Bandwidth short code handbook


Luke Thompson


Short codes

What is a short code?

A short code (SC) is a 5-6 digit code that allows businesses to send A2P messages to consumers who have opted-in. Common SMS campaigns include sending coupons, 2FA, marketing promotions, etc. 

Submitted campaign briefs will be reviewed for compliance with the following CTIA guidelines and Bandwidth policies. 

Shared short codes

A shared short code is a 5-6 digit number that is shared between multiple businesses. For multiple businesses to use a single short code, each business must have its own unique keywords to separate the traffic. In some cases, multiple businesses can send users messages from the same short code for different purposes, making for a poor user experience and tough opt-in/opt-out management.

Shared short codes that are being used by multiple brands can no longer be submitted for processing. The biggest problem with shared short codes happens when one business user of the short code violates content or messaging practices. It can cause the entire shared short code to be shut down, frustrating the many users and businesses associated with that number.

Vanity vs random short codes

A random code is a 5-6 digit number that’s randomly assigned by the Short Code Registry. A vanity code is a 5-6 digit number that’s specifically selected by a brand, rather than randomly assigned.

Canadian short codes

We don’t offer Canadian short codes currently. Only US short codes are available.

Prohibited short code campaign type

Bandwidth’s Acceptable Use Policy (AUP) applies to short code messaging usage. Please note that Bandwidth will not power A2P messaging campaigns associated with the following:

  • Third-party or affiliate lead and/or commission generation 
  • Advertisements for loans
  • Credit repair offers
  • Debt relief
  • Debt collection
  • Work from home, secret shopper, multi-level marketing, or other similar advertising campaigns
  • Depictions or endorsements of violence, hate speech, or otherwise engaging in threatening, abusive, harassing, defamatory, libelous, deceptive, or fraudulent behavior
  • Content related to the sale or promotion of substances that are classified as controlled substances under federal law, including marijuana (cannabis)

US short code timelines

Bandwidth US short code processing overview

Below you'll find a high-level overview of the short code’s lifespan. Each short code application is unique, so timelines may vary.

Important: Please note steps 3 and 4 occur in tandem.

  1. Account manager reach out: To begin the process, please reach out to your account manager to begin the contracting process.

  2. Bandwidth internal risk review (1-2 business days): The Bandwidth Risk team will conduct an overall assessment of the customer's account to ensure it’s in good standing.

Note: Our internal review does not waive or guarantee carrier approval of the short code program. It’s still subject to review by each carrier.

  1. Campaign Brief Submission and Bandwidth customer integration/setup(up to 2 weeks): The Implementation team will send the customer a link to the short code campaign brief. Completing the brief will trigger step 4 (short code brief compliance) which will occur in tandem with the customer integration/setup.

    The customer will need to perform API or SMPP integrations with Bandwidth to ensure that their application can successfully send and receive messages. Integrations must include the configuration of all keyword responses (e.g., HELP, STOP, etc.) per the short code guidelines.

In addition to integrating with our APIs, there may be additional development work that needs to be done in order to appropriately test the messaging flow. Although testing can be done in as little as a few hours, it may take up to 2 weeks to perform all the necessary tests.

Important: Full integration and traffic flow testing must be completed prior to carrier testing in order to obtain approval.

  1. Short code brief compliance (up to 3 weeks): Once the campaign brief has been completed, the Implementation team will open a ticket for the customer with the Messaging Compliance team to begin the short code campaign brief review. Once the use case is confirmed, Bandwidth will gather the short code lease for the customer (if the customer chooses to have Bandwidth manage the lease). Bandwidth will partner with the customer and our short code partner to ensure the short code brief has been updated to the current compliance standards within the industry. 
  1. Carrier submission (up to 8 weeks): Once the brief has been brought up to the current industry compliance requirements and has passed the review with our short code partner, the short code will be submitted for official review with carriers. 

For a net new short code, the carrier submission timeline is 6-8 weeks. For a migrating short code, that timeline is 4-6 weeks.

