/SHAKEN?

What is the driving force behind STIR/SHAKEN adoption?

What is the difference between STIR and SHAKEN?

How does STIR/SHAKEN work in a call path?

When will Bandwidth implement STIR/SHAKEN?

Are you currently in production with STIR/SHAKEN interop with peering partner?

What can I do now to prepare for STIR/SHAKEN deployments?

As a customer, will my network be expected to generate Identity Headers for traffic sent to Bandwidth?

What is Bandwidth doing in relation to STIR/SHAKEN in the United States?

How will STIR/SHAKEN impact call forwarding use cases?

How will STIR/SHAKEN impact a call flow incorporating multiple carriers?

If you’re in the communications industry, you’ve likely heard the recent buzz about something called STIR/SHAKEN. What does it all mean and how will it impact your business? We’ll break that down for you in this FAQ.

Industry leaders have been developing new specifications coined SHAKEN and STIR for Internet Protocol-based traffic exchange in recent years. STIR/SHAKEN is fundamentally aimed at re-establishing trust in the communications ecosystem and a stronger stance against malicious robocalling. The government is also keenly interested in protecting consumers against fraud and abuse in the form of robocalling.

Government interest was clearly demonstrated by the signing into law of the Telephone Robocall Abuse Criminal Enforcement and Deterrence (or TRACED) Act on December 30, 2019. Among a number of provisions in this law are requirements for the FCC to produce a report on the progress of STIR/SHAKEN deployment by the end of 2020, as well as a requirement for Service Providers to have implemented STIR/SHAKEN within 18 months of passage of the law.So, as you work with Bandwidth to advance your communications business needs, we want you to be aware of our stance on the issues and what we’re doing to implement the STIR/SHAKEN standards.

Bandwidth is actively engaged in efforts to implement the most robust call authentication framework possible, while also working diligently to stop the transmission of illegal robocalling on our network holistically. In addition to advancing the adoption of STIR/SHAKEN, Bandwidth is also leading industry efforts and best practices, including a three-pronged operational approach (prevent, detect, and mitigate) to stopping illegal robocalls. Learn more about Bandwidth’s stance against fraud and robocalls in our support article.

While curbing illegal robocalling is a main objective of STIR/SHAKEN, the framework itself doesn't include a mandate to block robocalls. We'll explain what it does stipulate, and what that may mean for your business, in greater detail below.

What is STIR/SHAKEN?

SHAKEN (Secure Handling of Asserted information using toKENs) and STIR (Secure Telephone Identity Revisited) (or vice versa: STIR/SHAKEN) are Telecom industry standards designed to enable service providers to cryptographically sign calls in the SIP (Session Initiation Protocol) header. In simple terms, the STIR portion refers to the process of providing attestation that the call is legitimate, while the SHAKEN part is more about how to handle the calls one way or another.

The process uses a trusted public key infrastructure to enhance the integrity of the originating call identifying data sent across networks. With STIR/SHAKEN, SIP headers will contain a level of confidence indicator from the originating service provider to signal whether the party originating the call has the right to use the number via the attestation field. There are 3 levels of attestation that can be indicated by the originating service provider:

Full Attestation - the service provider has authenticated their customer originating the call and they are authorized to use the calling number.

Partial Attestation - the service provider has authenticated their customer originating the call but can't verify they are authorized to use the calling number.

Gateway Attestation - the service provider has authenticated from where it received the call, but can't authenticate the call source (e.g., International Gateway call).

In addition to the attestation level, the originating service provider provides data in the header to facilitate traceback identifying where the call entered their network.

What is the driving force behind STIR/SHAKEN adoption?

Fraud and abuse in the form of robocalling and, in particular, illegally spoofed robocalling, is the number one consumer complaint to the FCC. The industry is seeking to combat the abuse through the adoption of STIR/SHAKEN as one tool that will help. In an effort to combat the rising number of malicious and illegal spoofing, the TRACED Act was signed into law on December 30, 2019 that among other things mandates Service Providers deploy STIR/SHAKEN solutions.

It's worth noting that STIR/SHAKEN isn't a technology that blocks calls per se, but rather a tool that may provide indications of when fraud is occurring.In addition to working on implementing STIR/SHAKEN, Bandwidth also has policies to block unlawful robocalls and other forms of fraud.

It's important to distinguish between fraudulent and legitimate robocalls.Bandwidth continues to implore regulators and the industry to work hard to ensure that legitimate calls don't get blocked in the flurry of effort to prevent abuse. Services that consumers want and demand, such as school closure notifications or prescription reminders, must continue to meet their needs and expectations. While STIR/SHAKEN doesn't block calls, the data produced by the verification of signed calls could be input into the analytics used to block calls.

What is the difference between STIR and SHAKEN?

STIR is a working group within the Internet Engineering Task Force (IETF), an open standards organization which develops and promotes Internet standards. As such, STIR produces internet standards that form the basis of what is referred to as STIR/SHAKEN. These include RFC 8224, RFC 8225 and RFC 8226, in addition to some draft standards currently being developed to address additional use cases beyond the scope of what is addressed by SHAKEN (ATIS 1000074). SHAKEN defines the extensions and industry framework for the deployment and interworking of the technology in service provider networks.

How does STIR/SHAKEN work in a call path?

When originating a call on the network, the originating service provider’s Secure Telephone Identity Authentication Service (STI-AS) creates an encrypted SIP identity header that includes the following data:

Attestation level

Date and Time

Calling and Called Numbers

Orig ID for analytics and/or traceback purposes among others

Location of certificate repository

Signature

Encryption algorithm

The SIP INVITE with the SIP Identity header is sent by the originating service provider and received by the terminating service provider. The terminating service provider invokes a STI Verification Service (STI-VS) to decode the SIP identity header and perform verification of the data transmitted in the call. Depending on the results of the verification, information can be passed in a verification status or verstat parameter indicating the results of the verification step. The call is completed to the receiving party with potentially some optional treatment like a display that is dependent on the level of attestation and the resulting verification. For example, this could be “valid number” or green checkbox for a fully attested call, or labeled as “possible spam” for a gateway attested call without full attestation.

The following diagram shows the high-level call flow for SHAKEN calls:

press release

SIP INVITE is received by originating service provider who looks at call source (customer) and calling number to determine the level of attestation to provide for the call

Originating service provider sends SIP INVITE to the authentication service

Authentication service returns SIP INVITE with SIP Identity Header containing PASSporT header, PASSporT payload, PASSporT signature, encryption algorithm and location of certificate repository

SIP INVITE with Identity header is sent to terminating service provider

Terminating service provider sends SIP INVITE with Identity header to Verification Service

Verification Service obtains the digital certificate with the public key, decodes the identity header and verifies that the originating service provider is authorized to originate calls for the calling number

Verification Service returns results indicating whether the Identity Header was valid and whether TN Validation passed, failed or wasn't performed

Terminating service provider completes the call to the called party

When will Bandwidth implement STIR/SHAKEN?

Bandwidth participates in the relevant industry forums (ATIS IP-NNI, NANC WG, etc.) and is actively implementing the STIR/SHAKEN specifications. We've successfully deployed the key components of STIR / SHAKEN in production and formally announced our initial carrier interop with Verizon Wireless in a December 11, 2019 press release. Our current SHAKEN implementation is as defined in ATIS 1000074. However, Bandwidth is on record with the FCC that SHAKEN as written isn't adequate for all uses cases.

One example of an outstanding use case is when a customer purchases a telephone number from one provider but originates a call with a different provider. Bandwidth continues to participate in ATIS IP-NNI with other interested parties to ensure that proposals such as "Certificate Delegation" or "TN Proof of Possession" are adopted to ensure all legitimate customer calls are treated equitably.

Because of the existing gaps in current standards, Bandwidth expects to be implementing STIR/SHAKEN from our initial production deployment in the 4th quarter of 2019 well into 2020. Note that the new TRACED Act that was signed into law mandates that Service Providers have STIR / SHAKEN deployed by June 30, 2021. The text of the TRACED Act can be viewed here.

It's worth noting that STIR/SHAKEN validates that the telephone number (TN) of the call is valid. It also adds a mechanism for traceback of the call to the carrier that originated the call. It doesn't block calls.

Are you currently in production with STIR/SHAKEN interop with peering partner?

Yes. Our initial carrier interoperability occurred in 4Q 2019 with a formal on Dec 11, 2019. We're also actively working with other Service Providers to expand our coverage and overall effectiveness of STIR/SHAKEN.

What can I do now to prepare for STIR/SHAKEN deployments?

As a customer, you can consult with your equipment vendor to understand its readiness for receiving additional SIP headers that will result from STIR/SHAKEN. While discussions are ongoing in the ATIS IP-NNI forum regarding what to pass the customer, the current best practice proposal suggests passing both the verstat parameter as well as the full identity header to the customer. Verstat is the header containing the verification results produced by the STI-VS, while the identity header is the header added by the originating service provider calling the STI-AS and includes such things as the attestation level and Orig ID.

As previously mentioned, on the origination side there are use cases that ATIS 1000074 as defined doesn't address directly, such as when a customer buys telephone numbers from multiple carriers and originates calls with different carriers. Bandwidth continues to advocate with the industry and the FCC that these use cases need to be addressed to ensure fair and non-discriminatory treatment of traffic.

As a customer, you should stay abreast of these developments and, if possible, participate in the industry forums and make your opinions known.

As a customer, will my network be expected to generate identity headers for traffic sent to Bandwidth?

Currently, no. For SHAKEN, as it’s defined today in ATIS-1000074, the originating carrier will generate the Identity Header via an STI Authentication Function (STI-AS). As mentioned, there are some use cases in which SHAKEN as written needs to be augmented to address. One example of this is when a customer’s equipment diverts a call (forward or transfer) which makes verification of the original Identity Header difficult or impossible. Another case is when a customer gets a number from one carrier and originates a call on a different carrier.

Both of these cases, among others, are being debated in the industry forums and may result in a customer needing to generate an Identity Header (or for Bandwidth or a third party to generate one on the customer’s behalf).

What is Bandwidth doing in relation to STIR/SHAKEN in the United States?

Bandwidth is actively engaged with the Federal Communications Commission (FCC), as well as with several STIR/SHAKEN working groups, to help shape and establish an industry solution for validating phone numbers and caller authenticity in an effort to reduce instances of robocalls and spoofing. We're working alongside other major service providers to develop and implement solutions that will best suit our customers’ wide variety of use cases.

Bandwidth will be actively updating our customers on major changes as they take place.

How will STIR/SHAKEN impact call forwarding use cases?

Call forwarding and otherwise “diverted” calls, such as call transfer, can result in the inability to verify the identity header added by the originating service provider because of the SIP header modifications that could occur. The ATIS IP-NNI forum is working on a standard specifically to handle these diversion cases, but it's still in draft status and being debated.

How will STIR/SHAKEN impact a call flow incorporating multiple carriers?

Authentication and signing of a call (STI-AS function) should be done by the originating service provider, and verification of a call (STI-VS function) should be done by the terminating service provider. The transit networks in between should pass the identity header without modification.

Bandwidth Dashboard

Users with account administrator rights in the Bandwidth Dashboard can resetother user's passwords or send them password reset emails.If you are the Admin user and are unable to login, please open a ticket with and we'll get you sorted!

To reset a user'spassword:

Login to the .

From the top navigation menu, click ‘Account’ and then click on ‘Users’.

Clickto open the user account you would like to update.

You may either set a 'New password' or click

Click ‘Save Changes’.

If a user is locked out of the Bandwidth Dashboard:

Click the ‘slider switch’ so the status reflects 'Active.'

Click ‘Save Changes’.

Table of Contents

What is Number Porting?

Understanding Number Porting

Porting Types and Time Frames

LOA & Documentation Policy

Customer Service Record Policy

Common Rejections

Order Activation (Day of FOC)

“SUPP” Requests

Order Cancellation Requests

Short Notice FOC

Expedites Requests

Porting Away from Bandwidth

Unauthorized Porting

Bandwidth Service Levels in the Porting Process

Customer Responsibilities in the Porting Process

When to Open a Ticket

What is Number Porting?

Number porting, also known as LNP (Local Number Portability), is an important service offering at Bandwidth. Depending on the carrier, the process for number porting can be simple and easy, or lengthy and complex. Bandwidth’s mission is to provide the easiest and best experience possible, but it requires cooperation from all parties involved to achieve success. This LNP guide was put together with these goals and challenges in mind so that it can be a useful tool to help guide customers through the porting process as smoothly as possible. Click here to learn more about how to port number into Bandwidth!

Understanding Number Porting

Number portability is required to be performed by local exchange carriers (LECs) and Interconnected VoIP providers in accordance with rules and procedures established by the Federal Communications Commission (FCC). However, within the structure of the FCC requirements, carriers may have individualized systems and processes for handling porting activity. Thus, while carriers’ LNP operations are largely similar and intended to accomplish the same end results, there are unique differences in processes and procedures from one to the next. Some of these unique differences are what can make or break an easy LNP process. At the outset, here are some basic rules of thumb to follow that work for the vast majority of all port requests:

Do not disconnect services with current carrier

The authorized End User (EU) of a number should never disconnect services with their current carrier prior to submitting a port request. Disconnected or inactive numbers can't be ported. In fact, in order for porting to occur most smoothly, EUs generally should not inform their current provider that they intend to transfer their service to a new carrier. The EU may, however, contact their carrier to attempt to obtain documentation of their account or the Customer Service Record (CSR), which is described more fully below. The end user will also want to make sure there are no freezes that would prevent porting activity on the current account, and be sure to have any applicable PINs, passwords, and account numbers ready for use when making a request to port numbers to a new carrier.

Do provide accurate porting information

Address information for wireline and VoIP LNP requests (i.e. excluding toll-free and wireless porting) should be provided as the service address, not a billing address. Often the billing address isn't representative of where the number that is being ported is actually in service, and it's the service location that matters most for LNP processes. Additionally, the authorized EU should be sure that any and all additional information pertaining to their account (e.g. full port/partial port, passcodes, account numbers, etc.) is provided and is accurate.

Porting Types and Time Frames

Bandwidth abides by applicable FCC standards, requirements and recommendations for number porting. Because the type of port request submitted can affect porting time frames - some of which are recommended and others required - this guide should provide a better idea of what to expect. Keep in mind however, industry standards and practices are subject to change. If an order is taking longer than indicated below, and has not received a rejection of any kind, please contact the Bandwidth LNP team for assistance.

Note that all time intervals presented below are contingent upon the authorized EU’s information provided to Bandwidth being correct so that it matches the current/losing carrier’s applicable records. If the requisite information doesn't match, the time interval for porting will be longer. Please keep in mind that because Bandwidth can't predict any errors in processing, or the behaviors of other carriers, all quoted times below are Bandwidth’s goal to get the order completed, and can't be guaranteed for all cases.

Type of Port

Estimated Porting Interval

Standard or Off-net Port

3 7 business days

Simple Port

1 2 business days

Complex or Non-Simple Port

2 4 business days

Project Port

3 4 weeks

Toll Free Port

2 7 business days

Standard Porting

Bandwidth considers any single order to port 100 telephone numbers or fewer that includes a single Billing Telephone Number (BTN), single address, single losing carrier and single rate center to be a standard port. All standard port requests must be entered into the Bandwidth portal, and most will begin processing immediately upon submission. A standard port request will typically be completed within 7 business days, if a first available date is requested, and if there are no rejections on the order.

Bandwidth utilizes an application programming interface (API) on the back-end of its portal that allows for quicker porting times and responses. Once a standard port request is submitted to the portal, and isn't considered off-net, the order automatically starts processing. Bandwidth has logic in its API that identifies other carriers that Bandwidth is bonded with and which identifies the earliest possible porting dates available with the losing carrier.

Example of a Standard Port:Bob of Bob’s Hardware is porting 5 telephone numbers for his office to Bandwidth from his current carrier. All 5 numbers are located in the Phoenix, Arizona rate center, and share the same BTN, end user name and address. Also, all 5 numbers are currently serviced by the same LEC.

Simple Porting

The FCC requires wireline, wireless and interconnected VoIP providers to complete “simple ports” within one business day, unless the requesting provider asks for more time. Contrary to the name, “simple porting” can actually be somewhat complicated to understand. A “simple port” actually depends very specifically on the criteria listed below. If the required criteria isn't met precisely, the order may be rejected by the current/losing carrier, which will cause the winning carrier to have to resubmit the port request with new requested porting dates thereby extending the time frame for successfully porting the number to Bandwidth. The criteria for simple porting are those ports for a single TN that exclude:

Unbundled network elements

Multiple lines

Complex switch translations (e.g., Centrex, ISDN, AIN Services, Remote Call Forwarding (RCF), or multiple services on the loop)

Resellers

A proper simple port must be submitted and received by the current/losing carrier by 1 p.m. local time (of the losing carrier) on a business day for it to be eligible for activation at midnight on the same day. Any simple port request received after 1 p.m. on a business day local time will be considered the next day’s business. All simple ports shall be entered into the portal just like a standard port request, but with a requested completion date within the aforementioned intervals.

Example of a Simple Port:Sara Jones is porting her basic residential phone number from her current carrier, to Bandwidth or a VoIP provider that Bandwidth supports. Her phone number doesn't have any extra features on it, like call forwarding, and isn't part of a bundled package.

“Complex” or “Non-Simple” Porting

Single order port requests that include complex properties such as: multiple rate centers, multiple Billing Telephone Numbers (BTNs), and/or multiple addresses, to be “complex ports.” Complex porting may also involve the losing carrier’s identification of complex porting, due to legacy properties on the account that require special handling. Complex porting, like project porting, isn't subject to the same well-defined performance intervals that exist for “simple ports” under FCC rules and may be subject to negotiated arrangements between carriers.

The Bandwidth LNP Projects team aims to complete complex ports as quickly as possible but not longer than within 6 weeks. Complex ports are every similar to project ports but project ports typically include more TNs as part of the port request where a complex or non-simple port can include even a single TN if that TN has complex service properties associated with it.

Example of a Complex Port:Pottery King Retail stores are porting 10 of their phone numbers. The 10 numbers are located in the same state of Colorado, but in 3 different rate centers (Denver, Grand Junction and Colorado Springs). Three of the telephone numbers currently belong to one LEC, while the remaining 7 belong to another LEC. Thus, the order involves 2 different Billing Telephone Numbers and 3 different addresses.

Project Porting

Bandwidth considers port requests presented as a single order, with 100 or more telephone numbers, a single BTN, a single losing carrier and a single address to be “project ports.” Project porting requires manual handling, and generally can be completed within 3-4 weeks of submission. Please contact the project porting team for questions on project porting, including how to submit a project port, more specific time lines for completion, what is required to provide, etc.

Example of a Project Port:Dewitt’s Grocery Stores are porting all of their store numbers in a single rate center & state. The store has 35 locations in the same rate center, and there are 245 numbers that will be porting. The numbers are all with the same carrier, but have multiple addresses and Billing Telephone Numbers.

Toll Free / 8YY Porting

Toll free porting is defined as the porting of any toll free or “8YY” number (800, 844, 855, 866, 877 and 888 exchanges). It's a slightly different process throughout the industry, and isn't subject to the same mandates as LNP by the FCC. Toll free ports are handled manually, but must be entered into the portal similar to a standard port request. Toll free port requests should preferably be submitted within a week of when number activation is desired.

Toll free numbers are at risk of being disconnected if not activated within 1-2 weeks after the provider that is designated to manage the toll free number (also known as a RespOrg) has released it. In attempt to avoid accidental disconnects, Bandwidth won't submit a toll free port request to the designated RespOrg until a week before the desired due date.

Toll free port requests should be completed within 7 days, assuming there are no rejections on the order and a first available date is chosen. LOA submission for toll free porting is different than standard number porting. Please see the LOA & Documentation Policy section for more information.

Off-net Porting

Occasionally Bandwidth provides services in rate centers that are not covered under its own interconnected CLEC footprint by partnering with other LECs. Such numbering arrangements are considered to be “off-net” because they are not supported under the Bandwidth CLEC, and identified as off-net ports (Tiers 1-5). For the most part, these flow through just like any other standard port request, however the control and administrative duties of porting are left up to Bandwidth’s partner.

LOA & Documentation Policy

There are specific instances when Bandwidth will require certain pieces of documentation, like Letter of Agency/Authorization (LOA) or Copy of Bill (COB), before initiating LNP orders. Follow these simple guidelines to make sure the proper documentation is submitted at the time of the order to prevent costly delays:

Type of Port Request

REQUIRED

CONDITIONAL

LOA

COB

LOA

COB

Porting on-net to Bandwidth CLEC

X

X

Porting off-net to a Bandwidth vendor

X

X

Toll Free Porting

X*

X

Project / Complex Porting

X

X

*A specific LOA format may be required for some carriers.

Conditional LOA policy

As a wholesale provider Bandwidth may not require its customer to produce the required LOA up front, however customers must be prepared to produce the LOA at any point during, before or after the porting process. An example of when Bandwidth may need the LOA is during an inadvertent porting situation (see below). In this case, the valid LOA should be provided to Bandwidth immediately upon request. If the LOA isn't provided immediately upon request, a number could be removed from the customer account and returned to the former carrier or customer.

Customer Service Record Policy

A Customer Service Record (the information typically included in a CSR) is often used by carriers to help determine that a port request is authorized. However, some carriers have policies that limit production of the CSR only to the end user of record, while other carriers will provide the CSR only to a winning carrier, and still others won't provide a CSR at all.

All reseller customers are responsible for advising their EU’s that accurate service address and end user information is required to port numbers, and then providing this information to Bandwidth with the port request. If a port request is rejected by the losing carrier for an information mismatch, Bandwidth will require the customer and/or the EU to obtain accurate and necessary information from the current carrier. If the customer and/or EU experience difficulties gathering necessary information, Bandwidth may be able to assist, including requesting the CSR from the current carrier.

It's not Bandwidth’s policy to request a CSR on every order, regardless of the status the order. A CSR will be provided at Bandwidth’s discretion only, and the cost to retrieve the CSR may be passed along to the customer.

Common Rejections

The most common port rejections are those that indicate the information submitted doesn't match what the losing carrier has on file. Examples include things like: name mismatch, address mismatch, zip-code mismatch, and partial/full porting migration errors. It's the responsibility of each customer/EU to provide accurate information necessary to complete the port request through Bandwidth’s portal. By doing so, the potential for up-front rejections and delays in porting will be dramatically reduced. Please see the rejection table below for common rejections and resolutions:

Number Disconnected / Not Active

The TN or the account holding the TN is considered disconnected or inactive. All accounts and TNs must be active to port. EU will need to re-activate service with their provider to continue.

