2024 APRIL | SAFEGUARD

Next to our earlier Safeguard features of Destination Management and IP Address Restrictions, it is with joy and pleasure to share with you that we have a new feature in place for you: Safeguard Rate Limiting.

And as a follow-up on our release of Safeguard IP Address Restrictions feature, we have expanded it with more convenience by providing suggested IP addresses.

Feature release | Safeguard Rate Limiting

We can proudly share our new powerful addition to our Safeguard feature set called: Safeguard Rate limiting. By using rate limiting you can determine the maximum number of messages allowed through your account or sent to a specific recipient. Rate Limiting helps you in preventing misuse and helps us both in maintaining the platform's performance and reliability.

A sending limit on a communication platform refers to a predefined restriction or threshold set by the platform provider that limits the number of messages or communications a user or account can send within a specified period.

Our gateway offers recipient sending limits and customer sending limits. By default, these limits are disabled.

What are Recipient Limits

When recipient sending limits are activated a restriction is placed on the total number of messages that can be sent to any single recipient. The system can be used to prevent peaks to a single recipient and prevents the end-user from being flooded with messages: You can determine that your end-users will never receive more than 10 messages a day. As such you can cap your recipient sending limits. Any message above the 10 messages will be cancelled and will not be delivered. Recipient limitations are always configured per time unit, which can be per Hour or Day.

---

What are Account Limits

When account sending limits are activated a restriction is placed on the total number of messages that can be sent through your account within a specific time frame. You may know that you will never send more than 100.000 messages a day, so you could cap your account to 100.000 messages. Any message above 100,000 will be cancelled and will not be delivered. Account limitations are always configured per time unit, which can be per Hour, Day, Week or Month.

---

Rate Limiting can only be configured and found on our tool Channels on the CM Platform. When navigating to Channels, you will find the API Access and settings when clicked the page will show you the options Authentication & Business Messaging Settings. Choose the Business Messaging Settings.

You can have Safeguard Rate Limiting configured for both Recipient as for Account limits at the same time, but you can only do the following:

• You can only set 1 time frame per limit
• Month, Week, Day or Hour for Account Limits
• Hour or Day for Recipient Limits
• You can set only 1 message limit for the set time frame, as shown below:

Traffic that is sent above the set limit, will be cancelled. These cancelled messages will have a specific error message to trace back that they were cancelled because of rate limits. The error message will be: “Blocked by safeguard”.

Feature release | Suggested IP Addresses for Safeguard IP Address Restrictions

With Safeguard IP Address Restrictions, you provide extra protection to your account next to the use of your product token. It is up to you to enter the IP Addresses you would like to restrict to. Adding them manually and finding which IP addresses you use can be a challenge. We now offer you the solution in Safeguard to help you add the known IP addresses that connect with our gateways through a list of suggestions.

In Channels you can find these Suggested IP Addresses and you can easily add them by selecting each of the IP addresses and pressing the add button to add them to the list of already restricted IP addresses.

2024 APRIL | Error Handling

On our way of providing more transparency and better insights on your messaging traffic we of course also aim to improve the error handling on the platform. This month we have taken a small step improving it for OTT Channels.

Feature release | Error Codes for OTT Channels

You are now able to receive a clear explanation of what happened to your OTT traffic when your messages result in an error. Instead of only informing you that the error is because of a supplier or channel response without any details, you will receive details directly via your configured webhooks when receiving Status Reports (SR or DLRs).

For example the error “Used when the message was blocked because of channel/supplier response, see the details“ will now be replaced by the error descriptions known at META for WhatsApp as described on their website: https://developers.facebook.com/docs/whatsapp/cloud-api/support/error-codes/.

We have also enabled insights on the errors on our Platform tool: Message Log. For example below is an error directly from META for a WhatsApp message.

2024 March | Business Messaging API

In our continuous effort to improve our Business Messaging API we have made our security capabilities more convenient.