  1. Launch: Once testing has been completed, Bandwidth will send the customer a notification certifying their campaign. This means the customer can launch your service and run live traffic. Even after approval and their campaign going live, they will still need to monitor their traffic to make sure they are staying compliant with the carrier requirements.

Bandwidth works closely with our short code partner to ensure campaign briefs are up to date on current messaging requirements. Bandwidth will make all efforts to make the short code brief compliance (step 4) as seamless as possible, but we can’t always predict the additional questions our short code partner may have. Please help us streamline this process by providing clear and concise details about the inquiries so that we can advocate for the use case on your behalf when necessary. 

A carrier may request changes to your short code application or ask you to provide a mock-up at any point within the carrier submission process, which could cause additional delays in approval times.  

Unfortunately, Bandwidth doesn’t have control over whether or not a carrier will approve or deny a short code submission. Due to each carrier's provisioning cycle, we can’t guarantee that a short code can be live by a specific date. 

Pre-approved use cases (migrations)

Even if carriers previously approved a use case, each migration is subject to a re-approval process since messaging requirements change frequently. The re-approval process is required in order to ensure the short code is up to date on the latest compliance requirements. The short code campaign brief will also need to be resubmitted and reviewed with carriers for migration.

Note: Wireless carriers don’t work in sync during migrations. It's likely one carrier may approve while another is "pending." In order to minimize downtime, applications should be configured to ensure they can receive and send messages both from the previous provider and Bandwidth. Having routes set up for both providers makes the transition more seamless.

Expedite process

There’s no expedite process. Each carrier has their own processing and provisioning cycles, plus the speed at which they review campaigns is volume-dependent since they process short code requests for the entire messaging industry and not just Bandwidth.

In the case of urgent situations, we’re able to use our Carrier Relations team and raise awareness with our short code vendor. However, we can’t guarantee that any carrier will expedite their processes to have a short code processed by a specific date. 

It’s important to allocate enough time for any required development work and account for the general timelines for the type of code you’re interested in purchasing (new or migrating). 

What do I need to provide? 

The short code campaign brief should contain the following elements: 

  • Program summary (description of the intended use for your short code)
  • Clear call-to-action
  • Illustration of message flows (opt-In mechanisms, opt-in confirmation messages, opt-out requests, and HELP responses)
  • A link to Terms & Conditions

You should review the CTIA Short Code Monitoring Program for a detailed review of major criteria because your short code brief will be measured against it during the review and approval process. The Bandwidth Messaging Terms & Conditions also provide additional details on content restrictions.

Short code campaign brief

As part of the submission process, you need to fill out the Bandwidth short code campaign brief. Please refer to the Short code brief glossary section for details on what needs to be provided within each field. 

Program summary

Consistent program names and product descriptions in advertisements and messages help recipients connect all parts of the short code experience. All short code programs are required to disclose program names, product descriptions, or both in-service messages, in the call-to-action and in the Terms & Conditions. The program name is the sponsor of the short code program (i.e., the brand or company name associated with the short code). The product description describes the product advertised by the program. 


The call-to-action ensures a recipient has consented to receive a text message and understands the nature of the program. It should describe how and where the recipient signs up to receive short codes, as well as the keywords associated with the short code program.

As per the CTIA Messaging Principles and Best Practices, a call-to-action should ensure that recipients are aware of:

  • The program or product description
  • The short code(s) from which messaging will originate
  • The specific identity of the organization or individual being represented in the initial message
  • Clear and conspicuous language about opt-in and any associated fees or charges (“Message and data rates may apply” disclosure)
  • Other applicable terms and conditions (e.g., how to opt-out, customer care contact information, and any applicable privacy policy)

Call-to-action example


Message flow


Recipients must clearly indicate consent to opt-in to all recurring messaging programs. Messages must be delivered only after the recipient has opted-in to receive them. 

Recipients may opt-in to a program by:

  • Entering a phone number online
  • Clicking a button on a mobile webpage
  • Sending an inbound message containing an advertising keyword
  • Signing up at a point-of-sale (POS) location
  • Opting in over the phone using interactive voice response (IVR) technology.