Pending Order

A pending order can be anything from another port request that has been submitted with this same number, a feature add or disconnect, address change, etc. The EU will need to contact the carrier to get the order close out or canceled in order to proceed.

BTN Mismatch / ATN Mismatch

The BTN provided on the order doesn't match the BTN on the carrier’s records (CSR). The EU will need to contact the carrier to obtain the correct BTN. Bandwidth doesn't have the ability to determine the ATN/BTN by pulling a CSR. This needs to come from the EU.

Partial Port / Migration Indicator

A partial port indicates the customer is porting away only some of the numbers they have with the current carrier. A partial port rejection can (generally) one of two things:

a)The order was submitted as a partial port, but it's not actually a partial port

b) The order was submitted as a full port, but it's actually a partial port.

Fixing this generally requires the customer/EU to review their inventory/services/CSR with the current carrier, then advising the LNP team how the customer wishes to proceed with the port. Sometimes this also comes through as a rejection for Migration Indicator, which is the toggle/button that is chosen when submitting the order to choose a partial or full port.

There are instances with this rejection, whereby the order would have to be cancelled and resubmitted. If the order is truly a partial port, a new BTN will need to be provided to the current carrier in order to keep remaining services intact. The new BTN must be a number that already exists on the same customer account with the current carrier.

Please contact the LNP team for assistance if needed.

Carrier Freeze

Customer has requested a freeze to be placed on the account that prevents the numbers from being ported (a freeze prevents the change of carriers on an account). The EU will need to submit an order to the current carrier to remove the freeze. This process can take 1-3 weeks depending on the carrier. Once the freeze is removed, and the order to remove the freeze has closed out with the current carrier, the port may be restarted or resubmitted with Bandwidth.

DSL / Dryloop

DSL is an internet service. If DSL exists, unless the DSL provider allows Dryloop, an associated phone number is probably needed for that connection. Check with the DSL provider before attempting to port a DSL number. Generally, the EU will need to disconnect it prior to port, make new arrangements with the carrier for the DSL, or provide instruction to Bandwidth to disconnect the DSL in order to proceed. If a number is ported w/o the EU taking care of the DSL service, the DSL runs the risk of being completely disconnected.

Distinctive Ring or Other Feature

This is a feature most carriers won't port while active. The EU will need to disconnect it directly with the carrier.

Name Mismatch

The business or residential name on the order doesn't match that of the carrier’s records (CSR). The EU will need to contact their provider to pull the current name on the CSR.

Order Activation (Day of FOC)

All non-project on-net porting requests are currently activated at 11:30 a.m. ET. Most off-net porting requests are also activated at this time, but please contact a member of the Bandwidth LNP team to confirm the time any specific order will be activated if this is a critical need. Because project ports are subject to non-standardized intervals, activation times will be scheduled according to customers’ requests according to the project porting schedule that is in place with the other carrier. Bandwidth doesn't currently support specific port time activations for any other type of port requests.

Type of LNP Order

Set Activation Time

Other Activation Time

On-Net / CLEC Porting

11:30 a.m. ET

Off-Net Porting

Between 8 a.m. - 2 p.m. ET, depending on vendor

Toll Free Porting

11:30 a.m. ET

Project Porting

Customer specific, unless noted by Project Manager

Complex Porting

11:30 a.m. ET, unless noted by Project Manager

“SUPP” Requests

The word ‘SUPP’ is short for supplemental, which is an additional request that is sent on a LNP order, to the losing carrier, generally making a change to the order in some fashion. A SUPP can be anything from changing the due date (most common) to correcting something on the order due to a rejection.

Bandwidth allows up to three (3) SUPP requests on any order after FOC is received. Once FOC is received a SUPP request is only sent in an attempt to change the desired due date. SUPP requests can't be sent to the carrier with a new due date (whether it’s after FOC is received or before), for anything more than a 30-day interval from the current business date. Any SUPP request submitted less than 48 hours before FOC date, is considered best effort which means there is the possibility that the numbers may still port on their original FOC date. Additionally, the original FOC date may be lost and the order may need to be restarted once a SUPP is issued.

There may be costs associated with SUPP transactions. If Bandwidth incurs additional costs as a result of customer requested SUPPs, these costs will be passed along to the customer.

Order Cancellation Requests

A port request can be cancelled at any time up to 48 hours (2 business days) prior to the established FOC date on the port. However, cancellation request within this 48-hour window may trigger an expedited cancel charge. Further, a cancellation can't be guaranteed. Therefore, it's always best to find a way to accept a port request when it's within 48 hours of the FOC date to avoid an accidental outage on the telephone number(s).

Short Notice FOC

There are times that the current carrier doesn't provide a FOC date that matches what has been requested. Typically a FOC mismatch means the FOC date given is later than the requested date but there are times when the FOC date provided by the current carrier is within a very short window (e.g. 0-48 hours from the date/time submitted). Bandwidth will immediately notify its customers (via portal notification) of the shortened FOC window in an attempt to confirm the FOC can be accepted, or if a SUPP request needs to be sent to the carrier to change the date. A SUPP on a short notice FOC (which isn't a result of an expedite) is supported at no charge to the customer.

Expedites Requests

An expedite request is a customer-initiated request aimed to shorten the time frame of a specific LNP request, such as a FOC or a cancellation request. Any attempt to expedite a LNP request is considered best effort. Additionally, these types of requests require co-operation from the other carrier, some of whom may not readily support it. Please contact the Bandwidth LNP team for assistance for all expedite requests. Finally, any additional costs associated with expedite transactions will be passed along to the customer.

Porting Away from Bandwidth

If a customer or end user wishes to port their number(s) away from Bandwidth, there's nothing that needs to be done from the EU perspective, other than providing the correct porting information to the new carrier, which can be found in the customer portal. Bandwidth doesn't utilize passwords, freezes, PINs or any other similar features at this time.

The responsibility of initiating the port request, and following the proper port-out procedure is on the new/winning carrier. However, Bandwidth understands that assistance may be needed in ensuring that the port-out occurs without incident. All winning carriers should be directed to Bandwidth’s business rules online at http://bandwidth.com/legal. If further assistance is needed, the carrier may contact the Port-out team at 855-577-2929. Keep in mind, the Bandwidth Port-out team works solely with other carriers (LECs), and not with end users directly. Note that numbers associated with disconnected services won't be eligible to port.

Unauthorized Porting

An unauthorized port is also known as a “slam.” Slamming occurs when a number is ported out to a new carrier without proper authorization from the EU. FCC rules, guidelines and policies establish that it's the new carrier’s responsibility to ensure that the port requests it submits are authorized. In order to encourage competition and freedom of choice by EUs, applicable rules and procedures limit the ability of the old or “losing” carrier to verify that port out requests are properly authorized. Therefore, in order to support successful porting, Bandwidth requires its customers to obtain legally valid authorization from EUs as part of each port request it makes. Legally valid authorization is captured through the execution of an LOA that contains at least the minimum required information according to the FCC’s rules and industry standards.

Bandwidth can provide port-out notifications so that customers are able review and validate telephone numbers that have been ported out by EUs. If a customer believes a number has ported without valid authorization, the Bandwidth LNP team will work hard with the other carrier to make a determination of the validity of the request and if the port was not authorized, return the number as quickly as possible. The following process is required in order for the LNP team to process a “snap back” of a number that has been ported without authorization. Please note, it's critical to report these types of incidents within 24 hours of the porting activity:

Report the potential unauthorized port to the LNP team by opening a ticket. Due to faster ticket handling, the preferred method for opening a ticket is via the ticketing portal, however, a ticket may also be opened by emailing the team at [email protected]. If this option is chosen, it is important to identify the type of request in the subject line (e.g., Unauthorized Port on TN xxx- xxx-xxxx).

An LOA signed by the end user of record, identifying the end user’s choice of carrier may be This should be attached to the ticket if so.

Call the LNP team promptly at 855-VoIP-Pro to advise a number was potentially ported away without valid authorization, and a ticket has been opened

The LNP team will immediately begin to work with the other carrier in an attempt to return the number if the port was not properly requested. This may require further cooperation or input from the customer or end user. Things to keep in mind with unauthorized ports:

Numbers are authorized based on the new or “winning” carrier’s criteria of

An unpaid bill by an EU doesn't constitute an invalid port. In fact, the FCC has made clear that carriers can't delay or prevent porting due to a billing dispute or unpaid

Despite validation efforts taken by carriers, mistaken or unauthorized porting may still occur. If there is belief that a number was intentionally slammed, EUs may report such claims directly to the FCC via their website at http://www.fcc.gov/encyclopedia/slamming or http://www.fcc.gov/complaints.

Any unauthorized ports shall be reported to Bandwidth within 24 hours of the occurrence, but no more than 1 week. Any unauthorized port request brought to Bandwidth’s attention more than a week after the day it ported away is considered a ‘winback’, to which standard porting time frames and policies apply. An unauthorized port request that is older than week won't be worked as a ‘slam’.

Please bear in mind that no provider (Bandwidth included) is immune from occasional inadvertent porting due to unintentional errors during the porting process. The most common errors are likely to occur when submitting the initial port request (e.g. a typo on the porting TN(s) itself). In these cases, the other carrier will contact Bandwidth and request that the number be released back to them, and their customer/end user. Bandwidth’s policy on reverse inadvertent porting (i.e. “snap back”) is as follows:

Bandwidth will review the request from the complaining carrier to determine the information used to port the number to Bandwidth, and the customer assigned to the number.

Bandwidth will reach out to the customer of record indicating the number was reported as being inadvertently ported to Bandwidth.

Bandwidth will require a valid LOA immediately from the EU (please see Bandwidth’s policy on LOAs). If the LOA isn't provided in a timely manner, and Bandwidth deems the port was made in error, the number will be released back to the complaining carrier immediately.

Bandwidth will remove the number from provisioning in its portal, thus triggering a port-out notification so that the customer may adjust their records accordingly.

Bandwidth Service Levels in the Porting Process

To submit port request within 2 business days of receipt of EU

To provide an update on each order every 2 business

To process necessary supplemental and cancellation requests on orders within 1 business day

Customer Responsibilities in the Porting Process

Customer shall provide correct porting information

Customer shall keep the EU letter of authorization (LOA) on file, and be able to present a copy immediately upon request

Toll-Free LOAs are required upon port

Customer must rectify the basis for an insufficient port request that results in a port request rejection within 10 business days.

Customer shall provide a new LOA if the initial LOA and request become more than 30 days old during the course of porting

When to Open a Ticket

If at any time assistance isn't being provided via the tools and resources available, or if there is an expedite request, an inadvertent porting incident, or any other reason where a ticket may be appropriate - please open one ! The Bandwidth LNP team works trouble tickets in a First-inFirstOut (FIFO) order, but searches for tickets that have high priority to work those first. Opening a ticketis the fastest way to get your questions answered.

V2 API PLATFORM MIGRATION

You’re getting ready to migrate! Here’s what you need to know.

WHAT ARE THE BENEFITS?

You’ll have access to all of the features you’re used to in our V1 API, plus more! Check out these feature guides to get the details:

V2 Voice API Feature Guide

V2 Messaging API Feature Guide

HOW DO I MIGRATE?

Important! Before you get started, speak with a Bandwidth team member to ensure you're set up correctly.

As an extra measure of preparation, feel free to check out these simple walk-throughs to get an idea of what the V1 to V2 API transition looks like.

VOICE - V1 V2 Voice API Migration Guide

MESSAGING - V1 V2 Messaging API Migration Guide

NUMBERS - V1 V2 Numbers API Migration Guide

Have questions? Open a ticket with our support team. We're here to help!

CNAM SIP SUBSCRIBE / NOTIFY CAPABILITY

Bandwidth’s Caller Name (CNAM) is a service that provides the Caller Name on VoIP calls in the US and Canada. Bandwidth is introducing an additional capability to access this service via SIP messaging. This service adds the optional ability to query the CNAM database using the SIP SUBSCRIBE - NOTIFY framework. This method is particularly useful for customers that may have already implemented this method. Once the request is made via a SIP SUBSCRIBE message, the calling name is returned to the customer application or dial plan via a SIP NOTIFY message. The CNAM data is managed by the phone company who provides the phone numbers to its customers.

Specifications for CNAMConfiguration & Implementation

SBC (SESSION BORDER CONTROLLER) IP INFORMATION

Bandwidth employs mated pairs of SBC’s for signaling redundancy. For CNAM services, please ensure that both IP addresses provided are configured for inbound traffic in the event that one SBC is offline.

Toobtain the specific IPs used for the CNAM Subscribe Service, please reach out to your Implementation Specialist, if you are currently working with one. If not, please open a support ticket at Bandwidth.com/support.

SIP SUBSCRIBE - NOTIFY OVERVIEW

Subscribe/Notify consists of 2 SIP transactions. The requestor sends a Subscribe request to initiate a CNAM DIP and Bandwidth responds with a message indicating the status of the request to complete the initial transaction. Bandwidth then sends a Notify message in the opposite direction with the CNAM information and the customer responds with a message to indicate acceptance of the message containing the CNAM information. The signaling flow is depicted below.

Note: There is a possibility in some cases that the NOTIFY message is received before the 200 OK response to the initial SUBSCRIBE. This is as described in RFC 3265 Session Initiation Protocol (SIP)-Specific Event Notification.

SUBSCRIBE MESSAGE FORMAT

The following is an example of a SIP Subscribe message requesting the CNAM information for +15551111212. The Expires header is always required and is required to be 0. The Event: cnam field identifies this message as a CNAM request. The request-id: parameter can be used by the requestor to insert an alphanumeric identifier as a reference to the request. The message body consists of only of the Calling-Party field which must contain a valid SIP URI for the number to be dipped for CNAM.

SUBSCRIBE sip:Bandwidth SIP/2.0

Via: SIP/2.0/UDP Customer;branch=ehnansucdjdisao

To: <sip:Bandwidth>

From:<sip:Customer> ;tag=1234

Call-ID: jklsfaj3kjaajl3ijrtalk3ja5352

CSeq: 150 SUBSCRIBE

Max-Forwards: 3

Contact: <sip:Customer>

Expires: 0

Event: cnam;request-id:129j2jd9

Content-Type: application/calling-name-info

Content-Length: 55

Calling-Party:sip:[email protected];user=phone

NOTIFY MESSAGE FORMAT

Once the lookup is accepted and completed by Bandwidth a Notify message will be sent with the CNAM info retrieved. Following is an example of a Notify message in response to the Subscribe message in the previous section. The CNAM information in this case is “John’s Pizza”. Note that the request-id information is returned in the Notify message so the customer can correlate this message to the original Subscribe.

NOTIFY sip:Customer SIP/2.0

Via: SIP/2.0/UDP Bandwidth;branch=a1hB4bGnashds4

Max-Forwards: 3

Contact: <sip:Bandwidth>

To:<sip:Customer> ;tag=1234

From: <sip:Bandwidth>;tag=5678

Call-ID: jklsfaj3kjaajl3ijrtalk3ja5352

Cseq: 200 NOTIFY

Content-Type: application/calling-name-info

Subscription-State: terminated

Event: cnam;request-id:129j2jd9

Content-Length:128

Calling-Name-Status:Available

Calling-Name: “John’s Pizza”

Presentation-Indicator: allowed

ERROR CODES

Possible error codes you may receive in response to the SUBSCRIBE message.

400, 500: Customer IP address not in the Access Control List

500: CNAM service temporarily unavailable

Each account may have one or more Sites defined. Each Site may have one or more SIP Peers defined, which are the objects that contain the endpoints used to send and receive voice and data traffic. Most customers may only need a single Site and SIP Peer, but this structure allows customers with multiple products, channels, customers and physical locations to easily model their endpoints. In the Bandwidth Dashboard UI, "Sites" are referred to as "Sub-account", which is their most frequent use. SIP Peers are referred to as "Locations" as they are most frequently used to model customer's physical locations. Telephone Numbers (TNs) are associated with a single SIP Peer within a Site. These same rules are applied in the Bandwidth Dashboard UI's account structure.

Please note that both the Sites (SubAccounts) and SIP Peers (Locations) aren't intended to grow in an unbounded manner. If you're finding the need to establish more than 50 Sites (SubAccounts), or 250 total SIP Peers (Locations) in order to address your business needs, please consult with your Bandwidth representative before moving beyond these thresholds. System responsiveness and/or network issues may result, if these thresholds are exceeded.

On a Unified Communications (UC) account, you can establish a 911 Emergency services address for a group of phone numbers on the Location. The Bandwidth Dashboard also allows you to update the 911 address on each phone number individually.

Note: once a phone number is ordered or ported into your Bandwidth account, it'll be provisioned with the 911 address that you have set to the Location. The 911 address on the Location is the default setting. If a phone number has a different address, then you can update each phone number as needed.

How to add a 911 address on a Location:

From the top navigation menu, click Account, then Locations.

Under the Unified Communications (UC) section, provide a physical address for the residence or business. This is the location where emergency services personnel should respond to a 911 call.

The Caller name on a 911 call will reflect the Location name.

How to update a 911 address on a Phone Number:

Emergency services can also be associated with individual phone numbers. To update the emergency services address on a particular phone number, perform the following steps:

Paste or type the phone number in the Search Telephone Numbers box.

On the Search Results page, click the blue phone number link.

On the Phone Number Details, locate the E911 section.

This will display the address that was previously established on the Location.

Make any necessary updates and click Submit.

If you have any questions, please open a ticket with your Bandwidth Support Team or hit us up at

Please reference our downloadable reports to find Bandwidth's Coverage Matrix and other phone number resources such asindustry overlay reports and exhausted area code lists!

Bandwidth Coverage Matrix

This tool is designed to help determine which rate centers Bandwidth supports for ordering and porting phone numbers.

Bandwidth Canadian Area Code Availability

A report of Canadian Area Codes and their availability for ordering phone numbers.

Exhausted U.S. Area Codes

A report of Area Codes that are exhausted. Exhausted means that almost all resources are in use and the industry no longer has available numbers in these area codes.

Industry NPA Overlay Report

A report of Area Codes that have been added to a region that are already serviced by another area code.

NPA-NXX Map

A report of Rate Centers and the Area Codes & Exchanges (NPA-NXX) that make up each.The NPA-NXXs in this report show all of the NPA-NXXs that exist in the industry for the rate centers Bandwidth covers. This is not necessarily an indicator of the NPA-NXXs where Bandwidth has available in inventory.

Industry City Map

A report of cities and area codes (NPAs) within rate centers that Bandwidth is able to provide porting coverage for.

status.bandwidth.com

Bandwidth posts real-time updates to status.bandwidth.com in the event that we encounter a network service impairment or we need to communicate about scheduled maintenances.

You may subscribe to this page to receive instant updates via email, SMS, WebHook, and RSS feed.

Network Incident Update Intervals:

During a network incident, a 24/7 response team will activate to alert customers of an impairment and provide updates via status.bandwidth.com.

If an impairment is within the confines of our network; updates will be provided about once an hour if not sooner.

If an impairment is outside of our network, such as a Local Market Impairment or catastrophic event, updates will be provided about 4 hours if not sooner.

Here’s how to subscribe:

Navigate to

In the upper right-hand corner, click ‘Subscribe to Updates’

From here, you may choose your subscription method. Choose from email, SMS, webhook, or RSS Feed.

Click the corresponding ‘Subscribe’ button.

On the next page, choose the components that correspond to your contracted services.

Then, scroll to the bottom and click ‘Update Preferences’

How to Edit your Subscription Preferences:

Click ‘Subscribe to Updates’

From here, select the subscription method you would like to edit.

On the next page, choose you can mark or unmark the checkboxes for the corresponding components you’d like to change.

Then, scroll to the bottom and click ‘Update Preferences’.

Note: If you would like to cancel, chose the ‘Cancel Subscription’ option at the top of the page.

To combat the abuses of robocalling, Bandwidth is actively working to implement the most robust call authentication framework possible, while also working diligently to stop illegal number spoofing as well.

Bandwidth has adopted a three-pronged operational approach (prevent, detect, and mitigate) to stop and prevent illegal robocalls. Bandwidth is expanding on industry efforts and best practices, as well as aligning with the Federal Communications Commission’s (FCC) guidance:

FCC Adopts Rules to Help Block Illegal Robocalls

Robocall Blocking NPRM and NOI

Bandwidth’s summarized operational procedures to stop and prevent illegal robocalls:

1. Prevention:

Bandwidth is working vigorously to prevent unlawful robocalls originating from our network. Bandwidth has implemented a stringent screening process that disallows companies with potentially fraudulent, robocalling traffic from becoming Bandwidth customers. We have also informed and empowered our customers with the information necessary to identify these unlawful calls, defined by the FCC.

2. Detection:

Bandwidth has an extensive fraud mitigation team dedicated to identify and analyze potential robocall campaigns on our network and determine if they are lawful or not. In alignment with FCC rules, Bandwidth is in the midst of augmenting it’s robocall detection technology that identifies and blocks unlawful robocalls from traversing our network.

3. Mitigation:

Once an unlawful, robocall campaign is detected, Bandwidth takes several steps to stop all current and future unlawful calls. Bandwidth has developed call blocking tools that disallow calls with specific unlawful ANI/'FROM' TN characteristics from traversing the Bandwidth network. Bandwidth personnel, regularly analyzes network traffic looking for unlawful robocall campaigns and utilizes our call blocking tools when appropriate. Bandwidth also proactively communicates with customers that may be in the path of unlawful robocalls. We work diligently with our customers to stop all detected unlawful robocall campaigns.

Bandwidth utilizes several systems and proprietary processes to detect and block unlawful robocalls, that have the following types of ANIs, defined as unlawful, by the FCC:

UNALLOCATED: A valid NPA NXX XXXX in the North American Numbering Plan (NANP), but NOT assigned to a carrier, nor in the LERG. Any call that contains a phone number in the ANI / From field that has not yet been released for public consumption from the North American Numbering Plan.

INVALID NUMBER: A complete telephone number (TN) that is NOT VALID, but of the correct format [2-9][0-9][0-9] [2-9][0-9][0-9] [0-9][0-9][0-9][0-9] (ie; 10 digits in length, 1st and 4th are [2-9] all others are [0-9] Any call that contains a character string of digits or letters that does not fully comply with E.164 formatting and the Local Exchange Routing Guide (LERG). This includes ANI / From fields with all digits of the same number, or anything less than 10 valid digits assigned from the North American Numbering Plan.