Feature release | Product Token Integration in the header

With this update, you can now provide your product token via the header, offering an alternative to embedding it in the request body. This feature empowers you separate your credentials and request content, enhancing flexibility.

Please note that this capability is currently available only for our Europe region, accessible through our Cloudflare endpoint: https://gw.messaging.cm.com/v1.0/message. We will be working on expanding the feature to other regions in the future.

When leveraging the product token in the header, there's no need to include the authentication section in your request body.

You can find on our developer docs how to add your product token: https://developers.cm.com/messaging/docs/integration#header-authentication-new

2024 March | SAFEGUARD

In our ongoing commitment to extend our security measures and increasing the protection for your data, we are pleased to introduce the Safeguard IP Address Restrictions feature.

Feature release | Introducing IP Address Restrictions

Implementing IP Address Restrictions provides a layer of defense by permitting access exclusively to registered IP addresses or ranges. This proactive measure reduces the risk of unauthorized access, potential data breaches, and malicious activities. Even in scenarios where uninvited guests possess your product token, IP Address Restrictions act as a shield against criminal attempts to compromise your account.

How does IP Address Restrictions work

Accessing and configuring IP Address Restrictions is facilitated through our Channels tool on the CM Platform. By navigating to https://www.cm.com/app/channels/, you will discover the API Access and settings section. Upon clicking, you'll be choosing between Authentication & Business Messaging Settings, where you can choose Business Messaging Settings.

Within the Business Messaging Settings page, locate the Safeguard tab to access IP Address Restrictions. Upon expanding this section, you'll find a comprehensive overview of configured IP addresses along with the option to add new ones.

An example of the page where the IP Address Restrictions feature is displayed in the Channels Tool.

Are there limitations on IP Address Restrictions

While IP Address Restrictions offer security enhancements, it's important to note some current limitations:

1. Only IPv4 Addresses: The system only works with a certain type of internet address called IPv4. More info can be found on: https://en.wikipedia.org/wiki/Internet_Protocol_version_4
2. CIDR Prefix Range supported: Classless Inter-Domain Routing (CIDR) is supported which means IP Address Restrictions can handle different sizes of groups of IP addresses, from really big to just one single address. More info can be found on: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
3. Choices for Limiting Access: You have two options: either allow everything or make a list of specific addresses allowed to connect.

An example of the 2 options in Channels to restrict or not restrict based on IP Addresses

What happens to messages that were sent to a restricted IP address

Messages directed to restricted IP addresses will be prevented from reaching their destination. This measure ensures that only authorized entities can interact with our Messaging Platform and services. Meaning the systems that are trying to connect to the gateway will receive on HTTP “Code 101, No account found for the given credentials“ and on SMPP receive “Bind failed”.

2024 January | Gateway Global endpoint Migration

As part of our commitment to continuous improvement and top-tier service delivery, we're excited to announce a significant upgrade to our messaging infrastructure at CM.com!

Feature release | Introducing Our New Global Endpoint!

Currently, your organization is connected via: https://gw.cmtelecom.com and we're transitioning to a new, more robust global endpoint: https://gw.messaging.cm.com. Meaning we will provide enhanced security through leveraging Cloudflare's Web Application Firewall, offering superior protection against cyber threats. And increased efficiency, because of higher throughput, better uptime guarantees, and advanced geolocation routing. But also future-ready by staying ahead with continuous updates and features exclusively available on the new endpoint. The new endpoint supports JSON format. If you're using XML, migration to JSON is necessary.

Your Next Steps

🔄 Update your system to connect to https://gw.messaging.cm.com [https://gw.messaging.cm.com].

📋 Transition to JSON format if you're currently using XML.

✅ Test to ensure seamless messaging flow.

Integrate our Global Endpoint

We recommend that you utilize our global endpoint, which is globally load-balanced across all our platform locations. You can find more information in our documentation.

We're Here to Help!

Got questions or need assistance with the migration? Our dedicated support team is on standby. Contact us at [email protected] for tailored guidance.