For recurring message programs, an opt-in confirmation message must be sent to the mobile subscriber with the following information:

  • Single confirmation message confirming the subscription
  • The brand name or program description
  • Description of how to opt-out
  • Customer care contact information
  • Program frequency
  • “Messaging and data rates may apply” disclosure


Recipients must be able to opt-out of messages using a keyword such as STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. STOP message should include the program name and confirmation that no further messages will be delivered. Recurring message programs must remind recipients at regular intervals (at least once per month) that they may opt out using a keyword. 


Your short code must be configured to respond to the HELP keyword, regardless of whether or not the individual sending the message is subscribed to receive messages from the short code. The HELP keyword should return at a minimum the program name and further information about how to contact the program's customer support by including the phone number, website, and email address.

SMS terms and conditions 

There should be a specific section added to the Terms & Conditions page to address SMS specifically. It should be listed beneath the call-to-action, or be accessible via a link in close proximity to the call-to-action.

SMS terms and conditions must include:

  • Program (brand) name 
  • Product description
  • Message frequency disclosure (e.g., recurring subscription, 5 msgs/wk) 
  • “Message and data rates may apply” disclosure
  • Privacy policy
  • Customer care contact information
  • Opt-out instructions
  • T-Mobile disclosure: “T-Mobile is not liable for delayed or undelivered messages”

Authorization letters

If you’re migrating a short code to Bandwidth, you’ll need to provide all of the above, plus:

  • Your most recent CSCA (Common Short Code Administration) lease receipt
  • A Letter of Migration

For migrations, please submit a new short code campaign brief to Bandwidth, rather than a copy of your existing brief. It’s likely the brief may be out of date or lack all the relevant information with the most recent guidelines as described in this document.

Letter of migration

The Letter of Migration should be on your company letterhead, signed and dated by a member of your company (director-level or higher). You can follow the example below when composing your migration letter:

Date: [must be within 30 days of campaign submission]

Re: Migration of Short Code [XXXXX]

To Whom It May Concern:

[Company Name] approves the migration of short code [XXXXX], CSCA Application ID [Number] to Infobip effective [Date].


[Contact Information]

Sample compliant message programs 

For examples of compliant campaign programs please see Appendix A and/or B of the CTIA Short Code Monitoring Handbook. Below we have provided a list of the required items an opt-in must have in order for it to be considered compliant with carrier standards.

Recurring message programs

SMS opt-in requirements for recurring messages:

  • Program name 
  • Product description (explanation of service offered)
  • Product quantity or recurring messages disclosure for subscription services (e.g.., recurring, subscription, 5msgs/wk)
  • “Message and data rates may apply” disclosure
  • HELP instructions (customer care information can also be used – toll-free number or email address). 
  • Opt-out instructions (e.g., reply STOP to cancel)
  • Privacy policy link
  • Terms & Conditions link

Single message programs

SMS opt-in requirements for single/transactional messages:

  • Program name 
  • Product description (explanation of service offered)
  • “Message and data rates may apply” disclosure
  • Privacy policy link
  • Terms & Conditions link

How do I get started?

If you’re ready to start the process of obtaining a short code, please engage your account manager. Not sure who your account manager is? Please open a ticket with your Bandwidth Support Team or hit us up at (855) 864-7776!

Short code brief glossary

Field Definition
Bandwidth Customer Name The name of the Bandwidth customer completing the form.
Compliance Point of Contact: Name

The compliance POC should be from the Bandwidth company/organization completing the form.

The compliance point of contact is the person that will be contacted for any compliance issues/questions that come up, in regard to, the short code. The compliance POC should be from the Bandwidth company/organization.
Compliance Point of Contact: Email The compliance point of contact’s email.
Compliance Point of Contact: Phone Number The phone number of the Bandwidth customer completing the form.
Message Sender: Legal Company Name The name of the company/organization that is sending the messages.
Message Sender’s Company Address  The address of the message sender.

New or Migration?