INVALID DIGITS: The calling party number is numeric, but does not fit into a category defined above. (ie; all 1's, all 0’s, partial entries <10 digits etc.)

INVALID ALPHA-NUMERICS: Invalid alpha-numeric strings used to misdirect, impersonate, disguise or deceive SIP signaling.

For fraud prevention, detection & mitigation, Bandwidth:

Uses Machine-learning technologies to detect voice network traffic anomalies, cost anomalies and geographic traffic abnormalities in its fight against unlawful robocalls, domestic and international toll fraud.

Leverages Industry sanctioned and industry sourced SPAM filter technologies to stop all forms of SPAM from reaching the text messaging ecosystem.Bandwidth does not allow text messages/campaigns that contain illicit conten t or have transmission behaviors that violate the Cellular Telecommunications and Internet Association (CTIA) guidelines. Bandwidth supports long code P2P, Toll-free A2P, Long code A2P and short code texting. All of these types of messaging passes through our SPAM filtering technologies, where SPAM can be detected and blocked for industry defined SPAM and/or AUP violations.

Encourages customers to build their own proprietary URL shorteners and strongly discourages the use of the following public URL shorteners since fraudulent bad actors like to use free URL shorteners in sending illegal and unsolicited telemarketing text messages. We recommend customers follow best practices for toll-free (A2P) messaging. and the CTIA messaging principles and best practices.

Public URL shorteners include:

bit.ly (Bandwidth currently Blocks all messages with bit.ly)

goo.gl (Google is phasing out this URL Shortener)

tinyurl.com

Tiny.cc

lc.chat

is.gd

soo.gd

s2r.co

Clicky.me

budurl.com

bc.vc

Subscribes to several internationally sanctioned databases of fraudulent telephone numbers used in international revenue sharing fraud (IRSF).These industry sanctioned databases of fraudulent telephone numbers then become the foundation for blocking fraudulent international calls at Bandwidth.

Monitors high-cost areas around the world.If traffic is destined for areas that are unusual or suspicious, Bandwidth monitors it carefully and immediately alerts and collaborates with its customers regarding suspicious calls that terminate into such areas. While FCC regulations mandate that carriers support effective communication traffic exchange and deliver legal traffic to its intended destination, when it's confirmed that calls are in fact fraudulent, Bandwidth diligently works to shut down these unlawful calls as soon as possible.

Actively participates and leads in industry organizations and industry efforts to stop illegal robocalling. Even prior to the establishment of the Robocall Strike Force, Bandwidth was engaging the FCC and the FBI in efforts to stop consumer fraud in the form of Toll Free Traffic pumping, and participating in the USTA sponsored traceback efforts to identify robocall originators and support enforcement.

Bandwidth has direct working relationships with the FCC, FTC, FBI and IRS among others in government and law enforcement. Bandwidth is actively engaged in working groups and at the board of director level at SIPForum, CTIA, and Incompas and is an active participant in these organizations’ efforts to address the consumer threat of robocalling.

Bandwidth is a member of the North American Numbering Council (NANC), several STIR/SHAKEN working groups and has been selected to be the Incompas representative on the ATIS STI-GA Board overseeing the procurement of vendors for the critical components of the SHAKEN/STIR framework such as the Certificate Authority and the Policy Administrator. Finally, Bandwidth is also a paid member and participant in the Communications Fraud Control Association (CFCA).

DELIVERY RECEIPT OR ERROR CODE

SHORT DESCRIPTION RETURNED

LONG DESCRIPTION

0

delivered

ok

1

service-not-allowed

service-not-allowed

8

dlr-deleted-manually

dlr-deleted-manually

100

temporary-app-error

temporary-app-error

101

\N

temporary-app-shutdown

106

impossible-to-route

impossible-to-route

108

loop

loop-detected

111

\N

temporary-app-connection-closed

121

blocked-by-adaptive

blocked-by-adaptive

187

spam-detected

spam-detected-statistical

188

spam-detected

spam-detected-keyword

189

spam-detected

spam-detected

201

message-expired

temporary-rout-error-retries-exceeded

211

\N

temporary-app-error-app-busy

220

\N

temporary-store-error

231

concat-timeout

discarded-concatenation-timeout

242

\N

discarded-cannot-handle-udh-now

301

invalid-encoding

malformed-invalid-encoding

302

\N

malformed-invalid-from-number

303

\N

malformed-invalid-to-number

304

\N

malformed-invalid-udh

305

\N

malformed-invalid-udh

306

\N

malformed-invalid-dlr-flag

350

malformed-for-dst

malformed-for-destination

351

malformed-for-dst

malformed-for-destination

352

too-large-for-dst

malformed-too-large-for-destination

401

loop-detected

rejected-loop-detected

402

fail-with-code

rejected-fail-with-code

403

forbidden-from

rejected-forbidden-from-number

405

unallocated-from

rejected-unallocated-from-number

406

unallocated-to

rejected-unallocated-to-number

431

forbidden-shortcode

rejected-forbidden-shortcode

432

forbidden-country

rejected-forbidden-country

433

forbidden-tollfree

rejected-forbidden-tollfree

434

forbidden-dst-tf

rejected-forbidden-tollfree-for-recipient

451

wrong-user-id

rejected-wrong-user-id

452

wrong-app-id

rejected-wrong-application-id

470

spam-detected

rejected-spam-detected

481

\N

rejected-from-number-in-blacklist

482

\N

rejected-to-number-in-blacklist

491

\N

rejected-unexpected-dlr

492

reject-emergency

reject-emergency

493

\N

rejected-unauthorized

500

message-send-failed

message-send-failed

501

message-send-failed

message-send-failed

600

destination-app-erro

destination-carrier-queue-full

610

destination-app-erro

submit_ sm-or-submit_ multi-failed

620

destination-app-erro

destination-app-error

630

message-not-acknowle

NACK

650

destination-failure

destination-failed

700

invalid-service-type

invalid-service-type

720

invalid-destination

invalid-destination-address

740

invalid-source

invalid-source-address-address

750

destination-rejected

destination-rejected-message

751

destination-rejected

destination-rejected-message-too-long

770

destination-spam-det

destination-rejected-due-to-spam-detection

775

destination-rejected

destination-rejected-due-to-user-opt-out

780

p2p-volume-violation

destination-rejected-due-to-p2p-volumetric-violation

901

cleaned-manually

delivery-receipt-cleaned-manually

902

receipt-expired

delivery-receipt-expired

999

unknown-error

unknown-error

Updated 1/24/2018

Table of Contents

Dashboard Configuration

Keys

Success/Failure URL Setup

Error Codes

Logo and CSS Setup

URL Generator

Customer Platform Redirect Configuration

Values

Sample PHP Code

The branded site is a URL redirect initiated from the customer’s portal in order to update a 911 record. This is accomplished by configuring the branded site information on the dashboard, on the customer administration interface, and again on the customer’s website platform as seen in the diagram below.

Dashboard Configuration

Keys

A shared HMAC key performs authentication for the branded website. This key will be set up via your dashboard administrative web portal. Under Emergency > Configure the branded website configuration module will be found. Here, the key type will need to be selected in the “Key Type” field, then press “Generate New Keys”, as shown here.

Once this is clicked, the keys fields will be populated with new HMAC keys determined by the key type preferred (default is MD5).

Success/Failure URL Setup

Success and failure URLs are set up so that when the end user makes the 911 update in the branded site, the URL will redirect the end user and indicate whether or not the update was valid and accepted. Bandwidth has provided a success and failure URL below to assist with testing this feature.

Test Success URL: http://brandedwebsite.dashcs.com/success.html

Test Failure URL: http://brandedwebsite.dashcs.com/failure.html

After a user successfully performs an update, they will return to the URL provided in the configuration module using the success URL. Returning via this URL means no error occurred and the user decided to return. Any user-defined data (xd) passed in when redirected to the branded site will be returned via querystring, in a parameter named xd (extra data).

When an error occurs inside the branded site, the user will be directed back to the website provided in the failure URL. In addition to user-defined extra data (xd) in the querystring, there will be a reason parameter. The possible error codes are listed below. It is recommended that upon receiving an error, the end user would contact the customer’s internal methods for assistance to resolve the failure. Once reported internally, please contact the Bandwidth team for additional assistance if needed to resolve the address issue.

Error Codes

An example of the error URL would be:

http://brandedwebsite.dashcs.com/failure.html?xd=&reason=101

Valid values for the return reason are:

Error Value

Meaning

000

No reason. Contact Bandwidth support for branded website assistance.

001

Unknown reason. Contact Bandwidth support for branded website assistance.

100

General Failure. Contact Bandwidth Support for branded website assistance.

101

Authentication error. Contact Bandwidth Support for branded website assistance.

102

Update failure. A problem occurred while updating the address.

200

Address validation problem. A subscriber could not enter a postal-validated address.

Logo and CSS Setup

Customization of the branded website is accomplished via changing the logo file and CSS (cascading style sheet) of the webpage to match that of an internal customer portal. Once customization is complete, the changes can be configured under the “Logo URL” and “CSS URL” sections in the branded website configuration module in the dashboard.

URL Generator

The branded website URL generator is provided to assist you in setting up the branded website. This URL generator utilizes the settings defined above to generate a URL for testing against. This is extremely helpful in locating any discrepancies between the URL redirect generated from the customer end, and the URL generated on the Bandwidth end. Furthermore, it allows for testing the redirect to ensure the site is responding. To test using the URL generator, simply click on the “Branded Site URL Generator” link in the dashboard on the branded site configuration module. Clicking this link will provide the URL generator screen. On this screen, a telephone number will need to be inserted, and the HMAC key will need to be selected and verified to be correct. Once finished, click “Update”.

This will return the proper generated URL based on the branded site settings, as shown below. To test the feature all the way through, simply click on the generated link or open it in a new browser window. The branded site that has been customized using all of the aforementioned methods should appear and allow a 911 address update to occur.

To verify further that the address was accepted and provisioned in the dashboard, simply search for the TN in the dashboard under Emergency > Endpoints. Enter the TN in the search box, and click “Search”. The properly provisioned endpoint should appear in a list. Click on the endpoint to view the endpoint in full, and look to verify any minor discrepancies in provisioning, such as date or CID which are the most common errors.

Customer Platform Redirect Configuration

In order for the branded site to fully function, the URL redirect must originate from the customer web portal. As Bandwidth cannot authenticate the end subscriber via the URL redirect, we rely on the customer to authenticate the user and tie that user to their telephone number before allowing them to update a 911 address. From the customer web portal, instruct the end user to click on the “Update my 911 address” link, which will initiate the redirect on the end user side and allow them to update the address information associated with the telephone number.

Values

In order to create the URL redirect, the following values are required and must be populated then HASHed to provide security to the customer’s 911 information:

Subscriber Telephone Number

Name: tn

Value: The telephone number of the subscriber as a 10-digit number with no additional characters.

Date

Name: date

Value: The current date and time, expressed in UTC. The format is “yyyyMMddHHmm”:

yyyy

=

four-digit year

MM

=

two-digit month, from 01-12

dd

=

two-digit day of the month, from 00-32

HH

=

two-digit hour, from 00-23

mm

=

two-digit minute, from 00-59

The date ensures that a URL cannot be used outside of a certain window of time (+/- 10 minutes of the current UTC time). This protects against an attacker retrieving a URL from the browser’s history, for example.

Company ID

Name: cid

Value: The Bandwidth assigned company ID (usually a 5-digit number). This can be retrieved on the dashboard from the main account screen when you first log in, or at the bottom of the page next to the customer name.

Key Number

Name: kn

Value: Key number, either 0 or 1, specifies the key to be used. Multiple keys are allowed in the database so as to make routing easier.

Authentication Value

Name: auth

Value: The HMAC generated has in Base64. This has is computed by using the supported HMAC algorithm. The plaintext-to-hash is the TN as 10 ASCII characters + the datetime. For instance, the HMAC for the TN 5557654321 at 3:40pm UTC on July 28, 2008, would be computed as “5557654321200807281540.”

*Note: The ‘date’ and ‘tn’ used when calculating the HMAC must be the same as passed in the date and tn parameters of the querystring.

Base URL

The base part of the URL will be: https://e911update.dashcs.com/dash-board/UpdateMyAddress.action

URL Configuration Example

Given the following information:

Key: 0x635329736E495B3867557C2A5D7D5054

Key number: 0

Company Id: 1000

Current UTC Date & Time: 200901200054 (12:54am, January 20, 2009) Telephone Number: 9876543210

HMAC Algorithm: HMAC-MD5

Expressed as Base64, the hash is: ZU8aB+YmMHRDend6U+asdA==

To put this into a URL, it must be encoded using the following replacements:

Replacing

With

+

\%2b

/

\%2f

=

\%3d

The new hash would be: ZU8aB\%2BYmMHRDend6U\%2BasdA\%3D\%3D

The complete URL would be (one line):

https://e911update.dashcs.com/dash- board/UpdateMyAddress.action?tn=9876543210&date=200901200054&cid=1000&kn=0&a uth=ZU8aB\%2BYmMHRDend6U\%2BasdA\%3D\%3D

Once this URL is generated, the end user will be redirected to the branded site to begin updating the address. Below is a screenshot of this address update screen with a sample logo and CSS in place.

Sample PHP Code

PHP is the most frequently requested sample code and is shown below.

<?php

function computeHash($tn, $date, $Key)

{

$auth=hash_hmac("md5",$tn.$date,$Key, TRUE);

return $auth;

}

function createQueryString($tn, $key, $companyId, $keyNumber)

{

echo "TN : "; echo $tn;

echo "<br>\n\n"; echo "<br>\n\n";

echo "Key : "; echo $key; echo "<br>\n\n";

echo "<br>\n\n";

echo "CompanyId : "; echo $companyId; echo "<br>\n\n";

echo "<br>\n\n";

echo "Key Number : "; echo $keyNumber; echo "<br>\n\n";

echo "<br>\n\n";

$format = "tn=\%s&date=\%s&cid=\%s&kn=\%d&auth=\%s"; $date = gmdate('YmdHi');

//$date = "200601201149";

echo "Current Date : " . $date;

echo "<br>\n\n"; echo "<br>\n\n";

$auth = computeHash($tn, $date, $key);

echo "Plaintext to hash on : " . $tn.$date; echo "<br>\n\n";

echo "<br>\n\n";

echo "The hash is as hex : " . bin2hex($auth); echo "<br>\n\n";

echo "<br>\n\n";

echo "The hash is as binary : " . $auth; echo "<br>\n\n";

echo "<br>\n\n";

$auth=base64_encode($auth);

echo "The hash base 64 is : " . $auth; echo "<br>\n\n";

echo "<br>\n\n";

$auth=urlencode($auth);

echo "The hash Url enconded is : " . $auth;

echo "<br>\n\n";

echo "<br>\n\n";

$queryString = sprintf($format,$tn,$date,$companyId,$keyNumber,$auth); return $queryString;

}

function createUrl($tn, $key, $companyId, $keyNumber)

{

$baseUrl="http:// e911update.dashcs.com/dash-board/UpdateMyAddress.action?";

return $baseUrl.createQueryString($tn, $key, $companyId, $keyNumber);

}

// Call the function

$testUrl = createUrl("3035551244","].,uWYmv{!5;.~h|","501","0"); echo $testUrl;

echo "<br>\n\n<br>\n\n<a href=\"" . $testUrl . "\">" . $testUrl . "</a>"; //header("Location: $testUrl");

In this article, you'll learn how to order one or more phone numbers from the Bandwidth Dashboard. With augmented searching, a shopping cart, advanced filtering and the ability to span multiple search criteria in a single order, we think you’ll be faster than ever at ordering numbers.

Augmented searching: Explore our inventory with predictive ‘autocomplete’ searching capabilities.

Shopping Cart: Catalog your phone number selections, just like an online store.

Bulk Ordering:Make orders spanning multiple search criteria.

Advanced Filtering: Refine your search by Rate Tier, rate center, area code, and Local Calling Area (LCA).

Once you've logged into your Bandwidth Dashboard account, click ‘Numbers’ and select ‘Search & Buy.’ You'll notice an option to import from a spreadsheet, but don't worry about this option for this process.

PLACING AN ORDER

Rate Center

Now that you’re on the ‘Buy phone numbers page’, you can choose from the following available options:

Determine a phone number type: Regular or Toll-Free.

If you choose the ‘Let me specify a quantity’ option, this enables you to export up to 5,000 telephone numbers at a time. Users may find this helpful when ordering consecutive numbers or if you don’t have a preference and are just looking for a specific quantity of phone numbers.

Start typing your criteria and we'll match your search across available parameters.

Click ‘Search Available Numbers’ or just hit ‘Enter’ on your keyboard.

You'll be redirected to a page where you may either select the numbers you wish to purchase or use several options on the left side of the page to refine your search.

REFINE YOUR SEARCH

We present you with options to group your search results or sort them in ascending (1 > 2) or descending order (2 > 1).

If you choose to mark the Include Local Calling Area option, this will expand your search and will provide you with telephone numbers that are local. Local Calling Area (LCA) is a geographic area defined by the exchange (NPA-NXX) and LATA. Expanding your search to this area may help you find phone numbers nearby.

Area Code (NPA) -also known as Numbering Plan Area, is a three-digit number that identifies the telephone service region.

- a geographical area used by a Local Exchange Carrier (LEC) to determine the boundaries for local calling, billing and assigning phone numbers.

Rate Tiers- Bandwidth categorizes certain rate centers within applicable pricing tiers. Please refer to your contract for this matrix.

SELECT AVAILABLE PHONE NUMBERS

Select a number or a group of numbers that you wish to purchase and it will be automatically added to your cart.

Click ‘Continue’ to proceed to checkout

Select the Sub-account and Location you want your numbers to reside

Click ‘Purchase’ to complete your order

Congratulations, you've just purchased a new phone number!

This article references the ‘New’ interface in the Bandwidth Dashboard. Looking for the ‘Classic’ experience? Click here !

import directory listing and directory assistance

Users may update Telephone Number Line features, such as outbound Caller ID, inbound Caller ID, Directory Listing and Directory Assistance on the ‘Telephone number details’ page.

Perform the following steps to search for active phone numbers on an account:

On the Home page of the Bandwidth Dashboard, navigate to the 'Search Telephone Numbers' tool.

Type the phone number into the box and click 'Search'.

On the results screen, click the blue telephone number link.

This will take you to the 'Phone Number Details' page, where you may make any line changes to the phone number(s).

Call forwarding

Allows you to redirect incoming calls to an alternate phone number.

Typethe 10 digit number in the ‘New forwarding number’ field and click ‘Update line option’.

If call forwarding is already provisioned for this phone number, it will appear in the ‘Current forwarding number’ box. To remove call forwarding, leave the New forwarding number’ field blank and click ‘Update line option’.

LIDB (Calling name information)

Allows for you to manage the outbound Caller ID display.Once enabled, the Bandwidth CNAM service automatically queries for caller names on inbound calls from service providers who support caller name for their subscribers.

Choose the service type (business or residential), and whether you would like the information to appear or to be blocked.

In the ‘Calling name to display’ field, enter the name desired. This field accepts up to 15 characters, including spaces. Updates take up to 72 hours to complete processing.

CNAM DIsplay (Caller ID)

Allows end users to have the ability to view inbound caller ID on their phone. The system default is set at the Location-Level. The Bandwidth Dashboard allows for more granular control by allowing you to override the settings on the location on a per number basis, if desired.

DEFAULT:The system default is set at the Location-Level.

OFF:Caller ID will not display on inbound calls.

ON: Caller ID will display on inbound calls.

DL/DA: Directory Listing

This is a feature that allows a phone number, user information and/or address to be published in the local white pages.

DL/DA: Directory Assistance

This will submit phone number, user information and/or address to 4-1-1 and will provide any callers with the information specified in a 4-1-1 call.

Please note, it generally takes up to 72 business hours for information to populate to Directory Assistance and up to one business week to be input into the local white page database.

Printed information will appear in the next local white page book release.

Custom URI User Value

This is a SIP method available for forwarding inbound calls to an established resource.

For time-saving purposes, we also offer a method to import CNAM, LIDB and call forwarding, as well as to in bulkusing a .csv spreadsheet.

In an attempt to crack down on spam traffic, Chinese telecom carriers have recently tightened their restrictions on voice calls made to China. This means that if you make outbound calls to China that trigger new restrictions, they're now more likely to be blocked by spam monitoring systems.

Although this is an industry requirement not specific to Bandwidth, we continue to work closely with our partners in China to keep up with the latest updates and ensure we can provide you with stable, quality services for outbound calls there.

How to Avoid Having Your Calls to China Blocked

To have a better chance of preventing your calls to China from getting blocked, we suggest you avoid:

Unsolicited marketing calls

High volumes of unanswered calls

Shorts calls call duration must be 3 minutes or more

Automated dialed calls to China

Calls from modified, spoofed or restricted origination numbers

No calls from a Chinese (CLI) number

High volumes of repeated calls made from the same origination number within an hour

Still Have Questions?

Our goal is to give you all the information you need to guarantee the delivery of your outbound calls to China.If you have any questions about these changes, please reach out to your Bandwidth Support Team !

What's happening?

In keeping with the recently mandated call blocking measures by the Canadian Radio-television and Telecommunications Commission (CRTC), and in an effort to help customers protect against unsolicited and illegitimate calls, Bandwidth and its partners have implemented network-level call blocking for all of its numbers in Canada.

What do I need to know?

Canadian network-level call blocking is designed to prohibit all calls that come into our Canadian network where the caller identification of the Originating phone number:

Exceeds 15 digits

Is malformed and doesn't conform to a dialable number for calls initiated under the North American Numbering Plan(e.g. 000-000-0000, 000-111-0000, 222-022-2222)

What do I need to do?

The CRTC has required Canadian service providers to implement these call blocking measures uniformly to ensure consistent call blocking practices by all providers. We recommend that you notify your network team and end-users so they can make any necessary changes to your particular service offerings to ensure that valid calls aren't inappropriately blocked because they're utilizing non-conforming numbering formats or caller identification information.

Have additional questions?

Please reach out to your Bandwidth Support Team. We're here to help!

When ordering or porting telephone numbers, you may hear the terms “NPA” and “NXX” thrown around a lot, as these are standard industry terms.

NPA:

This stands for Numbering Plan Area. You probably know it as the area code, the three-digit number that identifies the telephone service region. You’ll see NPA and area code used interchangeably in our portals and training videos.