Not a required field
Is this a net new short code or a migration?
Company URL The website of the company/organization that is sending the messages.
Terms & Conditions URL

The Terms and Conditions link of the company/organization sending the message(s).

The Terms & Conditions should be listed beneath the Call To Action, or be accessible via a link in close proximity to the Call To Action, and must include: 

  • Product description
  • Program (brand) name
  • Customer care contact information
  • Recurring message disclosure (if applicable).
  • Privacy policy 
  • Opt-out instructions
Billing Type

Standard SMS: Standard fees to send or receive SMS messages.

Free to End User (FTEU): Refers to messages that end users can receive for free. Senders of an FTEU message pay two charges: the sending charge and the receiving charge.
Message Type SMS or MMS
Is this a shared short code (used by multiple brands)?  No. Shared short code campaigns are no longer allowed to be filed.
Type of Program

Please select the type of program content that best fits your use case:

  • Alerts
  • Chat
  • Sweepstakes/Contest
  • Voting/Polling
  • Emergency Alerts
  • Fraud Alerts
  • Promotional Marketing
  • 2FA
  • Donation
  • Political
  • Delivery Notifications
  • Security Alerts
How will the end user opt in? 

Please select the method at which an end-user would opt into the short code program.

  • Web
  • Point of Sale (POS)
  • Keyword
  • IVR
  • Verbal
  • Other (explanation for next field is required)
Please provide supporting information for the selected opt in method

Included but not limited to the below examples:

  • Sign-up URLs
  • Link to screenshot
  • Keyword 
  • IVR phone number and script
  • A detailed explanation of the exact steps a user takes to opt into the program
Call to Action Method

How will mobile subscribers be made aware of your campaign? Please choose one of the following:

  • Point of Sale (POS)
  • Print
  • Radio
  • TV
  • Web

How often will end-users receive messages from the short code campaign? 

Subscription: The end-user will receive messages from the short code on a recurring basis (i.e., daily/weekly/monthly alerts). 

Transactional: Messages are only sent if the end-user initiates contact with the short code (i.e., 2FA alert)
Program Summary Please derive a short summary of what the campaign promotes or how the short code will be used. 

Opt-In Interaction/CTA (Call to Action)

The CTA should include:

  • Program, brand name, or product description
  • Method of opt-in (i.e., keyword), product quantity, or recurring message disclosure
  • “Msg&Data rates may apply" disclosure, and link to T&Cs & privacy policy
Initial Opt-In Please outline the exact behavior the user will have to take to initiate the opt-in. 

Pin/Opt-In: Outbound (MT)

Not a required field
If applicable, actual MT message. 160 characters max.

Double Opt-In

Not a required field
If applicable, the exact behavior the end user will have to take for the double opt-in (i.e., START).
Confirmation: Outbound (MT) The message an end-user will receive once they opt into the messaging program. Actual MT message. 160 characters max.
Help Interaction: Inbound (MO) HELP 
Help Interaction: Outbound (MT) The message an end-user will receive after texting the keyword HELP to the short code. 
Opt-Out Interaction: Inbound (MO) STOP, END, QUIT, CANCEL, UNSUBSCRIBE
Opt-Out Interaction: Outbound (MT) The message an end-user will receive after texting the keyword STOP to the short code. 

Subscription Renewal Reminder

Not a required field
If applicable, the exact behavior the end user will have to take for the double opt-in (i.e., START).

Subscription Renewal Confirmation

Not a required field
If applicable, the exact behavior the end user will have to take for the double opt-in (i.e., START).
Example Alert/Customer Interaction Please provide at least two sample messages that will be sent from the short code. 

CSCA Lease Receipt

If applicable
If applicable, please provide a copy of the lease receipt from the Short Code Registry.

CSCA Order ID #

If applicable
This number can be found on the lease receipt that is provided by the Short Code Registry

Migration Letter

If applicable
A signed letter from the Bandwidth customer providing authorization for Bandwidth to migrate the short code to our network.

Additional Supporting Documents

If applicable
Please attach any additional supporting documents here. 

Article is closed for comments.