While the Area Code identifies the telephone service region, it’s possible for a single NPA to be present in more than one rate center.

For example: The 305 area code in Florida is present in the following rate centers: Keys, Miami, Homestead, North Dade, and Perrine. If you order a number in NPA 305, you can get a telephone number in any of those rate centers.

NXX:

This is the three-digit code that forms the second part of a 10-digit telephone number. The NXX is also known as the “central office code” or “exchange”.

For example: if you had the phone number 555-101-1234 the NXX would be 101.

Bandwidth has multiple geographically redundant signaling proxy facilities in the United States. Please see the specifications below to know what you should expect:

SBC (Session Border Controller) IP Information

Bandwidth employs mated pairs of SBC's for signaling redundancy. For termination services, please ensure that both IP addresses provided are configured for inbound traffic in the event that one SBC is offline.The implementation specialistassisting with your onboarding will provide these IP addresses during the onboarding kick-off call or via the welcome email.

LRN Billing

The onboarding specialist will provide a termination rate deck, which will rate each termination call based on the LRN (Local Routing Number) of the dialed number. This provides a LCR (Least Cost Routing) scenario to the customer, which is only possible if the customer is able to perform an LRN 'dip' on each call. If this isn't an option in your internal setup, please contact your onboarding specialist for assistance.

SIP (Session Initiation Protocol)

Bandwidth SIP signaling protocol is designed for RFC3261. If any other method is used, calls will fail to set up.

Allowed Ports for Media/Audio

If a customer PBX is protected by a firewall, you'll need to check the manufacturer warranty to see if the firewall can act as either a SIP ALG or a Back-to-Back User Agent (B2BUA). The following ports are required to allow for full 2-way audio:

UDP port 5060 must be opened to support SIP signaling

UDP ports 1024-64,000 must be opened either statically or dynamically (ALG) to allow for audio path

Bandwidth uses multiple IP addresses to allow media from its gateways

Attributes

The following attributes are allowed within Bandwidth SIP trunks:

DTMF

Dial Plans

Codecs

Signaling Protocol

IP Protocol

Media Anchoring

Supported DTMF

Bandwidth supports both in-band and out-of-band DTMF outlined in RFC2833.

Dial Plans

Bandwidth supports E.164, as well as 10-digit and 11-digit dialing, for outbound calling. E.164 is an internationally recognized standard characterized by a "+" followed by the country code, then phone number. For example:

Local & Long Distance: +19192971000

International: +4402074942020

IP Protocols

Bandwidth requires that all SIP and audio be delivered via UDP, in packets no larger than 1350 bytes. TCP is not supported.

Supported Codecs

The following codecs are supported by Bandwidth:

G711ulaw, G729a, ILBC (will default to ptime 30)

G711ulaw, G729a (will default to ptime 20)

Call Concurrency Limits

Please contact the Bandwidth support team to determine what the appropriate call concurrency limits are. This will be calculated by type of traffic and expected MOU. If a customer's call concurrency limit is reached, a 503 Service Unavailable or 486 Busy Here signal message will be provided to the customer.

Redundant Capacity: Bandwidth will allocate capacity on the following Outbound Calling rate decks to allow them to be capacity redundant during scheduled maintenance events: Flat Rate, Priority, Hybrid, On-Net, and Local.

Non-Redundant Capacity: Bandwidth will allocate non-redundant capacity on the following Outbound Calling rate decks: Wholesale, Carrier, and Select. Please note: in the event of a schedule maintenance or a service impacting event, you should anticipate and expect decreased capacity and route advance to other vendors.

Supported Caller ID / Privacy Types

FROM field default option for caller ID name, number and rating

RPID (Remote Party ID) secondary option

P-Asserted ID supported option

Privacy Headers supported option

This article references the ‘New’ interface in the Bandwidth Dashboard. Looking for the ‘Classic’ experience? Click here !

Table of Contents

Before We GetStarted

Create an Application

Order Phone Numbers

Sending Messages

Related Links

Before we get started

Have you downloaded Postman or have the ability to make an API request?

Postman is an app for easy RESTful API exploration.In this guide, we will use Postman to send messages using our new application.

Message Detail Record (MDR) Field Descriptions

Once you’ve downloaded Postman and created an account (if you don’t already have one), fill out the form on the Postman page to download the Messaging 2.0 collection of APIs.

In order to fill out this form, you’ll need several pieces of information that can be located in the Bandwidth Dashboard:

Username and password

These are your credentials to log into the Bandwidth Dashboard

Account ID

Once logged into the Dashboard, click on the Account menu

Locate your Account ID at the top of the Account Overview section

Sub-Account

If you have an existing Sub-Account, from top Navigation menu (screenshot below) click "Account," then "Sub-accounts".

You'll see the ID for the sub-account on the left-hand side of this screen. Enter this ID into the Postman form.

Messaging API Token and Secret

Bandwidth APIs use BASIC HTTP Authentication. You'll need to have your account ID, token, and secret to make API calls.

You may already have a Token and Secret that you can enter into the Postman form, but if you need a new set of credentials, you’ll need to follow the steps below.

In the Dashboard, navigate to the Applications menu. In the top right of your screen, you’ll see a link for API credentials.

Click the button to CREATE NEW and then copy the credentials into a safe place for future use. Token and Secret pairs will not be visible after you leave this screen.

Once you’ve gathered all the information needed to complete the Postman Collection form, Click the “Run in Postman” button at the bottom of the page.

The collection should now appear in Postman when you toggle to the Collections tab.

Create an Application

Now that we’ve taken care of the prerequisites, we’re ready to create an Application. Start by clicking the Applications menu in the dashboard.

Create New

Enter your Application name

Your Application ID is created for you

Enter your Callback URL (this is the URL of your server)

Create Application

Create a Location

Once you’ve created your Application, we’ll need to associate it with a Location. If you have an existing Location, you’ll choose the 'Associate a location with this application' link. If not, you’ll need to click the link to 'Create a location'.

You can read more about the steps for creating your Location as well as descriptions of the fields in the 'Add a Location' provisioning box in our support article.

When creating a Location, click 'Account', 'Locations'

Then 'Add Location'.

Select the Sub-account that the Location will be associated with

And enter a name for your Location.

Select the SMS and MMS settings appropriate for your account.

When selecting HTTPV2 Messaging (if your SMS Protocol is HTTP), you'll need to use the drop down to assign the Application we just created to this Location.

After selecting all of the appropriate settings for your Location, click Submit.

Order Phone Numbers

Now that we’ve done all the set up work for our application, we need to order a phone number to use to send text messages.

In the Dashboard, use the Learning Lab & Support link to find the Quick Start guide for “Order New Phone Numbers.”

Follow along with the guide and once your order/purchase has been completed, you'll land on the page below. Click the order ID to open the order.

Scroll down the page till you see the number you ordered and use the Copy to Clipboard button to grab the number. This is the number you'll use to send and receive messages with your Application.

Sending Messages

At this point you should have completed the following:

Downloaded Postman and filled out the Postman Collection form with your individual credentials and potentially created a Sub-Account and Location in this step.

Created an Application

Ordered number(s)

Let’s head over to Postman and see what it looks like to actually send a message.

Open Postman and toggle over to Collections. Use the drop down to open the Bandwidth Messaging 2.0 Collection and then click Send Text Messages.

Click “POST Send Text Message” and then click into the Authorization tab.

Confirm your Token and Secret are entered here for your Username and Password.

Enter your Dashboard Account ID for the {{account}}.

Now let’s move over to the Body tab in Postman.

Enter the following information then click the Send button:

From: The number we ordered in the previous section of the guide.

To: The number you’re sending a message to.

Text: Update with the message you want to send

ApplicationID: From your Application in the Dashboard

You should see a Status of 202 Accepted and a message completed to the receiving party.

Message Parameters

Parameter

Mandatory

Description

from

Yes

One of your telephone numbers the message should come from (must be in E.164 format, like +19195551212).

to

Yes

The phone number the message should be sent to (must be in E.164 format, like +19195551212).

text

Yes

The contents of the text message (must be 2048 characters or less).

applicationId

Yes

The ID of the Application your from number is associated with in the Bandwidth Phone Number Dashboard.

Related Links

How to Download Message Detail Records (MDRs)

Watch this video

We're excited to launch the Bandwidth Learning Lab- a library of step-by-step guides in the Bandwidth Dashboard that prompt and train you through key tasks.

These aren’t just simulations or videos. They’re embedded guides that prompt you through the actual processes you perform in the Bandwidth Dashboard. It’s like having an expert train you through every step!

Log into the Bandwidth Dashboard

What guides are available?

Quick Start Guides

Beyond the Basics Guides

Sub-Accounts and Locations

Update Phone Number Line Features

Subscribe to Email Alerts

Port Order Details Tour

Order New Phone Numbers

Edit a Port Order

Submit a Port

Set Custom Porting Time

Create New Users

Report on Usage (BDR/MDR)

Pay Your Invoice

Create a Messaging Application (V2)

Sub-Accounts and Locations

Create new Sub-Accounts and Locations to organize your inventory. Users tend to build new Locations to segment their customer channels that have unique IP addresses.

Subscribe to Email Alerts

Stay up-to-date on the status of your port orders, backorders, and more. In this lesson you will learn how to subscribe to receive email notifications on phone number order activity.

Order New Phone Numbers

In this lesson, you will learn how to order one or more phone numbers. With augmented searching, a shopping cart, advanced filtering and the ability to span multiple search criteria in a single order we think you’ll be faster than ever at ordering numbers.

Submit a Port

Porting can be complicated, which is why Bandwidth is here to help. In this lesson you will learn porting best practices, how to increase your likelihood of getting your preferred FOC,the difference between a partial port and a full port, how to use our 'Customer Activation' feature, and more!

Create New Users

An Administrator may create additional user logins to give other team members access to your Bandwidth Dashboard account.

Report on Usage

The Bandwidth Dashboard can produce rated call detail reports. Learn how to download Billing Detail Records (BDRs) for voice and Message Detail Records (MDRs) for messaging.

Pay Your Invoice

Visit pay.bandwidth.com to remit payment. From this page, you will need yourAccount IDand yourinvoice amount.Follow this guide to learn how to find these key components!

Create a Messaging Application (V2)

In this lesson, you will learn everything that you need to get started with sending text messages. Follow this guide to generate an application and associate it with your phone number’s location.

Update Phone Number Line Features

You may update Telephone Number Line features from the the 'Telephone number details' page. Click here to learn more.Available Options are:

Call Forwarding

Outbound Caller ID

Inbound Caller ID

Directory Listing

Directory Assistance

Custom URI

Port Order Details Tour

Get to know your port order.Stay up-to-date with the status of your port order, send a note to the Bandwidth team, upload a Letter of Authorization (LOA), and cancel your order if necessary.

Edit a Port Order

A port order inExceptionstatus means that Bandwidth received a rejection from the losing carrier. Learn how toedit the order to update the end user details to reflect what the losing carrier has on their records.

Set Custom Porting Time

We give you the freedom and flexibility to choose the date and time that your numbers are activated so your staff can be on-site or on-call if needed. This lesson will walk you through setting a custom porting time.

Prevent fraud through proactive measures!

SYSTEM MANAGEMENT

Use good cyber-hygiene

Since most local VoIP systems, voicemail systems, and enterprise grade Session Border Controllers (SBCs) are built on off-the-shelf computing platforms, (ie; Linux servers) we recommend that you exercise Linux and IP network cybersecurity best practices.

Implement a company-wide security plan that includes instituting policies on call restrictions, leveraging call blocking, creating processes around closing unused customer accounts or services, utilizing password best practices, actively managing voice mails, and reporting anomalies. Educate all of your employees on the established security plans.

Back-up your systems fully and often

In the event a system is compromised, you can restore from a known ‘clean’ backup. Although you may lose some amount of data, you will be able to restore your critical systems.

Leverage traffic data analytics

By collecting and graphing call logs and Call Detail Records (CDRs) from your VoIP platform, you can see incoming and outgoing calls and determine if any of the ‘graphed’ traffic behaviors match or conflict with your business model and service offerings.

Secure your voicemail (VM) systems

Implement strong PIN and VM password policies. Disconnect/disable outbound calling or call-through functionality within the voicemail system. Never allow call forwarding, or return call features within a voicemail system. Hackers often exploit voicemail platforms to program fraudulent outbound calling.

Institute security measures for International Calling

Consider adding an authorization code, or PIN that must be used by end-users before placing international calls. If you can determine the countries that calls from your platform will go to, then for added security you can restrict calling to all remaining countries.

If you wish to allow ‘global’ calling services, then we recommend that you create a list of approved countries and enable international calling only to those countries. The Communications Fraud Control Association (CFCA) most recent list of the top 5 countries most likely to have fraudulent traffic are: LV-Latvia-371, GM-220-Gambia, SO-Somalia-252, SL-Sierra Leone-232, PG-Papua New Guinea-675.

Additional geographic areas (country codes) to consider restricting include:

216 (Tunisia)

242 (Bahamas)

246 (Barbados)

256 (Uganda)

264 (Anguilla)

268 (Antigua/Barbuda)

284 (The British Virgin Islands)

340 (The U.S. Virgin Islands)

345 (Cayman Islands)

370 (Lithuania)

441 (Bermuda)

473 (Grenada)

509 (Haiti)

649 (The Turks and Caicos Islands)

664 (Montserrat)

670 (U.S. commonwealth of the Northern Mariana Islands)

671 (Guam)

680 (Palau)

684 (American Samoa)

721 (Sint Maarten)

758 (St. Lucia)

767 (Dominica)

784 (Saint Vincent and the Grenadines)

809, 829 and 849 (Dominican Republic)

868 (Trinidad & Tobago)

869 (St. Kitts & Nevis)

876 (Jamaica)

PBX MANAGEMENT

Keep IP-PBX & voice platform operating systems up-to-date

Be sure your systems are updated with the latest releases and security patches. Hackers often exploit outdated and unpatched operating systems. Please remain vigilant about maintaining and enhancing your security.

Set-up a SIP-based firewall within your IP-PBX systems

A SIP-based firewall can inspect voice and data packets as they pass through your network, and only allow what is authorized between your platform and your service provider. Firewalls can also alert you when various thresholds or unauthorized access attempts occur. SIP traffic should be monitored and automatically block suspicious IP addresses that are SIP scanning the equipment for access.

Disable DISA (Direct Inward System Access)

Prevent external callers from accessing internal PBX features by disabling DISA. Delete unassigned voice mailboxes and associated DISA codes.

Disable all IP ports not currently in use.

On Linux based IP-PBX systems and ancillary platforms like voicemail systems, disable all IP ports that are not being used or needed. Hackers look for unused IP ports that can be exploited to gain unauthorized access.

Utilize Enterprise-Grade Session Border Controllers (SBCs)

Enterprise-Grade SBCs will provide added layer of security, which is especially important if you use Unified Communications (UC) services like video conferencing. Hackers will quite often ping the IP address of an IP-PBX. However, with an SBC in place, they will get a response from the SBC, not the IP-PBX, and they will not gain access or visibility into your IP-PBX. Hackers most always seek the path of least resistance. If they encounter an IP address that’s protected, they’ll move on to IP addresses that are not.

Enterprise grade SBCs also provide additional layers of protection by allowing operator configured rules to be executed based on authorized calling patterns and services offered. Enterprises can configure SBC rules for geographic restrictions, number of calls per hour, time of day and days of the week. This can be very effective in preventing robocalls, toll fraud, international fraud and suspicious calling behaviors during nights or weekends when employees are not typically in the office.

USER MANAGEMENT

Set strong passwords (long, random and hard to hack!)

Never use or allow default passwords set by the manufacturer. Always set system passwords as soon as possible before connecting any new system to an internet connection. Change passwords often. Changing passwords every 60 to 90 days is a good practice. Use a Zero (0) knowledge based password manager to help with managing large numbers of passwords and accounts. Use passwords with more than 10 characters and use a combination of numbers, and special characters like ‘\%.!@’. Spaces are now supported in many system passwords, so utilize spaces in passwords too. Be sure to change passwords when there are employee personnel changes and delete voicemail, email and security credentials of all former employees.

Improve security through rate limiting login attempts

Never allow unlimited login attempts. Enable system lock-out functionality on all voice processing and voicemail systems that only allow a finite number of attempts, typically three, to enter a password before being locked out. Consider using multi-factor authentication for enhanced security.

Monitor for and block account scanners

Look for unauthorized user agents (UAs) like ‘User-Agent: friendly-scanner’ or UAs that are free and/or do not match your authorized user’s systems.

Monitor for and disable or remove fake accounts and account sign-ups

Look for random email addresses (ie; [email protected] ) or addresses and Zip codes that don’t align. It is not recommended to solely rely on 3rd Party Platforms or application stores to validate your new account sign-ups.

If you already use 3rd Party Platforms or application stores for account validations and sign-ups, contact your account manager confirming their current practices leverage security features that will monitor and alert you to fraudulent activities.

Install security software applications on all of your voice processing systems

Most security products can flag and reduce the rate of incorrect authentication attempts. They can check for login and VoIP/SIP registration errors and stop brute force attacks against root passwords, injections of malicious traffic and registration attempts of unauthorized peers with suspicious credentials.

Implement the 'least privilege’ concept of role-based access to systems

Only allow people to access the systems they need to do their job and nothing more. Use activity logs to monitor and enforce security policies.

The seat product includes 250 or 500 or 1000 minutes of domestic inbound and outbound calling. Specifically inbound calls of type Local, Long Distance, and International are included. Outbound calls to local, long distance, Canada and Toll free numbers are also included in the package.

This article references the ‘New’ interface in the Bandwidth Dashboard. Looking for the ‘Classic’ experience? Click here !

Hosted Messaging is a service that allows Bandwidth customers to enable non-Bandwidth owned/operated phone numbers for messaging. This product is designed to allow customers to send and receive SMS/MMS messages using the Bandwidth platform while leaving the voice service in place with the current carrier/service provider. More information can be found here.

After working with your sales representative to add Hosted Messaging to your account, a Bandwidth Implementation Specialist will enable your account during onboarding.

To use the service, you'll need to first enable at least one location for messaging.

Please see the messaging setup guides for instructions if you have not already done so:

HTTP SMS instructions

SMPP SMS instructions

In order to add phone numbers for Hosted Messaging, perform the following steps:

On the top navigation menu of the Bandwidth Dashboard, click 'Numbers' and then 'External Numbers'

From this page, users may copy/paste a list of phone numbers in the box below or use the provided template CSV for upload (up to 5,000 numbers at a time)

Assign the phone numbers to a Sub-Account and Location

Provide an optional customer order ID

Set the LOA type: Carrier or Subscriber

Click 'Add External Numbers' to complete

In order to remove phone numbers:

On the top navigation menu of the Bandwidth Dashboard, click 'Numbers' and then 'External Numbers'

From the 'External Numbers' page, select 'Remove' and perform the aforementioned steps

Yes. As is the case with all functions in the Bandwidth Dashboard, there is a corresponding API call available.

Bandwidth Hosted Messaging is a service that allows Bandwidth customers to enable non-Bandwidth owned/operated phone numbers for Messaging.

Please refer to the attached User Guide for more information on this service.

If you're interested in adding this product to your suite of messaging services, please reach out to your sales representative.

Table of Contents

Credentials

Ordering Numbers

Disconnecting Numbers

Resources

Credentials

V1 and V2 both use Basic Auth.In V1, the only credentials you need are token and a secret.In V2, you'll use a token and a secret to create and send messages. You can get these credentials from the Applications page in the Dashboard.In addition, for number management functions in V2, you'll use the username and password for a user on your V2 account as your credentials.

Ordering Numbers

Ordering numbers is very different in V2 compared to V1. In V1, searching for a number looks like:

GET

https://api.catapult.inetwork.com/v1/availableNumbers/local?areaCode={{area_code}}&quantity=1

Authorization: Basic {{token_secret_encoded}}

And the response to this search looks like:

[

{

"number": "{{number1}}",

"nationalNumber": "{{national_number1}}",

"city": "{{city}}",

"lata": "{{lata}}",

"rateCenter": "{{rate_center}}",

"state": "{{state}}",

"price": "{{price}}"

}

In V2, ordering numbers is an asynchronous process.First, searching for numbers looks like:

GET

https://dashboard.bandwidth.com/api/accounts/{{accountId}}/availableNumbers?npaNxx=540551&quantity=7

Authorization: Basic {{user_password_encoded}}

With a response that looks like:

200 OK

Content-Type: application/xml; charset=utf-8

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<SearchResult>

<ResultCount>7</ResultCount>

<TelephoneNumberList>

<TelephoneNumber>5405514342</TelephoneNumber>

<TelephoneNumber>5405515330</TelephoneNumber>

<TelephoneNumber>5405515329</TelephoneNumber>

<TelephoneNumber>5402278098</TelephoneNumber>

<TelephoneNumber>5402270905</TelephoneNumber>

<TelephoneNumber>5402278089</TelephoneNumber>

<TelephoneNumber>5402278090</TelephoneNumber>

</TelephoneNumberList>

</SearchResult>

While ordering a number looks like:

POST

https://dashboard.bandwidth.com/api/accounts/{{accountId}}/orders

Content-Type: application/xml

Authorization: Basic {{user_password_encoded}}

<Order>

<AreaCodeSearchAndOrderType>

<AreaCode>910</AreaCode>

<Quantity>1</Quantity>

</AreaCodeSearchAndOrderType>

<SiteId>461</SiteId>

</Order>

With a response that looks like:

201 Created

Content-Type: application/xml; charset=utf-8

Location: https://dashboard.bandwidth.com/api/accounts/{{accountId}}/orders/47955555-ce10-456e-8cb9-eb13b9f14cfd

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<OrderResponse>

<Order>

<OrderCreateDate>2018-01-23T19:56:29.678Z</OrderCreateDate>

<BackOrderRequested>false</BackOrderRequested>

<id>47955555-67aa-4adb-8c0f-b6894e60c0dc</id>

<AreaCodeSearchAndOrderType>

<AreaCode>910</AreaCode>

<Quantity>1</Quantity>

</AreaCodeSearchAndOrderType>

<PartialAllowed>true</PartialAllowed>

<SiteId>461</SiteId>

</Order>

<OrderStatus>RECEIVED</OrderStatus>

</OrderResponse>

Because this is an asynchronous process, the 201 Created response doesn't mean the number is fully purchased. Here's how you can check the status of the order:

GET

https://dashboard.bandwidth.com/api/accounts/{{accountId}}/orders/d30eda5a-ce10-456e-8cb9-eb13b9f14cfd

Authorization: Basic {{user_password_encoded}}

With a response that looks like:

200 OK

Content-Type: application/xml; charset=utf-8

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<OrderResponse>

<CompletedQuantity>1</CompletedQuantity>

<CreatedByUser>jbm</CreatedByUser>

<LastModifiedDate>2018-01-23T19:56:29.782Z</LastModifiedDate>

<OrderCompleteDate>2018-01-23T19:56:29.782Z</OrderCompleteDate>

<Order>

<OrderCreateDate>2018-01-23T19:56:29.678Z</OrderCreateDate>

<PeerId>651681</PeerId>

<BackOrderRequested>false</BackOrderRequested>

<AreaCodeSearchAndOrderType>

<AreaCode>910</AreaCode>

<Quantity>1</Quantity>

</AreaCodeSearchAndOrderType>

<PartialAllowed>true</PartialAllowed>

<SiteId>24717</SiteId>

</Order>

<OrderStatus>COMPLETE</OrderStatus>

<CompletedNumbers>

<TelephoneNumber>

<FullNumber>9102414365</FullNumber>

</TelephoneNumber>

</CompletedNumbers>

<Summary>1 number ordered in (910)</Summary>

<FailedQuantity>0</FailedQuantity>

</OrderResponse>

There are many different ways to search for phone numbers. To learn more, go to API Methods, select 'Accounts' and scroll down to the endpoint “/accounts /{accountId} /orders." Click it to find information about all different phone number purchasing order types.

Disconnecting Numbers

Disconnecting a number in V1 looks like:

DELETE https://api.catapult.inetwork.com/v1/users/{{userId}}/phoneNumbers/{{numberId}}

Authorization: Basic {{token_secret_encoded}}

Disconnecting a number in V2 is an asynchronous process that looks like:

POST https://dashboard.bandwidth.com/api/accounts/{{accountId}}/disconnects

Content-Type: application/xml

Authorization: Basic {{user_password_encoded}}

<?xml version="1.0"?>

<DisconnectTelephoneNumberOrder>

<name>training run</name>

<DisconnectTelephoneNumberOrderType>

<TelephoneNumberList>

<TelephoneNumber>5405514342</TelephoneNumber>

<TelephoneNumber>7034343704</TelephoneNumber>

</TelephoneNumberList>

</DisconnectTelephoneNumberOrderType>

</DisconnectTelephoneNumberOrder>

The response to this request looks like:

201 Created

Content-Type: application/xml

Location: https://dashboard.bandwidth.com/api/accounts/{{accountId}}/disconnects/df2gc2e2-653d-466c-945d-8f292f09ce55

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<DisconnectTelephoneNumberOrderResponse>

<orderRequest>

<OrderCreateDate>2018-01-23T21:00:23.802Z</OrderCreateDate>

<id>df2gc2e2-653d-466c-945d-8f292f09ce55</id>

<DisconnectTelephoneNumberOrderType>

<TelephoneNumberList>

<TelephoneNumber>5405514342</TelephoneNumber>

<TelephoneNumber>7034343704</TelephoneNumber>

</TelephoneNumberList>

<DisconnectMode>normal</DisconnectMode>

</DisconnectTelephoneNumberOrderType>

</orderRequest>

<OrderStatus>RECEIVED</OrderStatus>

</DisconnectTelephoneNumberOrderResponse>

Resources

Check out our Developer Docs for additional documentation.

Still have questions? Open a ticket with our support team. We're here to help!

Standard Hours of Operation:

8:00 am - 8:00 pm ET, Monday - Friday.

*Our Technical Support Center (TAC) is available 24/7.

Phone Support:

855-864-7776 (855-VOIP-PRO)

Escalation Contacts:

Please refer to our escalation contacts matrix.

Team

Phone

Hours & Email

Number Porting & Feature Services

Option 1

Monday - Friday: 8am - 8pm ET

Please open a support ticket at: Bandwidth.com/support

Service Outages (TAC/NOC)

Option 2

24/7

Please open a support ticket at: Bandwidth.com/support

Billing & Payments

Option 3

Monday - Friday: 9am - 5pm ET

Please open a support ticket at: Bandwidth.com/support

Customer Support/Account Management

Option 4

Monday - Friday: 8am - 8pm ET

Please open a support ticket at: Bandwidth.com/support

Sales

Option 5

Monday - Thursday: 8am - 8pm ET

Friday: 8am to 6pm ET

[email protected]

PSAP Relations

Option 6

Monday - Friday: 9am - 6pm ET

[email protected]

Acceptable Use Policy Violations

Option 7

Monday - Friday: 9am - 4pm ET

[email protected]

Is your company tax exempt? Please be sure you have all of the proper certificates completed and submitted to our tax team to ensure your invoices reflect your exempt status.

All of our tax forms are available on our Tax Exemptions Directory page, where you may download exemption forms or view our Frequently Asked Questions page. Many of our forms are powered by Adobe Sign, meaning you can complete the form in the web interface and click submit once you are finished.

For Federal Taxes:

If you are registered with the FCC as a re-seller (and have a 499 filer ID), be sure to complete and submit the Federal Universal Service Fund Certificate (FUSF) annuallyto retain your tax-exempt status. These forms will need to be re-submitted each year to retain your exempt status.

Be sure to sign and date the forms where necessary, and on certificates that request your Billing Account Numbers, please list all that apply. Writing in “all” or leaving this section blank will render the forms invalid. Your Billing Account Numbers are listed on the top right section of your invoices.

For State Taxes:

All Bandwidth services, other than e911, are taxed based upon the service address. To file for exemption, we require the Multi-Jurisdiction Forms or State Forms.

First, open the Multi-Jurisdiction Exemption Certificate (MULTI) and check to see if your state’s service address is listed in the form.

If your service address' State is listed in the form, please complete and submit.

If not, please refer to the State-specific forms in the ‘State Forms’ section at the bottom of the page.

Next, navigate back to the ‘Multi-Jurisdiction Forms’ section, and open both the Gross Receipts Exemption Certificate (GRT) and the State Universal Service Fund Certificate (SUSF) to see if your State is listed. If applicable, please complete and submit these forms.

For e911 Taxes:

Taxes are determined by the location of the endpoint.

For customers with e911 services who are eligible for tax exemption, please complete and submit the 911 Exemption Certificate form.

For Invoices that do not reflect your exemption:

In the event that taxes have appeared on your invoice and you believe you should be tax exempt, please use the ‘ Have questions? ’ form.

Be sure to include your Billing Account Number and list the specific taxes you feel you should be exempt from in the comments section, and we’ll check our records. Once this has been sent, our tax team will get in touch with you to answer any questions, update forms, or to issue any appropriate credits to your account.

To learn more about how to dispute taxes on an invoice, refer to our video titled “How to Dispute a Charge.”

If you’re unsure if you should be exempt in a specific jurisdiction or you have more questions in regards to a specific tax rate, please contact the Department of Revenue.

Table of Contents

Begin Porting Numbers

Section 1: Billing Telephone Number (BTN)

Section 2: End User Account Information

Section 3: Service Address

Section 4: Documents & Additional Information

Group & Schedule Activation Dates (Customer Activation)

Review Port Orders

Enhanced Porting Experience FAQ

Enhanced Porting Experience Webinar

Bandwidth handles number porting smoothly with our brand new step-by-step port-in workflow!

In this article, you’ll learn how to submit anywhere between a single phone number at-a-time to a 20,000 phone number project port. Additionally, learn to bundle multiple losing carriers and phone number types onto a single order.

Begin Porting Numbers

To begin the process of porting numbers to Bandwidth's network, the first thing we recommend is to ensure that the Telephone Numbers are portable.

From the top navigation menu, click 'Numbers' and then 'Port'.

On this screen, type or paste the phone numbers you wish to port into the text box and click 'Check portability’.

Download 3. If the system identifies these numbers are portable, then click ‘Start Port Request’.

Note: You’ll see the losing carrier breakdown on the left side of the page. On the right, you’ll enter all of the porting information, including the Billing Telephone Number (BTN), address, account information, and additional documents and fields.

Section 1: Billing Telephone Number (BTN)

First, enter the Billing Telephone Number (BTN) of the current account.

If you‘re porting the BTN, select the second option. This will allow you to provide a new BTN for remaining lines or services. Otherwise, you can port the BTN and disconnect all remaining lines and/or services.

Click ‘Continue’.

Section 2: End User Account Information

Account Type: Choose either ‘Business’ or ‘Residential’. Please note that the account type is based on your account structure with the losing carrier.

Customer name: Enter the business or end-user’s name as it appears with the losing carrier.

Person authorizing this port (Name on LOA): Enter the name of whomever authorized the port.

Account Number: This is typically the end-user’s billing account number, which is generally found on their invoice. For some losing carriers, this is a required field. If you have this information, we recommend that you provide it when submitting your port.

Account PIN: This field isn't always required. Typically PINs are associated with wireless or simple ports. The end-user should be able to retrieve this information from their losing carrier.

Click ‘Continue’.

Section 3: Service Address

13.Provide the service address associated with the phone numbers that you’re porting.

Section 4: Documents & Additional Information

Customer Order ID: Here you have an opportunity to enter a unique customer order ID.

Files: Upload any additional documents like the Letter of Authorization (LOA) or bill copies. This is optional for on-net ports, so you may choose to leave them blank and click ‘SKIP’. Please note that LOA is still required for toll-free and Canadian ports.

Please repeat these steps for any other carriers that are listed out on the left hand side of the page.

Once you fill out the required information for all carriers, click ‘Continue’ at the bottom right corner of the screen.

Group & Schedule Activation Dates (Customer Activation)

The cool thing about bulk porting is that you can easily group and coordinate activation dates across multiple orders and you have a few different options of how to achieve this. On this page, you can request activation dates for each carrier or as a group.

If you want all of your ports to activate on the some day and time, keep them together as a bulk port.

Alternatively, if you want your orders to have unique activation dates, click ‘Add a Bulk Port’. From there, drag your carrier group(s) to the new section.

You can also drag your carrier group to the ‘Individual Ports’ section if you’d like for your ports to have their own activation date and time.

To set your activation date & time:

Click ‘Edit’

Requested Activation Date: We recommend choosing a date 4+ business days from your submission date.

Requested Activation Time: All of our ports default to activate at 11:30 AM ET. If you’d like your order to be activated at another time, please use the time scrubber to select a specific time you want the numbers to be activated on the day of Firm Order Commitment (FOC).

Click ‘Continue to Final Review’ at the bottom right corner of the screen.

Customer Activation- You will notice that the checkbox for 'Customer Activation' has been removed. Now all you need to do is use our 'time scrubber' to update your activation time. Once this is completed, our system will treat your port order as one that you're able to activate. The steps to activate your port order on the day of FOC will remain the same.

NOTE: If you have multiple losing carriers in your order, they’ll be grouped by default in ‘Bulk Ports’. You can edit the requested FOC date on the bulk port by clicking ‘Edit’ above the subtending ports. If you’d like to activate single carrier orders at different times, you can drag each order out into ‘Individual Ports’ by clicking and dragging them into the labeled field. From there, you’ll be able to click ‘Edit’ and choose your individual date and time.

Review Port Orders

This step will take you to the “Review Port Orders” page. From here, you want to make sure that each bulk or individual order has the correct information and certify that the order(s) are ready to be sent to the losing carrier(s).

Once everything looks good, please choose a sub-account and location from the drop-down menu.

Once all the required fields are complete, click ‘Submit’.

Bandwidth's Enhanced Porting Experience FAQ

Get answers to your Enhanced Porting Experience questions in our Enhanced Porting Experience FAQ !

Enhanced Porting Experience Webinar

What you'll learn:

Our brand new intuitive step-by-step port-in workflow!

Submitting up to 20,000 Phone Number Portsmanage your project ports from the Bandwidth Dashboard.

Bulk Portingbundle multiple losing carriers and phone number types onto a single order.

Replacement BTNhow to reduce carrier rejections due to BTN processing errors.

Bandwidth generally monitors customer traffic patterns to detect if potentially fraudulent activity may be present on customer accounts which are enabled for outbound calling.

This monitoring is primarily used to protect the Bandwidth network from fraudulent call traffic, and therefore is not meant to take the place of network security measures within your own systems.

As a courtesy, if our monitoring systems detect suspicious call traffic we may elect to notify you. If so, Bandwidth will generate a ticket as the means to notify you that our monitoring system has detected atypical traffic patterns associated with your account.

In the event that unusual activity is detected, the Bandwidth NOC team may also elect to place restrictions on the IP addresses associated with the suspect traffic. They will notify you via a ticket, informing you that a potential fraud event has occurred.

In this ticket, you will find Call Detail Records, also known as CDRs, providing details about the call traffic in question, along with any action we may have elected to take.

In order to have any IP restrictions removed, please take the following actions:

First, start out by reviewing the attached CDR’s to determine if the activity is indeed fraudulent.

If you determine that the traffic is fraudulent, isolate and remove the source of the traffic from your network, and update the ticket stating that you have done so.

Please be aware that regardless of the origin of the traffic, under the terms of your agreement Bandwidth customers remain responsible for any charges associated with the event.

If the traffic is determined to be legitimate, please update the ticket stating the traffic is not fraudulent, and that you accept the charges.

Once you have updated the ticket, our technicians will be notified to remove the restrictions which may have been applied to the affected IP addresses.

As a reminder: Bandwidth monitoring should never be used in place of security measures on your local network, and we encourage all customers to have adequate security features and monitoring in place to protect their networks from fraudulent calling.

As Bandwidth receives SMS or MMS message requests that exceed your rate limit settings, these requests are queued for delivery.

Version

Default

Description

HTTP V1

Default OFF, can be enabled

For HTTP V1, the Bandwidth account default does not queue messages. Once contracted, and your account is in commercial mode, we can configure your account to accept message requests at a higher rate than the account wide dequeue rate limit. Queuing allows you to send at a higher rate as long as the overall volume of messages measured over the last 15 minute period remains below your account wide dequeue rate limit. It's important to note that the 15 minute queue is across the entire account, and not per phone number.

HTTP V2

Always ON

For HTTP V2, by default Bandwidth queues messages internally to be sent out. Once contracted, Bandwidth will enable a 15 minute queue across the entire account. The number of messages in the queue will depend on youraccount widedequeuerate. It's important to note that the 15 minute queue (900 seconds) is across the entire account, andnotper phone number.

Examples of queuing on Bandwidth's HTTP platforms:

Queuing for HTTP V1

Queuing for HTTP V2

Message Queuing for HTTP V1 Customers

Let’s look at how this works. Below is an example of an account with:

Account Dequeue rate = 15 MPS

API Burst Request rate limit = 50 MPS

When your application requests messages to be sent at a rate below the account dequeue rate limit, messages are requested and sent at the same rate. When the application bursts to 48MPS, it is below the 50MPS API Burst Request rate limit. Messages begin to queue and are dequeued at 15MPS until the queue has been reduced and the requested message rate and dequeue rates match again.

Visually, you can see this burst below in blue and the sending rate limit maximum of 15MPS, so a temporary queue is built up on your account until the messages are sent.

Example: Calculating Queue Depth

An account has an Outbound dequeue rate of 5MPS and has enabled the 15 minute queue (900 seconds).

Example: Calculating Queue Fill Time

An account has an Outbound dequeue rate of 5 MPS, a Burst API rate of 15 MPS and has enabled the 15 minute queue (900 seconds).

Message Queuing for HTTP V2 Customers

V2 works much the same way, however there is not a API Burst Limit. You may send message requests to Bandwidth at a high rate until your queue depth exceeds your dequeue limit x 15 minutes.

On HTTP V2, in the above example, where your dequeue rate limit if 5MPS, if you sent Bandwidth SMS requests at 100MPS for greater than 45 seconds, you would receive a rate limit error because you have exceeded the 15 minute queue depth when Bandwidth is dequeuing your messages to send at a rate of 5MPS.

Applications page

For V2 HTTP Messaging, users can create their API Tokens and Secrets from the in the Bandwidth Dashboard.

Bandwidth APIs use BASIC HTTP Authentication. You'll need to have your user ID, token, and secret to make API calls.

Log into the Bandwidth Dashboard.

From the top navigation menu, click 'Applications'.

From the Applications page, click 'API credentials' in the upper right side of the screen.

Click 'Create New'.

Token and secret pairs won't be visible after you leave this screen. Store them securely for your use when you create them. You can return to this screen to add or delete token and secret pairs at anytime.

Multimedia Messaging Service (MMS) is a standard way to send messages that include multimedia content to and from a mobile phone over a cellular network. MMS allows the sender to send messages with media files (such as pictures), videos, and audio files all in one message or separately in individual messages.

Does Bandwidth support MMS messaging?

Bandwidth supports MMS messaging on U.S. and Canadian local long code phone numbers. MMS can only be sent and received within the U.S. and Canada at this time. MMS is not supported outside of these countries. To tell which carriers specifically support MMS, check out our reach list.Toll Free MMS is coming soon! Contact Bandwidth sales to learn more.

Does Bandwidth support inbound and outbound MMS?

Bandwidth supports MMS in both directions, inbound and outbound over long codes.

Click here to enable your account for MM4 MMS

Click here to enable your account for HTTP MMS

Table of Contents

Customer Obligations/Disclaimer

Overview

Types of Fraudulent Traffic To Be Concerned About

Unlawful Robocalls (Within North America)

Domestic Toll Fraud/Traffic Pumping

International Toll Fraud/International Revenue Share Fraud (IRSF)

Typical Money Flow of IRSF

Toll-Free Traffic Pumping (Within North America)

Phishing Scams (IRS, SSA, Vacations, Student Loans etc.)

Text Messaging SPAM

Consumer (P2P) Messaging

Attributes of Typical Consumer Operation

Consumer (P2P) Messaging Automation

Non-Consumer (A2P) Messaging

Unwanted Messages

Good Cyber Hygiene

Customer Premise Equipment (CPE)

Best Practices for Securing Your CPE

User Management Tips for Securing Your Users (UAs, Handsets, Remote Users)

General Best Practices for Working with Bandwidth

Recommended Fraud Mitigation Best Practices FAQ

Customer Obligations/Disclaimer

Bandwidth provides these Recommended Fraud Mitigation Best Practices (“Fraud Best Practices”) to help its customers reduce fraud by taking measures to protect themselves and the networks connected to Bandwidth. Neither Bandwidth's provision of these Fraud Best Practices nor anything included in these Fraud Best Practices alters any customer's contractual obligation to manage its network and its end users.

Overview

This document is intended to help Bandwidth Customers to reduce their fraud attack surface and help them take measures to protect themselves, including their connections to Bandwidth. This document is not all-inclusive and can’t guarantee that the recommended best practices will stop all fraud. The intent is to provide a framework our customers can use toward the prevention and mitigation of fraudulent events and to lessen the risk associated with all types of telecommunications fraud.

Types of Fraudulent Traffic To Be Concerned About

The term “Fraud” typically relates to the practice of illegally extorting money, personal information, financial information, security credentials etc. The term “fraudulent traffic” also describes a wide range of devious telecommunications behaviors that are used to impersonate and mask identities with the intent to steal or harm.

Bandwidth considers the following types of voice calling and text messaging as fraudulent traffic:

Traffic deemed invalid (per FCC rules)

Traffic sent with intent to steal or harm

Traffic sent with the intent to harm through impersonating or masquerading identities

Bandwidth reserves the right to protect itself and its networks by stopping fraudulent traffic from traversing its networks. Bandwidth’s customers who send traffic that the telecommunications industry, government authorities, and Bandwidth consider to be fraudulent, are at risk of having their traffic it blocked - either by Bandwidth or any downstream service provider.

The following specific types of illegal activities also violate Bandwidth’s Acceptable-Use Policies (AUP).

Unlawful Robocalls (North America)

Domestic Toll Fraud/Traffic Pumping

International Toll Fraud/IRSF

Toll Free Traffic Pumping (North America)

Phishing Scams (IRS, SSA, Vacations, Student Loans etc.)

Text messaging SPAM

Unlawful Robocalls (Within North America)

In November 2017, the Federal Communication Commission (FCC) issued a report and order that described a number of specific types of robocalls considered to be unlawful. Further, in May 2019, the FCC released a declaratory ruling that gives service providers leeway to block unlawful robocalls at the network level by default, with the intent of preventing unlawful calls from reaching the general population in the first instance. The types of robocalls the FCC has specifically determined to be unlawful are calls made with:

Invalid ANI/FROM telephone numbers (TNs)

Unallocated ANI/FROM TNs

Blank or alpha-numeric characters in ANI/FROM TNs

Telephone numbers on the Do Not Originate (DNO) List(s)

Here are the best practices that customers can follow to prevent the flow of unlawful robocalls from their network toward Bandwidth:

BWFBP100

Make sure all of your voice calling traffic contains good/valid telephone numbers in the ANI/FROM fields. See the definitions of the various types of ANI/FROM fields below. Ensure that all of your calls toward Bandwidth meet the following “VALID” criteria.

VALID: A valid NPA-NXX-XXXX in the NANP

UNALLOCATED: A valid NPA NXX XXXX in the NANP, but NOT assigned either to a carrieror in the LERG

INVALID NUMBER: A complete telephone number (TN) that is NOT VALID, but of the correct format [2-9][0-9][0-9] [2-9][0-9][0-9] [0-9][0-9][0-9][0-9] (i.e. 10 digits in length, 1st and 4th are [2-9] all others are [0-9])

INVALID DIGITS: The calling party number is numeric, but doesn’t fit into a category defined above (all 1's, partial entry <10 digits, etc.)

8YY: The calling party number is an 8YY number

911: The calling party number is 911

411: The calling party number is 411

N11: The calling party number is any of N11 number besides 911 or 411

555: The NXX is 555

ALPHA: The calling party number has 'alpha' characters that are random or the word ANONYMOUS in it

EMPTY: There’s no calling party number present

BWFBP101

Make sure that calls from your network or from your customer’s never have ANI/FROM phone numbers that fall into the UNALLOCATED, INVALID, N11, Alpha or Empty ANI categories. Please be aware that if any of these types of calls leave your network and are sent toward Bandwidth, you run the risk of these calls being BLOCKED by Bandwidth or another downstream service provider.

BWFBP102

Review your customer use cases and discourage short-duration (<15 seconds) calling. Short duration calls raise flags on most service provider networks and may lead to Call Blocking per the FCC guidelines.

BWFBP103

If you receive voice traffic that falls into the FCC’s ‘unlawful’ categories, please take measures to detect, mitigate, block, and educate your customers to cease sending these types of calls.

Domestic Toll Fraud/Traffic Pumping

Delivering phone calls to all areas of North America doesn’t cost the same for each area. Marketplace dynamics dictate that supporting remote or lightly populated markets is generally more expensive than more densely populated cities.

The intercarrier compensation regime that applies to connected carriers that exchange traffic in the higher cost areas allow for the billing of access charges for calls to and from these more rural destinations.Thus, it’s much more expensive to deliver calls to areas like rural Iowa, as opposed to Des Moines or Cedar Rapids, IA. Bad actors know this and will frequently turn-up automated phone-answering systems to generate traffic in these expensive areas.Then, they advertise through social media, websites, texts and emails to generate calls into these automated phone-answering systems.

The fraud schemes that arise in such scenarios are a function of intermediate service providers being billed higher call handling (access) charges, which subsequently contribute to the fraudulent payments to bad actors.Traffic pumping of this sort is typically robotically dialed, lasts over 15-30 minutes and is connected into automated systems that provide little or no value to the caller. Many of these calls complete into systems that return dead-air, barking dogs, ‘press 1 to continue’ loops, chat lines, recorded messages that never end, and in many cases, loud screeching tones.

The most common ways for bad actors to exploit high-cost traffic pumping is to acquire phone numbers from the local exchange phone company, stand-up fraudulent systems in an unknowing service provider’s colocation or cloud data centers, and then launch campaigns on social media to entice people to dial these recently acquired local numbers by the hundreds and asking them to leave the calls up, once connected. A nefarious service provider in the money chain will overcharge reputable carriers exaggerated access charges and give a portion of these charges to bad actors.

Here are the best practices that customers can follow to prevent the flow of Domestic Toll Fraud/Traffic Pumping from their network toward Bandwidth:

BWFBP104

Set up detection alarms on yours and your customer’s traffic to alert you on numerous, robotically dialed calls made to known high-cost areas of North America. These areas include but aren’t limited to rural Iowa, rural South Dakota, and rural Massachusetts. Look at the NPAs, compare the rates within your typical rate decks, and either convince your customers to stop sending this kind of traffic to you, or block this kind of traffic from terversing your network. Bandwidth may also be monitoring for this type of traffic and typically alerts its customers upon detection.

BWFBP105

Educate your customers on this type of fraud and encourage them to prevent, detect, and mitigate such fraudulent Domestic Toll Fraud traffic before it reaches your network.

International Toll Fraud/International Revenue Share Fraud (IRSF)

Similar to domestic toll fraud, international toll fraud is perpetrated by bad actors exploiting parts of the world that are extremely expensive to deliver phone calls to. This type of fraud is called International Revenue Share Fraud (IRSF) because oftentimes, nefarious/fraudulent companies acquire expensive international phone numbers and sell them to anyone who’ll pay money for them.

These phone dealers are often referred to as International Premium Rate Number Providers (IPRN), who often buy cheap, low-cost circuit connections to reputable carriers, so they can get paid for calls that terminate on the phone numbers that they have acquired. Bad actors buy expensive international phone numbers from the IPRNs and have their people (lieutenants) robo-dial calls to these phone numbers.

The payment chain begins when the calls are placed from a location in the U.S. The remainder of the money chain includes all intermediate service providers that have to pay their upstream provider partners to handle these international calls. Eventually, the IPRN companies get a ‘cut’ of the charges to complete these calls, because they’re the “holders” of the fraudulent phone numbers in the first place. The diagram below shows the typical money flow and how IRSF can be perpetrated.

Typical Money Flow of IRSF

IRSF Fraud can take on many forms and cost innocent, unknowing victims a lot of money. Many times bad actors “hack” into PBXs, IP-PBXs, Cloud-phone systems and enterprise phone systems, and enable outbound international calling. Once this hack occurs and outbound international calling is fraudulently enabled, the bad actors proceed to dial-out to extremely expensive international phone numbers in countries all over the globe. This, in turn, costs all intermediate service providers, as well as the innocent victim, who'll most likely receive an expensive bill in the next 30 days.

Here are the best practices that customers can follow to prevent the flow of International Toll Fraud/IRSF from their network toward Bandwidth:

BWFBP106

Consider MANDATING the use of an authorization code, or PIN, that must be used by customers, employees, and end-users before placing international calls.

BWFBP107

As end-users attempt to make international calls through your network, ensure that their account code, authorization code, or PIN is accurately and securely VERIFIED before they are allowed to make international calls.

BWFBP108

Determine which countries, your platform specifically supports calling to, and then restrict calling to all the remaining countries. Limit international dialing to only authorized customers, employees, and end-users who require it. Restrict all others.

BWFBP109

Consider blocking the following frequently “Fraudulent” countries in your systems, your network and in your customer’s systems:

AC Ascension Islands 247

AG Antigua/Barbuda 268

AI Anguilla 264

AS American Samoa 684

BB Barbados 246

BM Bermuda 441

BS Bahamas 242

CD Democratic Republic of the Congo 243

CF Central African Republic 236

CG Congo 242

CZ Czech Republic 240

DM Dominica 767

DO Dominican Republic 809 829 849

GD Grenada 473

GQ Equatorial Guinea 240

GU Guam 671

HT Haiti 509

JM Jamaica 876

KN St. Kitts & Nevis 869

KY Cayman Islands 345

LC St. Lucia 758

LT Lithuania 370

MA Morocco 212

MF St Martin 590

MP Northern Mariana Islands 670

MS Montserrat 664

MV Maldives 960

PK Pakistan 92

PW Palau 680

SC Seychelles 248

SX Sint Maarten 721

TC Turks and Caicos Islands 649

TD Chad 235

TN Tunisia 216

TT Trinidad and Tobago 868

UG Uganda 256

VC Saint Vincent and the Grenadines 784

VG British Virgin Islands 284

VI U.S. Virgin Islands 340

SL Sierra Leone 232

SD Sudan 249

LR Liberia 231

LV Latvia 371

BWFBP110

Look for large volumes of SIP 487 response codes in short periods of time on your network. Using something known as “Hyper-duration robocalls”, bad actors typically “probe” networks looking for cracks in the network that will allow completed international calls. During these “hyper-duration” storms, bad actors typically launch large volumes of SIP INVITE messages in a short period of time (thousands of INVITE messages within 5 mins or less), followed very rapidly by SIP HANGUP (487) messages.

It’s important to note that call attempts that don’t complete, don’t necessarily equal unsuccessful calls. All rapid-fire attempts/hangups in a short period of time should be considered a red flag for possible fraudulent activities in the near future.

When you see more than an average of about 60 SIP 487 messages per hour, look at your traffic for fraudulent activity and calls to fraudulent destinations. If you discover suspicious/fraudulent behaviors, take measures to block/prevent future attempts of these types of international calls from reaching Bandwidth.

BWFBP111

Ensure that passwords to your company’s network equipment are unique to each unit of equipment, contain random characters, made random in length, and are NOT the passwords that were pre-configured at the time of purchase/installation. These passwords must be changed often and only shared with personnel authorized to make changes to your network equipment. Zero-knowledge password managers are highly recommended.

Toll-Free Traffic Pumping (Within North America)

In North America, businesses, individuals, and non-profits often buy the right to use a toll-free (8XX) telephone number to allow legitimate customers call them free of charge. They instead agree to pay their long-distance service provider to receive these “wanted” incoming calls. Unfortunately, bad actors have found ways to exploit the intercarrier compensation regime that applies to these toll-free phone numbers and use robotically dialed fraudulent calls with the intent to harm legitimate businesses, individuals, or non-profits by making them pay inflated charges for unwanted/illegitimate toll-free inbound calls.

Here are the best practices that customers can follow to prevent the flow of toll-free Traffic Pumping from their network toward Bandwidth:

BWFBP112

When acquiring toll-free (TF) phone numbers from Bandwidth, put them in an “aging” database and don’t place them into service until you need to assign them to your customer(s). If these TF phone numbers aren’t in service, they can’t and “should not” receive fraudulent/unwanted inbound calls from bad actors.

BWFBP113

When holding/aging TF phone numbers from Bandwidth, monitor inbound call attempts to this TF phone number as a way of verifying if a TF number is "clean" while it’s out of service. If you receive many unwanted/unsolicited inbound calls to this TF phone number while it’s not in service, notify the Bandwidth Fraud Mitigation Team immediately at [email protected] and alert them of the suspicious traffic.

BWFBP114

If you need to offer a toll-free phone number for your services, use a pool of toll-free numbers and cycle through them when placing them into use. An example of this use case would be to use a different toll-free number from a pool of numbers for every new conference call, in a conference calling service. This prevents bad actors from focusing on and exploiting a single toll-free number .

BWFBP115

Alert Bandwidth’s Fraud Mitigation Team and SOMOS of any new Toll-Free Fraudulent calls/events and we’ll engage an industry Toll-Free Fraud Traceback Group that will conduct tracebacks to discover the source(s) and provide information directly to law enforcement.

BWFBP116

Refrain from advertising TF numbers publicly via websites/email/social media. This type of communication can be seen by bad actors and lead to unwanted inbound traffic to TF phone numbers. This type of toll-free fraud is often seen in instances where TF phone numbers are used and publicly advertised to access conference bridges.

BWFBP117

If a toll-free phone number must be used to access your services, implement a “pool” of many TF phone numbers and rotate/cycle through it to keep bad actors guessing.

Phishing Scams (IRS, SSA, Vacations, Student Loans etc.)

There are companies out there that have product teams, engineering teams, and even billing teams that exist solely for the purpose of defrauding innocent victims of money, information, and credentials. These companies are involved in some of the most widespread phishing and extortion scams across the world. Some of the more commonly known scams include the IRS scam, the Social Security scam, the computer/PC repair scam, the student loan and vacation scams. Most of these scams involve victims paying the bad actors with Apple iTunes cards, Bitcoin and various other gift cards that are very difficult to track or recoup the value of..

Here are the best practices, that customers can follow to prevent the flow of Phishing Scam calls from their network toward Bandwidth:

BWFBP118

Use data analytics to map customers’ sign-up information with valid/legitimate addresses, credit card accounts, email addresses, and phone numbers. Keep track of suspicious sign-ups and immediately disable/disconnect fraudulent accounts as they become known.

BWFBP119

If phone numbers are disconnected because they were found to be used in a fraudulent manner to perpetrate a phishing scam, DON’T auto-provision phone numbers to the same account.

BWFBP120

Sometimes bad actors use “call-forwarding” to evade detection. Oftentimes, they use multiple call forwarding layers to evade detection. If your network or service offering includes a call-forwarding function, be aware of customers who enter large numbers of entries in your call forwarding tables, especially through web page interfaces. Please send all call-forwarding tables/forwarding information that contain Bandwidth phone numbers to [email protected].

BWFBP121

Keep an eye out for accounts that use numerous phone numbers across a large geographic area. Please report all accounts, and account information, that have numerous phone numbers across large geographic areas to [email protected].

BWFBP122

Monitor for and be aware of end users who cycle through phone numbers at higher than normal rates, volumes, and frequencies. This rapid phone number swapping behavior could indicate that they're trying to avoid detection by carriers, law enforcement, and government agencies. The perpetrators of the IRS and Social Security scam calls will typically swap phone numbers at unusual rates to cover their tracks after initial calls are placed and received.

Text Messaging SPAM

Text messaging is a very convenient mode of simple and fast communication. Messages sent out via public networks to end users are required to comply with all relevant laws and regulations, including but not limited to the Telephone Consumer Protection Act (TCPA).

Unfortunately, bad actors can also leverage these technological capabilities to commit crimes by defrauding, impersonating, and extorting innocent victims. The text messaging industry generally operates in a more lightly regulated environment than voice calling does, so text messaging service providers must be that much more vigilant on fraud prevention and mitigation best practices.

At the outset, it’s important to understand the differences between Person-to-Person text messaging (P2P) and Application-to-Person text messaging (A2P).

Consumer (P2P) Messaging

P2P (Person-to-Person) is defined as two-way messaging. Typically, this is the conventional conversational two-way SMS or MMS messaging between individuals. From CTIA best practices : "Consumer (P2P) messaging is sent by a Consumer to one or more Consumers and is consistent with typical Consumer operation (i.e., message exchanges are consistent with conversational messaging among Consumers)."

Attributes of Typical Consumer Operation

Throughput: 15 to 60 messages per minute. A Consumer is typically not able to originate or receive more than about one message per second.

Volume: 1,000 per day. Only in unusual cases do Consumers send or receive more than a few hundred messages a day. A Consumer can't typically send or receive messages continuously over a long period of time.

Unique Sender: 1 telephone number assigned to or utilized by a single Consumer. A single Consumer typically originates messages from a single telephone number.

Unique Recipients: 100 distinct recipients/telephone numbers per message. A Consumer typically sends messages to a limited number of recipients (e.g., 10 unique recipients).

Balance: 1:1 ratio of outgoing to incoming messages per telephone number with some latitude in either direction. Consumer messages are typically conversational. An incoming message typically generates a response from the recipient.

Repetition: 25 Repetitive Messages. Consumer messages are uniquely originated or chosenat the direction of the Consumer to unique recipients. Typical Consumer behavior is not to send essentially or substantially repetitive messages.

Consumer (P2P) Messaging Automation

Some Consumers utilize automation to assist in responding to communications. For example, aConsumer may direct their messaging service to auto-reply to a phone call in order to inform thecaller about the Consumer’s status (e.g., “I’m busy” or “Driving now, can’t talk”). Such use ofautomation to assist Consumers in their composition and sending of messages falls within the attributes of typical Consumer operation. In contrast, the use of automation, in whole or in part, by Non-Consumers to facilitate messaging is not a typical Consumer operation.

Non-Consumer (A2P) Messaging

A2P (Application-to-Person) is one-way SMS to which recipients aren’t expected to reply. Typically this represents high-volume messaging between businesses and individuals. Some common examples are a logistics company sending delivery statuses and notifications, a dentist’s office sending one-way alerts and reminders, or a financial institution sending PIN codes to individuals either using short codes or long codes.

Non-Consumer (A2P) message traffic includes, but isn't limited to, messaging to and from large-to-small businesses, entities, and organizations. For example, Non-Consumer (A2P) messages may include messages sent to multiple Consumers from businesses or their agents, messages exchanged with customer service response centers, service alerts and notifications (e.g., fraud, airline), and machine-to-machine communications. Non-Consumer (A2P) Message Senders may also include financial service providers, schools, medical practices, customer service entities, non-profit organizations, and political campaigns. Specifically, such Message Senders should adhere to the Non-Consumer (A2P) Best Practices, described in the CTIA Messaging Best Practices.

Non-Consumer (A2P) message traffic includes all messaging traffic that is automated, in whole or in part, but isn’t described as Consumer (P2P) messaging automation. If Consumer (P2P) messaging traffic is operating in a manner inconsistent with typical Consumer operation, such traffic may be filtered or subject to a Service Provider’s Unwanted Messaging threat mitigation efforts consistent with a Service Provider’s individual messaging service terms and conditions.

The one SMS/number/second message limits imposed in the guidelines for P2P messaging don’t apply to A2P messaging services. The use of an A2P text messaging service requires formal approval by Bandwidth (and potentially carriers, depending on the use case and the company generating outbound traffic).

The major difference between the current P2P service that Bandwidth offers today on U.S. and Canadian local 10-digit phone numbers, and the A2P Messaging service using toll-free numbers is that A2P formally allows TCPA compliant and opted-in use cases for many application-to-person use cases, such as alerts, PIN codes, requested marketing, and automated high-volume interactions between business/government and consumers.

Unwanted Messages

Protecting consumers from unwanted messages, particularly from high-volume messaging traffic, is a key consensus-based goal among messaging ecosystem stakeholders.

Unwanted Messages (or Unwanted Messaging) may include:

Unsolicited bulk commercial messages (i.e., spam)

“Phishing” messages intended to access private or confidential information through deception

Messages that required an opt-in but didn’t obtain it (or had it revoked)

Unwanted content, including other forms of abusive, harmful, malicious, unlawful or otherwise inappropriate messages

We recommend customers to follow best practices for Toll-Free (A2P) messaging and the CTIA messaging principles and best practices, as well as check out the CTIA Short Code Monitoring Handbook. Though this handbook is about text messaging short codes, the same basic principles and rules apply. We also recommend customers follow these additional industry sanctioned Short Code guidelines.

Here are the best practices that customers can follow to prevent the flow of Text Messaging SPAM from their network toward Bandwidth. This type of SPAM traffic runs the risk of being BLOCKED by either Bandwidth or by a downstream provider:

BWFBP123

Never send text messaging content that is related to S.H.A.F.T.:

SEX

HATE

ALCOHOL

FIREARMS

TOBACCO (including cannabis)

Text messages with content that’s directly or remotely related to these categories will most likely be blocked as SPAM by either Bandwidth and/or one or more Tier 1 Mobile Network/Handset operators in the U.S.

BWFBP124

GET CONSENT FROM YOUR USERS

Make sure users explicitly say they want messages from you.

The single most important practice is ensuring you have accurate, reliable opt-ins specific to the type of messages you’re sending consumers. Generally, opt-out rates are consistently low when you have obtained reliable and clear consumer opt-in consent. At any time, Bandwidth or other wireless carriers may request evidence of documented opt-in consent for a particular message sent from you (or your customers).

BWFBP125

DON’T USE PUBLICLY AVAILABLE URL SHORTENERS.

These same ‘free-public’ URL shorteners are used by bad-actors to evade detection and get their SPAM messages passed through text messaging platforms. Bandwidth encourages you to build custom URL shorteners that relate to your company or product name. They’re still free. If a custom URL shortener is found to be used for fraudulent purposes, Bandwidth can and will block messages containing them.

Bandwidth and partnering ‘“downstream” carriers will block text messages that contain these publicly available URL shorteners:

goo.gl

bit.ly

tinyurl.com

tiny.cc

lc.chat

is.gd

soo.gd

s2r.co

clicky.me

budurl.com

Bc.vc

BWFBP126

Provide opt-out functionality within the text messages sent, so receiving end-users can easily opt-out at their discretion. Failing to have opt-out in the text messages sent may lead to carriers flagging and possibly blocking these messages as SPAM.

BWFBP127

PROCESSING STOP KEYWORDS

Be sure your users can opt out of receiving messages.

Consumer opt-in and opt-out functionality is enforced at the network level via the STOP and UNSTOP keywords. This functionality can’t be disabled for service providers or message senders. Message senders have obligations to process the opted-out consumer phone number, so it’s removed from all distribution lists and logged as “opted out” from SMS communications. This ensures that withdrawal of consumer consent is honored and future messages aren’t attempted.

Examples of valid opt-out messages:

STOP

Stop

stop

STop

For toll-free SMS, there’s no need for you to send an acknowledgment to the consumer. The generic opt-out confirmation message returned to a consumer from your network provider gives instructions on how to opt back into service

Example: “NETWORK MSG: You replied with the word STOP which blocks all texts sent from this number. Text back UNSTOP to receive messages again.”

BWFBP128

PROCESSING UNSTOP KEYWORDS

Allowing users to opt back in after opting out at the network level.

A consumer can opt back in at any time to receive messages by texting the keyword “UNSTOP” to a message sender’s phone number. The keyword is not case sensitive and triggers an opt-in only when sent as a single word, with no punctuation or leading spaces (any trailing spaces are trimmed). If the consumer uses the opt-in keyword within a sentence an opt-in is not triggered.

Examples of valid opt-ins:

UNSTOP

Unstop

unstop

UNStop

The message returned to a consumer is generic and informs the consumer they can start two-way texting with the message sender’s phone number again.

Example: “NETWORK MSG: You have replied UNSTOP and will begin receiving messages again from this number.”

BWFBP129

ONLY USE A SINGLE NUMBER FOR CAMPAIGNS

Don’t spread your campaigns over several numbers.

Using a single number for both text and voice calls is not only a best practice but also a better overall user experience. Your customers can call and text the same number. But more importantly, you should avoid spreading messages across many source phone numbers, specifically to dilute reputation metrics and evade filters. This is referred to as “snowshoeing” and can result in your content being blocked. If your messaging use case requires the use of multiple numbers to distribute “similar” or “like” content, please discuss it with your Bandwidth rep (or other carrier rep).

BWFBP130

IDENTIFY YOUR BRAND

Include your company name in the messages you send.

Your application, service, or business name should be included in the content of the body of your message(s).

Example: “[Your Business Name]: You have an appointment for Tuesday, 3:00PM. Reply YES to confirm, NO to reschedule. Reply STOP to unsubscribe.”

BWFBP131

USE A SINGLE DOMAIN FOR URLS IN YOUR MESSAGES

Any campaign URLs should be from a single, specific domain.

Each campaign should be associated with a single web domain owned by you, the customer. Although a full domain is preferred, a URL shortener may be used to deliver custom links.

Good Cyber Hygiene

In today’s telecom environment, the same servers and computing hardware used for websites and databases are also used for IP-PBXs, voicemail systems, call-center platforms and Interactive Voice Response (IVR). These servers typically operate with Windows and/or Linux (CentOS, RHEL) operating systems, which continue to be exploited by hackers and fraudsters everyday. For this reason, it’s extremely important to exercise good cyber hygiene (i.e., good cybersecurity best practices,) in order to protect your systems from being hacked, breached, or exploited for fraudulent phone calling all over the world.

Customer Premise Equipment (CPE)

The following suggested best practices are drawn from industry-wide sanctioned practices, as well as Bandwidth-approved actions that can help secure your communications systems.

Often referred to as Customer Premise Equipment (CPE), servers and their connection to IP networks and the internet represent your single most vulnerable point of fraudulent entry. It’s critical for you to take all necessary and practical measures to secure these customer-owned systems, so you can reduce your attack surface and slow/prevent the perpetration of telecom fraud.

It’s important to keep in mind that there are no guarantees to preventing all telecom fraud. The criminals who perpetrate telecommunications fraud, in its numerous forms, are always working to circumvent countermeasures and security features that enterprises may deploy.

Implementing some and/or all of the listed suggested best practices to secure your CPE can dramatically reduce your exposure to several types of telecom fraud.

Best Practices for Securing Your CPE

Since most local VoIP systems (PBX, IP PBX, Call Managers), voicemail systems, and enterprise grade Session Border Controllers (SBCs) are built on off-the-shelf computing platforms (i.e., Linux servers), we recommend that you exercise Linux and IP network cybersecurity best practices. Implement a company-wide security plan that includes instituting policies on call restrictions, leveraging call blocking, creating processes around closing customer accounts or unused services, utilizing password best practices, actively managing voicemails, and reporting anomalies. Educate all of your employees on the established security plans.

Here are the best practices you and your employees can follow to secure your CPE:

BWFBP132

Back-up your systems fully and often

In the event a system is compromised, you can restore it from a known “clean” backup. Although you may lose some amount of data, you’ll be able to restore your critical systems.

BWFBP133

Review and utilize traffic data

By collecting and graphing call logs and Call Detail Records (CDRs) from your VoIP platform, you can see incoming and outgoing calls, and determine if any of the “graphed” traffic behaviors match or conflict with your business model and service offerings. Monitor and review your LD usage on a regular schedule, or as often as practical.

BWFBP134

Secure your Voicemail (VM) Systems

Implement strong PIN and VM password policies. Disconnect/disable outbound calling or call-through functionality within the voicemail system.

Never allow call forwarding or return call features within a voicemail system. Hackers often exploit voicemail platforms to program fraudulent outbound calling.

BWFBP135

PBX management

Keep IP-PBX and voice platform operating systems up-to-date

Be sure your systems are updated with the latest releases and security patches. Hackers often exploit outdated and unpatched operating systems. Please remain vigilant about maintaining and enhancing your security.

BWFBP136

Consider adding time of day/day of week call handling

Turn off/disable outdial features (allow inbound calls and 911 only) during non-business hours. At a minimum, restrict international dialing to core business hours only

BWFBP137

Set-up a SIP-based firewall within your IP/PBX systems

A SIP-based firewall can inspect voice and data packets as they pass through your network, and only allow what’s authorized between your platform and your service provider. Firewalls can also alert you when various thresholds or unauthorized access attempts occur.

Monitor SIP traffic and automatically block suspicious IP addresses that are SIP scanning the equipment for access.

Monitor and alert on all registration events into your PBX, IP PBX, and Call Manager, including failed attempts. Blacklist foreign IPs you don’t recognize/do business with.

Utilize strong Access Control Lists designed to allow for secure communications while preventing unauthorized access.

BWFBP138

Disable DISA (Direct Inward System Access)

Prevent external callers from accessing internal PBX features by disabling DISA.

Delete unassigned voice mailboxes and associated DISA codes.

Consider two-factor authentication for any remote access and/or administrative users

BWFBP139

Disable ALL IP ports not currently in use

On Linux based IP-PBX systems and ancillary platforms, like voicemail systems, disable all IP ports that aren’t being used or needed. Hackers look for unused IP ports that can be exploited to gain unauthorized access. Pay special attention to IP ports 5060 and 5080 on IP-PBXs, like Asterisk, Mitel, Polycom, Cisco, and Avaya.

BWFBP140

Utilize enterprise-grade Session Border Controllers (SBCs)

Enterprise-grade SBCs will provide an added layer of security, which is especially important if you use Unified Communications (UC) services, like video conferencing. Hackers will quite often ping the IP address of an IP-PBX. However, with an SBC in place, they’ll get a response from the SBC, not the IP-PBX, and won’t gain access or visibility into your IP-PBX. Hackers most always seek the path of least resistance. If they encounter an IP address that’s protected, they’ll move on to IP addresses that aren’t.

Enterprise-grade SBCs also provide additional layers of protection by allowing operator-configured rules to be executed based on authorized calling patterns and services offered. Enterprises can configure SBC rules for geographic restrictions, number of calls per hour, time of day and days of the week. This can be very effective in preventing robocalls, toll fraud, international fraud, and suspicious calling behaviors during nights or weekends when employees aren’t typically in the office.

User Management Tips for Securing Your Users (UAs, Handsets, Remote Users)

BWFBP141

Improve security through rate limiting login attempts

Never allow unlimited login attempts.

Enable system lock-out functionality on all voice-processing and voicemail systems that only allow a finite number of attempts, typically three, to enter a password before being locked out.

Consider using multi-factor authentication for enhanced security.

BWFBP142

Monitor for and block account scanners

Look for unauthorized user agents (UAs) like “User-Agent: friendly-scanner” or UAs that are free and/or don’t match your authorized user’s systems. In a VoIP network environment, numerous unauthorized registration/attempts should be a significant red flag that your network and systems are being probed/scanned for vulnerabilities.

BWFBP143

Block/filter traffic from suspicious IP addresses

You should filter, block or blacklist suspicious IP addresses (especially in high-risk countries), as they’re identified, so no traffic is allowed to enter your network from them.

BWFBP144

Monitor for and disable or remove fake accounts and account sign-ups

Look for random email addresses (i.e., [email protected]) or addresses and ZIP codes that don’t align. It’s not recommended to solely rely on third-party platforms or application stores to validate your new account sign-ups.

If you already use third-party platforms or application stores for account validations and sign-ups, contact your account manager confirming their current practices leverage security features that will monitor and alert you to fraudulent activities.

BWFBP145

Install security software applications on all of your voice processing systems

Most security products can flag and reduce the rate of incorrect authentication attempts. They can check for login and VoIP/SIP registration errors and stop brute force attacks against root passwords, injections of malicious traffic, and registration attempts of unauthorized peers with suspicious credentials.

General Best Practices for Working with Bandwidth

BWFBP147

Develop a Fraud-Contact distribution email address list. This will allow Bandwidth to contact more than one person at your company about fraudulent events or behaviors. You’ll need to manage the distro list, as your staff changes.

BWFBP148

Update all “fraud” contacts every 6 months within your account and reach out to your Bandwidth Account Manager (CAM/CSA) to alert them that you made edits/changes.

BWFBP149

Any/All Fraud-Contact distribution email address lists provided to Bandwidth must reach people that are on-duty or on-call, in a way that allows Bandwidth to communicate with someone regarding fraud events 24 hours a day, 7 days a week, 365 days a year (24X7X365).

BWFBP150

Any/All Fraud-Contact distribution phone number lists provided to Bandwidth must reach people that are on-duty or on-call, in a way that allows Bandwidth to communicate with someone regarding fraud events 24 hours a day, 7 days a week, 365 days a year (24X7X365).

BWFBP151

Any/All Fraud-Contact distribution lists provided to Bandwidth must reach people that are technically capable of mitigating fraudulent events on your network.

BWFBP152

Any/All Fraud-Contact distribution lists provided to Bandwidth must reach people that are authorized to make network decisions, such as blocking fraudulent traffic, disabling fraudulent international calling, and/or accepting “Fraud” charges, as spelled out in your Bandwidth Master Service Agreement - Contract.

BWFBP153

If you need to reach the Bandwidth Fraud Mitigation Team, you can contact us in any of the following ways:

Email: [email protected]

[Note: this will auto-open a ticket with Fraud Mitigation Team]

Phone Customer Support: 855-864-7776

Phone Bandwidth Corporate: 888-969-5009, Press 3, Press 1, Press 1

Recommended Fraud Mitigation Best Practices FAQ

We’re building internal fraud policies for fraud mitigation. Can Bandwidth provide area codes for known high-cost areas in North America?

Unfortunately, Bandwidth can’t provide a list of high-cost areas in North America for several reasons:

The cost to deliver traffic to various parts of the U.S. changes every day. Therefore, what may be considered “high-cost” today, may not be high-cost tomorrow.

Federal regulations require carriers to deliver valid traffic to every part of the U.S, and specifically to rural calling areas. Although Bandwidth periodically detects fraudulent traffic to various NPA-NXXs in the U.S., that doesn’t mean that the whole NPA-NXX is fraudulent or that all calls to “high cost” areas are fraudulent. Bandwidth can’t provide you with legal advice, so it’s incumbent upon you to seek your own legal guidance and develop your own specific fraud mitigation policies and traffic blocking rules in keeping with such guidance.

How did [this fraudulent event] happen?

Generally speaking, Bandwidth doesn’t have visibility to the end points in your network. Therefore, we can’t definitively say how fraudulent traffic was generated. However, there are several common methods used to “hack” into vulnerable systems and services, which are outlined in our Recommended Fraud Mitigation Best Practices. While this list of methods isn’t exhaustive, it does indicate several ways in which toll fraud can be attempted against your network. We ask that you work with your network staff, your network equipment vendors, and your customers to review your network security and secure all of your systems accordingly.

How do I stop fraudulent traffic coming from my network from reaching Bandwidth?

The first step is to secure your systems (#SYS). Take all practical measures to prevent unauthorized external and internal access to your systems, by managing your system passwords and changing them often. Limit who can access your systems, and implement as many of the Recommended Fraud Mitigation Best Practices as possible. We ask that you work with your network staff, your network equipment vendors, and your customers to review your network security and secure all of your systems accordingly.

Please keep in mind that Bandwidth monitors for, detects, and mitigates fraudulent traffic to protect its own networks and its customers. Per your contractual obligations with Bandwidth, you’re responsible for managing your traffic, detecting fraudulent activity, and stopping it on your networks, before it reaches Bandwidth.

Can Bandwidth protect me from all fraudulent traffic?

Unfortunately not. Since Bandwidth doesn’t manage your customers’ communications, nor has a direct visibility into your affected customers’ networks, equipment, and systems, Bandwidth isn’t in a position to stop fraudulent traffic that may emanate from your network through compromised systems and end-users. Please keep in mind that Bandwidth monitors for, detects, and mitigates fraudulent traffic to protect its own networks and customers. Per your contractual obligations with Bandwidth, you’re responsible for managing your traffic, detecting fraudulent activity, and stopping it on your networks, before it reaches Bandwidth. We ask that you work with your network staff, your network equipment vendors, and your customers to review your network security and secure all of your systems accordingly.

How did Bandwidth let [this fraudulent event] happen?

Bandwidth monitors for, detects, and mitigates fraudulent traffic to protect its own networks and its customers. Per your contractual obligations with Bandwidth, you’re responsible for managing your traffic, detecting fraudulent activity, and stopping it on your networks, before it reaches Bandwidth. We ask that you work with your network staff, your network equipment vendors, and your customers to review your network security and secure all of your systems accordingly. We also ask that you cooperate with us, so we can help identify instances of fraud and be able to better assist you with your fraud prevention objectives in the future.

Bandwidth alerts its customers of suspicious traffic behaviors as a courtesy, in order to allow you time to secure any vulnerabilities, block fraudulent traffic, and mitigate possible hacks or unauthorized access to your, or your customers' systems.

Can Bandwidth secure my customers?

No. Since Bandwidth doesn’t manage your customers’ communications, nor has a direct visibility into your affected customers’ networks, equipment, and systems, Bandwidth isn’t in a position to stop fraudulent traffic that may emanate from your network through compromised systems and end-users. Please keep in mind that Bandwidth monitors for, detects, and mitigates fraudulent traffic to protect its own networks and its customers. Per your contractual obligations with Bandwidth, you’re responsible for managing your traffic, detecting fraudulent activity, and stopping it on your networks, before it reaches Bandwidth. We ask that you work with your network staff, your network equipment vendors, and your customers to review your network security and secure all of your systems accordingly.

Table of Contents

What are carriers doing to block calls if they appear unwanted or fraudulent?

What if I have legitimate outbound calling use cases?

What is Bandwidth doing to fight robocalling?

What are carriers doing to block calls if they appear unwanted or fraudulent?

In an effort to protect consumers against abusive robocalls, carriers are increasingly implementing call blocking programs.

In recent weeks, Bandwidth has observed AT&T, Verizon and T-Mobile increasingly blocking calls that they feel fit typical robocalling campaign characteristics, such as high-volume, short-duration calls originating from a single number. When implemented, a common effect of these call blocks will be a very high volume of SIP 486 (Busy Here) response codes being delivered.

What if I have legitimate outbound calling use cases?

There are many, many legitimate use cases for high-volume, short-duration calls, including school closing notifications, weather alerts, and patient reminders. These are entirely valid and legitimate use cases where recipients want to receive these calls and have opted-in to do so. However, when viewed en-masse at the network level, they can look like illegal robocalling.

In order to ensure your outbound calls aren't miscategorized as unwanted or fraudulent calls by the wireless carriers, we highly encourage you to proactively request whitelisting of legitimate outbound calling use cases fromeachof the major wireless carriers.

Here are the websites where you cansubmit whitelisting requests:

AT&T/Wireless/Call Protect/HIYA

Verizon/Wireless/TNS

T-Mobile / FirstOrion / PrivacyStar

What is Bandwidth doing to fight robocalling?

Bandwidth is working hard to prevent fraud and abuse, while simultaneously enabling a fair competitive landscape for the delivery of valid traffic. Bandwidth is actively engaged with the Federal Communications Commission (FCC), as well as with several STIR/SHAKEN working groups, to help shape and establish an industry solution for validating phone numbers and caller authenticity in an effort to reduce instances of robocalls and spoofing. We're working alongside other major service providers to develop and implement solutions that'll best suit our customers’ needs and their wide variety of use cases.

Hosted Messaging is a service that allows Bandwidth customers to enable non-Bandwidth owned/operated phone numbers for messaging. This product is designed to allow customers to send and receive SMS/MMS messages using the Bandwidth platform while leaving the voice service in place with the current carrier/service provider.

Message enablement must only occur with the express consent of the authorized end-user. Further, to purchase this product, you must obtain a valid Letter of Authorization (LOA) from the subscriber or the NANPA numbering provider that supports the current voice services, such as the CLEC (local, non-wireless numbers) or RespOrg (Toll-free). You must also have existing capabilities to monitor and manage port out activity on numbers you have.

If you're interested in adding this product to your suite of messaging services, please reach out to your sales representative.

Note: A Letter of Authorization (LOA) from the subscriber or underlying NANPA carrier, such as the CLEC or RespOrg is required. See “ Can I text-enable a non-Bandwidth phone number? ” to learn more.

Please see below for a template of the Subscriber LOA and the Carrier LOA.

Table of Contents

Bandwidth Policy for P2P Messaging

Bandwidth Policy for A2P Messaging

Opt-in

Example Of Incorrectly Implemented Campaign

Prohibited Content

Prohibited Campaign Types

What Is Third-Party And/Or Affiliate Lead Generation?

Examples Of Prohibited Messaging Campaigns

Age-Restricted Products (Alcohol, Firearms, Tobacco)

To support Bandwidth’s strategic goals and policies for responsible messaging use, Bandwidth, as a member of the CTIA, has committed to implementing guidelines for P2P and A2P messaging content that aligns with industry best practices.

Bandwidth Policy for P2P Messaging

Bandwidth’s Acceptable Use Policy (AUP), which incorporates relevant laws and industry guidelines such as CTIA Principles and Best Practices, will govern conversational P2P messaging usage. If P2P message content or traffic patterns are found to be in violation of Bandwidth’s AUP or CTIA guidelines, Bandwidth reserves the right to block that content or take other appropriate action as detailed in our AUP.

For reference, the CTIA uses the following general guidelines to define P2P traffic. These are guidelines and should not be construed as a guarantee of P2P traffic classification and corresponding treatment by Bandwidth or other carriers in the messaging ecosystem.

ATTRIBUTE

NOTES

Throughput

15 to 60 messages per minute

A Consumer is typically not able to originate or receive more than about one message per second.

Volume

1,000 per day

Only in unusual cases do Consumers send or receive more than a few hundred messages in a day. A Consumer also cannot typically send or receive messages continuously over a long period of time.

Unique Sender

1 telephone number assigned to or utilized by a single Consumer

A single Consumer typically originates messages from a single telephone number.

Unique Recipients

100 distinct recipients/telephone numbers per message

A Consumer typically sends messages to a limited number of recipients (e.g., 10 unique recipients).

Balance

1:1 ratio of outgoing to incoming messages per telephone number with some latitude in either direction

Consumer messages are typically conversational. An incoming message typically generates a response from the recipient.

Repetition

25 Repetitive Messages

Consumer messages are uniquely originated or chosen at the direction of the Consumer to unique recipients. Typical Consumer behavior is not to send essentially or substantially repetitive messages.

Bandwidth Policy for A2P Messaging

The full details of Bandwidth’s product requirements can be found in our Terms & Conditions, which are available to all contracted customers. What follows is a summary of the key policies and product requirements:

Opt-in

All customers utilizing Bandwidth A2P Messaging services must comply with applicable opt-in requirements as outlined in CTIA Principles and Best Practices and the CTIA Short Code Monitoring Handbook v1.7. Further, customers are advised to seek independent legal advice to ensure compliance with TCPA when offering A2P messaging in the United States.

For A2P Messaging, SMS messages should only be sent to recipients who have opted in to your service and/or are expecting communication from you. Bandwidth and other interconnected carriers actively monitor for this kind of activity. Bandwidth reserves the right to block messaging service or suspend your account if abuse is reported.

Example Of Incorrectly Implemented Campaign

To help demonstrate, sending the following message without an explicit opt-in is prohibited. Simply providing an opt-out is not a substitute for obtaining consent.

“Here’s your coupon for 99 cents off your next order at [COMPANY]. [LINK]. Reply STOP to opt out.”

Prohibited Content

Bandwidth’s AUP also applies to A2P messaging usage. To highlight and/or expand on content prohibited by Bandwidth’s AUP, Bandwidth will not power A2P messaging campaigns associated with the following:

Engaging in an activity in connection or conjunction with any pornographic and/or adult entertainment industry purpose, regardless of whether such activity is lawfully permitted

Depictions or endorsements of violence, hate speech, or otherwise engaging in threatening, abusive, harassing, defamatory, libelous, deceptive or fraudulent behavior

Content related to the sale or promotion of substances that are classified as controlled substances under federal law, including marijuana

Prohibited Campaign Types

Unless expressly authorized by Bandwidth, A2P Messaging services may not be used for the following purposes:

Third-party or affiliate lead and/or commission generation (see definition below)

Advertisements for loans

Credit Repair offers

Debt Relief

Debt Collection

Work from home, secret shopper, or other similar advertising campaigns

What Is Third-Party And/Or Affiliate Lead Generation?

This is when the party collecting opt-in is doing so for the purpose of collecting, aggregating, converting, or selling consumer information (“leads”) to third parties for a fee. Typically, a consumer is driven to a website using online advertising and asked to input their information in order to receive offers for general services like payday loans, insurance products, or educational opportunities. The lead generator then either resells that consumer’s information to one or more third parties or continues to send messages to the consumer with links to offers from multiple partners to try and convert a sale.

At their best, these offers can give real value to consumers by connecting them with companies that can help fulfill a need. Often, however, lead generation companies have engaged in aggressive or potentially misleading marketing campaigns, causing consumers to complain and spam blocking to occur.

Examples Of Prohibited Messaging Campaigns

"Savings Alert from [COMPANY]: We found a new program that can protect you from costly auto repairs. It's quick and easy to see if you qualify. [LINK]"

"Lending Alert from [COMPANY]: Your first offer! Great loan options may be available to you. It's quick and easy to learn more. Click for details. [LINK]"

"Need help settling your payday debt? [LINK] or call [NUMBER] to speak with an agent. Text STOP to optout."

"Thanks for being loyal. You can check for approval today. Login to see how much. We won't send until you okay it. [LINK]. Reply STOP to optout."

Age-Restricted Products (Alcohol, Firearms, Tobacco)

Bandwidth will only power A2P messaging campaigns associated with age-restricted products and services such as alcohol, firearms, or tobacco on dedicated short codes if both of the following requirements are met:

The customer and/or sending party demonstrates that they have strict age validations in place for message recipients

The customer agrees they will work with Bandwidth’s messaging product team to ensure that messaging campaign content is approved

To fire up a conversation with a member of the Bandwidth Support Team, please open a support ticket. If you'd like to collaborate over the phone, feel free to give us a call: (855) 864-7776.

Please allow an appropriate amount of time for the agent to respond before proceeding to engage our escalation contacts.

Issue Type

1st Level Escalation

2nd Level Escalation

3rd Level Escalation

Onboarding & Implementation

Arturo Garcia - Manager

919-296-3043 (office)

443-225-8013 (cell) [email protected]

Liz Streicker - Sr. Manager

919-827-4309 (office)

919-274-9149 (cell)

[email protected]

Kelli Doty - Vice President, Customer Success

919-439-2586 (office)

919-607-0447 (cell)

[email protected]

Account Management (CAM) & SIP Trunking

Casey Dover - Manager

919-695-6833 (cell)

[email protected]

Porting In (Local & Toll-Free)

Teddy McDaniel - Team Lead

919-295-9439

[email protected]

Greg Schrader - Manager

919-289-3117

[email protected]

Hannah Macchioni - Sr. Manager

919-964-4263

[email protected]

Project Ports & SIP Port Ins

Chelsea Curtis - Manager

919-794-8297 [email protected]

Hannah Macchioni - Sr. Manager

919-964-4263

[email protected]

Michelle Opitz - Vice President, Operations 919-740-2249 (office)

919-964-4217(cell) [email protected]

Port Outs or Features Support (DL, DA, LIDB)

Alex Yllanes - Manager

919-295-9067

[email protected]

Rob Brezina - Sr. Manager

919-297-1072 (office)

919-295-9288 (cell)

[email protected]

Michelle Opitz - Vice President, Operations 919-740-2249 (office)

919-964-4217(cell) [email protected]

Technical Assistance

Outages

NOC or Tier 2 Support

Tim Hamill - Manager

919-766-8631

[email protected]

Mel Gower - Director

919-561-6328

[email protected]

Michelle Opitz - Vice President, Operations 919-740-2249 (office)

919-964-4217(cell) [email protected]

Billing

Elizabeth Heath - Manager

[email protected]

Tiffany Quinones - Director [email protected]

Seth Ray - Sr. Director

[email protected]

Invoice Payments

Stevan Bowden - Manager

[email protected]

911 Address Validation/Misroutes/ANI-ALI Discrepancies

Erika Stevens - Team Lead

303-872-5585

[email protected]

Fondra Marshall - Manager

972-819-0086

[email protected]

Michelle Opitz - Vice President, Operations 919-740-2249 (office)

919-964-4217(cell) [email protected]

If you're not satisfied with theescalation assistance provided bythe above individuals, you may utilize the executive leadership listed below. Please allow an appropriate amount of time for each contact to respond before proceeding to the next level.

4th Level Escalation

Ryan Henley - Sr. Vice President, Customer & Business Operations

303-949-5471 (office & cell)

[email protected]

This article references the ‘New’ interface in the Bandwidth Dashboard. Looking for the ‘Classic’ experience? Click here !

How to Dispute a Charge From Bandwidth

To download your monthly invoices from the Bandwidth Dashboard:

Log into the Bandwidth Dashboard.

Select 'Reports' on the top navigation menu, then click 'Billing Records'.

On this page, select 'Invoices' as your report type, and then choose your date range:

You may select the previous month, current month, or a custom date range to download multiple invoices at once.

Click 'Submit' to download a .pdf and a .csv into your web browser:

Your account number, the invoice number, date, and the due date of the specific invoice are all located in the upper left hand side of your invoice

The breakdown of the charges and the total amount due is located on the right hand side of the first page

For instructions on how to make payment, take a look at our article on How to Pay your Bandwidth Invoice Online.

If there’s a charge on your invoice you are unsure about, please submit a ticket through the Bandwidth Support Center. For more information on this topic, take a look at our article on.

You may see this error displayed as the error code of E19 and/or with a message indicating 'Pending Order on TN', 'Pending Order', 'Port in Progress', etc.

What does this mean?

A pending order can be anything from another port request that has been submitted with this same number, a feature add or disconnect, address change, etc. If there is an active order on the customer's account, it will prevent porting. Even if the customer only called in to request a name change, or a change in a billing address...they all contribute to a pending order rejection.

How do I resolve it?

If the customer is not sure what the pending order is, they will need to contact the carrier to resolve. Sometimes a customer will request a change to their account, and for whatever reason the work order gets 'stuck' in some sort of queue on the carrier's side and therefore never hits a completion stage.

Bandwidth will resume porting as soon as the pending order is complete.

Important Information:

Never make any changes to a customer's account before requesting to port as it may cause costly delays.

Bandwidth cannot remove any pending orders on behalf of the customer.

Q: How does Bandwidth encode its SMS messages?

A: Bandwidth adopts the following practices -

On SMPP - Bandwidth always passes through the encoding type present in the message both for MT and MO messages.

On HTTP Messaging V2 -

For MT messages [outbound from Bandwidth customer to end users], Bandwidth uses GSM-7, or UCS-2, if the message text contains non-ASCII characters.

For MO messages [inbound to Bandwidth customer from end users] received via HTTP callback, message text will always be in JSON format with UTF-8 encoding.

On HTTP Messaging V1 -

For MT messages, Bandwidth will select the smallest encoding that can represent the message text. The set of possible encodings, from smallest to largest is: GSM Latin1 Cyrillic Hebrew UCS2.

For MO messages received via HTTP callback or the API, message text will always be in JSON format with UTF-8 encoding.

Q: How does Bandwidth encode its MMS Messages?

A: Bandwidth adopts the following practices -

On MM4 - Bandwidth always passes through the encoding type present in the message both for MT and MO messages.

On HTTP Messaging V2 - All messages are sent and received as UTF-8.

On HTTP Messaging V1 -All messages are sent and received as UTF-8.

Q: What is the expected length of SMS messages?

A: The final message length in characters depends on the encoding. For the two most common formats -

GSM-7 - The message length is up to 160 characters

UCS-2 - The message length is up to 70 characters

For multi-part or concatenated messages, some additional information needs to be stored in each message to determine the order of the segments so the number of characters may get reduced.

For more general info on these formats go to these links - GSM ; UCS-2

Q: What is the expected length/size of MMS messages?

A: The HTTP API limits messages to a maximum length of 1000 characters. The size of MMS messages, including text, all attachments, and some overhead for Base64 encoding, has a maximum limit of 3.75 MB.

When ordering multiple phone numbers, some users may prioritize consecutive numbers. While Bandwidth does not guarantee that we maintain a stock of consecutive phone numbers in our available inventory, it is common to find phone numbers that follow each other in order, without gaps, from smallest to largest.

In this article, we’ll provide you with a helpful Excel formula to assist you in locating and ordering a consecutive block ofphone numbers.

Perform the following steps:

Log into the Bandwidth Dashboard

Click 'Numbers' and then 'Search and Buy'

Open a ticket

From the 'Buy Phone Numbers' page:

Determine a phone number type: Regular or Toll-Free

Choose the ‘Let me specify a quantity’ option.

Type 5,000 into the quantity field.

Click ‘Search Available Numbers’

Export your results to Excel.

In the Excel file, highlight cell B3 and from the ‘Formulas’ tab click 'Insert Function'.

A new 'Insert Function' window will appear, highlight 'IF' and click 'OK'.

On the 'Function Augments' window enter the following:

Click 'OK'.

In the cell B3, double click the small square in the lower lefthand corner.

Note: This function will populate YES by each of the consecutive phone numbers.

Rearrange your spreadsheet so it only contains the phone numbers you want to order to your account.

To order the numbers to your account, perform the following steps:

From the top menu bar select the 'Orders' tab, 'Order new numbers' and click 'Import batch from spreadsheet'.

Save your document as a .CSV, and feel free to ' View a sample source .csv file ' to properly format your file.

Select your 'Sub-account' and 'Location group'.

Click 'Upload'.

Still have questions? on the Bandwidth Support Center.

What's happening?

Verizon has announced the new go-live dates for Local A2P SMS and MMS Routes (also known as 10DLC).

Local A2P Route Go-Live Dates:

MMS - Tuesday, January 14, 2020

SMS - Saturday, February 1, 2020

This is the first of many anticipated 10DLC carrier routes that will bring about greater predictability and reliability for high volume, A2P traffic over local numbers.

What do I need to know?

Verizon will begin blocking application-to-person (A2P) MMS and SMS sent over legacy person-to-person (P2P) routes, based on the CTIA guidelines (updated July 2019).

Please note:this blocking will NOT impact Toll-Free SMS Messaging. As you access these new routes, you will incur a new fee for all messages sent via the 10DLC route, in order to cover increased carrier fees.

What do I need to do?

Contract for Local A2P SMS no later than Monday, January 27, 2020.

Be proactive and contract for Local A2P SMS today to ensure your traffic isn't blocked on Saturday, February 1! In order to allow the industry enough time to rebroadcast your numbers as A2P, please sign your contract today.

Have additional questions?

Please reach out to your Bandwidth Support Team. We're here to help!

here

The Bandwidth team has been hard at work re-designing the Bandwidth Dashboard user interface. As of Monday, November 18, 2019, all users have access to the new Bandwidth Dashboard! Some of the new improvements you’ll notice are:

Faster speed - we’ve improved the performance and page loading times to give you the ability to whiz through processes, like ordering and porting.

Usability improvements - we’ve simplified pages, streamlined workflows and upgraded things like user management, locations, notifications, order details and more!

Consistency - we’ve refined all terminology for in-application instructions and structured all pages in a more thoughtful and user-friendly fashion.

Development efficiencies - best of all, this new foundation will allow us to improve the Bandwidth Dashboard more quickly and efficiently in the future.

What is this ‘Classic-New’ button I now see on the right side of the screen?

This release is different from how we’ve released features and products in the past. All Bandwidth users have access to an ‘experience switcher’ that lets you go back to the old experience if you need to compare the New and Classic pages.

What support resources are available to me?

Bandwidth Learning Lab - our self-guided training tool within the Bandwidth Dashboard will guide you through each of the newly revised pages.

Support Content - all articles in the Bandwidth Support Center are optimized for the new page flows. We’ve updated screenshots and verified all ‘how-to’ articles. If you’d like to revisit any of the old content, it’s available .

What if I run into a problem with the new interface?

You can switch between the New and Classic experience as needed. If you decide to switch to the Classic experience, please complete our short survey. This will help us identify and fix any issues you may have.

How will I know I’m in Beta?

You’ll see this pop-up during your first log-in since the Beta launch.

Table of Contents

Key Differentiators

Credentials

Retrieving Call Data in V2

Migrating from V1 BXML

Migrating from V1 REST

Resources

To help prepare you to make the switch for your applications, our product experts have created this guide as an overview of the main significant changes from V1 to V2 in terms of the API functionality. If you find that you need additional support, you can reference the developer docs for Bandwidth’s V2 Voice API or contact support for further assistance.

Key Differentiators

First, let’s review the significant changes between the V1 Accounts API and V2 Accounts API and what this difference will look like in the API.

DIFFERENCE

V1

V2

Types of APIs

REST and BXML-oriented

Primary BXML. Rest APIs are used to place an outbound call, modify an existing call, change recording state, and access recordings. All media actions are specified as BXML verbs.

Credentials

Separate credentials for voice APIs and Bandwidth dashboard

Unified credentials managed through Bandwidth dashboard

Georedundant

No

Yes

Callback URL

Single callback URL for all actions

Callback URL follows application flow

Number Management

Performed in Application Platform portal or API

Billing

Performed in Application Platform portal. Uses credit card or postpaid

Credentials

V1 and V2 both use Basic Auth.

In V1, the credentials were managed using the Voice & Messaging API Dashboard (sometimes called Catapult). These were distinct from the Bandwidth Dashboard credentials you may have used to manage your numbers.

In V2, you'll use a Bandwidth Dashboard username and password for both the voice and number management APIs. You may want to create a dedicated user for your application to use for placing calls. That user needs to have the “HttpVoice” role in order to call the voice APIs.

Retrieving Call Data in V2

In V2, you can't do a GET request on an endpoint to retrieve call data. It's up to you to store the data in the callbacks if you need that data later.

Migrating from V1 BXML

Verbs:

Gather

DIFFERENCE

V1

V2

URL to send Gather events to and request new BXML

requestUrl

gatherUrl

gatherMethod

A GET HTTP method will be used to make the request to the requestURL.

Optional attribute to specify the HTTP method used to make the request to the gatherURL. Options are GET or POST. Default is POST, regardless of the method set in the Application.

terminatingDigits

Default value is “#”. If changed from the default, can't be set to empty

Default value is none.

maxDigits

maxDigits

Default value is 50. Range: integer values between 1-50

interDigitTimeout

(optional) Integer time indicating the timeout between digits (Default value is 5 seconds).

(optional) Time (in seconds) allowed between digit presses before automatically terminating the Gather. Default value is 5. Range: decimal values between 1 - 60.

firstDigitTimeout

N/A

(optional) Time (in seconds) to pause after any audio from nested <SpeakSentence> or <PlayAudio> verb is played (in seconds) before terminating the Gather. Default value is 5. Range: decimal values between 0 - 60.

repeatCount

Could only be set within a PlayAudio verb

(optional) The number of times the audio prompt should be repeated if no digits are pressed. For example, if this value is 3, the nested audio clip will be played a maximum of three times. The delay between repetitions will be equal to firstDigitTimeout. Default value is 1. Range: 1-25.

SpeakSentence, in addition to PlayAudio, can now be repeated.

Nesting multiple audio verbs (ie. both PlayAudio and SpeakSentence)

No

Yes

Hangup

DIFFERENCE

V1

V2

Can be used to reject incoming calls either explicitly or implicitly

No

Yes

Pause

DIFFERENCE

V1

V2

Attribute Name

length

duration

Range

1-3600 seconds

Decimal values between 0.1 - 86400

PlayAudio

DIFFERENCE

V1

V2

Supported Files

wav and .mp3

wav files encoded as PCM or G711

Volume

Yes

No

repeatCount, delayBeforeRepeat

Yes

Use repeatCount on the Gather verb

Redirect

DIFFERENCE

V1

V2

URL to request new BXML from

requestUrl

redirectUrl

requestUrlTimeout

Required

Set to 5 second by default and is not configurable

redirectMethod

A GET HTTP method will be used to make the request to the requestURL.

Optional attribute to specify the HTTP method used to make the request to the redirectUrl. Options are GET or POST. Default is POST, regardless of the method set in the Application.

Username/Password protected HTTP request for sending Redirect events

No

Optional

SendDtmf

DIFFERENCE

V1

V2

Maximum Characters

92

50

SpeakSentence

DIFFERENCE

V1

V2

Volume Attribute

Yes

No

SSML Support

No

Yes

Support for es_mx locale

Yes

No

Transfer

DIFFERENCE

V1

V2

transferTo (Simple Transfer)

Supported

All phone numbers must be listed as <PhoneNumber> tags nested in the <Transfer> tag.

Username/Password protected HTTP request for sending Redirect events

No

Optional

Audio Message to Callee Prior to Transferring

SpeakSentence and PlayAudio are nestable verbs within Transfer. The transfer will bridge the calls when all verbs inside Transfer were executed.

A transferAnswerUrl can be provided to send the Transfer Answer event to and request BXML to be executed for the called party before the call is bridged.

Max Amount of Phone Numbers to Transfer to

7

8

requestUrl attribute renamed to transferCompleteUrl

An optional attribute of requestUrl can be specified to send the Transfer Complete event to and request new BXML.

If the requestUrl event isn't needed, you may omit the requestUrl and continue placing BXML verbs after the Transfer verb and those verbs will be executed when the B leg hangs up.

Same, but the attribute is named transferCompleteUrl instead of requestUrl.

Callbacks Received

Hangup and transferComplete

Transfer Answer and Transfer Complete

Transferring to SIP URLs

Supported

Not supported. Only E.164 numbers are allowed.

Callbacks

V1

BXML callbacks perform HTTP GET requests to the requestUrl when the notification intends to retrieve a new BXML document. BXML applications only supported GET requests on the callback url for the answer event.

V2

BXML callbacks are HTTP POST requests by default. The request will have a JSON body that describes the event. It expects an XML response consisting of BXML verbs.

Other

HTTP GET requests may be used for callbacks by setting the appropriate Method attribute when specifying each callback's URL. If the GET method is used, the properties are passed as query parameters. This can cause very long URLs, which some web servers don't support, so POST is the preferred method.

Migrating from V1 REST

Voice V2 APIs utilize BXML because it provides advantages over REST in an event driven real-time communications environment. As such you should refactor your application to utilize the BXML capabilities of V2 as described in the previous sections. More information regarding BXML is available here.

Resources

Check out our Developer Docs for additional documentation.

Still have questions? Open a ticket with our support team. We're here to help!

Bandwidth automatically calculates the concurrent call paths for the UC seat reseller account. The values are not visible to the reseller. Each seat is guaranteed a concurrent call path to the PSTN.

This article references the ‘New’ interface in the Bandwidth Dashboard. Looking for the ‘Classic’ experience? Click here !

In this article, you'll learn how to review your telephone number inventory and report on end-user assignment. In the upper right-hand corner of the Bandwidth Dashboard, you'll see a widget titled ‘End-user number utilization’ with your number utilization percentage.

We’re looking for you to report on which phone numbers are assigned to a specific end-user. You may find this process helpful to determine which phone numbers you no longer need.

API docs.

leverage our APIs

Click 'Reports' on the top navigation menu, then 'Reports Dashboard'.

There are a couple of new reports here, but let’s focus on the report that will give you a list of your Assigned, Pending Assignment, and Unassigned telephone numbers.

Double-click on the END-USER PHONE NUMBER ASSIGNMENT report.

On the END-USER PHONE NUMBER ASSIGNMENT report, change your Status(es) and you will see the following options:

Assigned are phone numbers where Bandwidth can see traffic, or numbers you’ve already marked as assigned with an end-user.

Pending Assignment are numbers where Bandwidth cannot see traffic (these are the numbers you will want to report on).

Unassigned are numbers that you have previously marked as unassigned meaning they do not have an end-user.

To begin this report, choose Pending Assignment as your status, keep your date range as ALL TIME, and your file format as CSV.

Then click Generate Report and your report should begin processing in the upper right hand side of your screen, under Past reports.

Click on the CSV icon to download your report. The file will download into your web browser. Double-click to open.

Upon opening, you will receive a list of telephone numbers, their assignment status and status expiry date. The ‘Expiry date’ will only populate on assigned numbers.

Please note that phone number assignment statuses will expire after 120 days.

Take your time to curate your list of telephone numbers, removing the ones that are not assigned to an end-user.

When you’re finished, save your .CSV file and head back to the Bandwidth Dashboard.

From the top navigation bar, click 'Numbers', and then 'End-user assignment'

To label your numbers as assigned, we have a few different options:

You can either upload your spreadsheet,, or copy and paste your Numbers.

The easiest option is copy/paste. To do this, all you need to do is copy the list of phone numbers from your excel file (ignoring the header), and paste them in the ‘List phone numbers’ section of the tool.

Then Click ‘Label Numbers as Assigned’

Please Note: You can update up to 5,000 phone numbers at a time.

If you would like to import this as a spreadsheet.

Change cell A1 from TN to Number. And remove columns B and C. It should look like this:

Save this file as a .CSV.

From the Number Assignment page, Click CHOOSE A FILE and browse to your spreadsheet and click ‘Open’

If you’d like, you may provide a Custom Order ID.

When you’re satisfied, click LABEL NUMBERS AS ASSIGNED

Success! You have labeled your phone numbers as assigned to an end-user. This status will be retained for 120 days.

Please Note: the phone number status may take some time to process and may not show up as assigned immediately.

While this isn’t mandatory, if this exercise has prompted you to disconnect any unassigned phone numbers, perform the following steps:

Navigate to 'Numbers' > ‘Disconnect.’

From here, paste the list of phone numbers you wish to disconnect and click 'Disconnect.'

If you’d like to disconnect any unassigned phone numbers, Click 'Numbers' in the navigation bar, then click 'Disconnect.' From here, paste the list of phone numbers you wish to disconnect.

Click 'Disconnect.'

support ticket

Table of Contents:

Step 1:Identify your Telephone Numbers Enabled with CNAM

Step 2:Determine which Telephone Numbers you'd like to remove CNAM services from

Step 3:Bulk remove CNAM from the Telephone Numbers you don't want CNAM enabled on

STEP 1: Identify your Telephone Numbers Enabled with CNAM

Start by downloading the 'Full Phone Number Details Report':

Log into the Bandwidth Dashboard and select your correct account.

Click 'Reports' from the top navigation bar.

On the 'Reports Dashboard' click the report named 'Full Phone Number Details'.

Selection for report fields will follow. The options are:

Sub-account: All sub-accounts

Areas codes (NPAs): All area codes (NPAs)

Rate center and state:All rate centers

Line feature(s): CNAM

Activation date range: ALL TIME

Modification date range: ALL TIME

File format: Excel or CSV

Click 'Generate' to download your report. Your reportwill be generated for exporting on the right side of the screen under 'Past Reports'. You can also find this report in the 'Downloads' folder on your computer.

Once you open your downloaded report, we recommend you using the 'filter' feature to sort through the data provided.You will see the telephone numbers' current CNAM status located in the Column Titled 'CNAM'. Filter the 'CNAM' column to show only the telephone numbers that list CNAM as 'On'.

The 'CNAM' column will list either 'On' or 'Off'.

On: TN has CNAM Per TN for Inbound Calling

Off: TN does not have CNAM Per TN for Inbound Calling

Pro Tip: Use the "Filter" feature to sort and filter out "On" and "Off" in column titled CNAM

STEP 2: Determine which Telephone Numbers you'd like to remove CNAM services from

STEP 3: Bulk remove CNAM from the Telephone Numbers you don't want CNAM enabled on*

*This process also applies to bulk enabling CNAM to your telephone numbers

Click 'Numbers' on the top navigation bar and then click 'Upload Line Features'.

Click 'Download a template .csv file' in the first bullet. Once downloaded, open the file.

This file is a template with default entries. To use this template, delete the default entries from rows 3 - 6.

Refer to step 2 where you identified the telephone numbers you wanted to remove CNAM services from. Copy the telephone numbers you want to remove CNAM services from and then:

In column A in cell A3, paste the identified TN's you wish to turn off CNAM

In column B in cell B3, insert the word "off" next to each TN that needs to have CNAM disabled

Pro Tip: To speed up the process, you can drag or auto-fill "off" from cell B3 down to the end of your TN List. Click cell B3 and double click the large square in the bottom right area of the B3 cell.

You will now need to 'Save As' and rename the file. Click 'Save As' and rename the file with no spaces. Please ensure to use the file type '.csv'.

As an example, you could name your file: Account_CNAM_Removal

Navigate back to the Bandwidth Dashboard - you should still be on the 'Upload Line Features' page within the main 'Numbers' page found on the navigation bar.

Click 'Choose File' and select theappropriate .csv file that you just renamed from your local computer.

Click 'Upload Line Options.' This page will update with results.

Pro Tip: If you encounter any errors, double check each step to ensure the formatting is correct. Errors may be due to an incorrect file type (anything other than .csv), spaces within the .csv file name, or formatting issueswithin the .csv file.

NEED MORE INFO?

If you have any additional questions, please open a .

Bandwidth has multiple geographically redundant signaling proxy facilities in the United States. The specifications below provide detail as to what should be expected.

SBC (Session Border Controller) IP Information

Bandwidth employs mated pairs of SBC's for signaling redundancy. For Inbound Calling services, please ensure that both IP addresses provided are configured for inbound traffic in the event that one SBC is offline. Your implementation specialistassisting with onboarding will be providing these IP addresses during the onboarding kick-off call, or via the welcome email.

SIP (Session Initiation Protocol)

Bandwidth SIP signaling protocol is designed for RFC3261. If any other method is used, calls will fail to set up.

Allowed Ports for Media/Audio

If a customer PBX is protected by a firewall, manufacturer compliance will need to be verified that the firewall has the ability to act as either a SIP ALG or a Back-to-Back User Agent (B2BUA). The following ports are required to allow for full 2-way audio:

UDP port 5060 must be opened to support SIP signaling

UDP ports 1024-64,000 must be opened either statically or dynamically (ALG) to allow for audio path.

Bandwidth uses multiple IP addresses to allow media from its gateways

Attributes

The following attributes are allowed within Bandwidth SIP trunks:

DTMF

Dial Plans

Codecs

Signaling Protocol

IP Protocol

Media Anchoring

Supported DTMF

Bandwidth supports both in-band and out-of-band DTMF outlined in RFC2833.

Dial Plans

Bandwidth supports E.164 for inbound calling only. This is an international recognized standard characterized by a "+" followed by the country code, then phone number. For example:

Local & Long Distance: +19192971000 International: +4402074942020

IP Protocols

Bandwidth requires that all SIP and audio be delivered via UDP, in packets no larger than 1350 bytes. TCP is not supported.

Supported Codecs

Codec list choices:

G711ulaw, G729a, ILBC (will default to ptime 30)

G711ulaw, G729a (will default to ptime 20)

Call Concurrency Limits

Please contact the CSA to determine what the appropriate call concurrency limits are. If a customer's call concurrency limit is reached, a 503-Service Unavailable or 486-Busy Here Signal message will be provided to the customer.

Supported Caller ID / Privacy Types

FROM field default option for caller ID name, number and rating.

RPID (Remote Party ID) secondary option

P-Asserted ID supported option

Privacy Headers supported option