Improving Our System Status Communication

Organizations all over the world use Telerivet for mission critical communication. We take system reliability very seriously, and we know that our customers rely on Telerivet to be available all the time – 24 hours a day, 365 (or 366) days a year.

 

For the past 3 years, Telerivet has built an excellent record and reputation for reliability, in large part because of our significant work to build systems and processes for redundancy, monitoring, alerting, and automatic failover – and perhaps in small part because of good luck.

 

However, Telerivet’s good luck took a break on Saturday, January 31, as our servers experienced three separate hardware problems that coincided with additional problems in our automated failover systems to cause more than an hour and a half of downtime.

 

Telerivet has had a basic status blog since 2012 – which we have rarely ever needed to update. As we responded to all the support requests related to the downtime on January 31, however, we realized we needed a better way to communicate with customers about service interruptions.

 

Today, we’re happy to launch our new status page at status.telerivet.com. It’s hosted outside of Telerivet’s own infrastructure, so that the status page will likely remain online even if Telerivet’s servers experience any issues in the future.

 

On the status page, our system administrators will post updates in real time about any significant problems detected with Telerivet’s service. We’ll also publish detailed incident reports (postmortems) explaining the root cause of outages as well as actions we take to improve our systems.

 

Importantly, the new status page makes it easy for you to subscribe to get updates on future incidents with Telerivet, which can be delivered via email, SMS, or webhook.

 

In addition, we have published several real-time metrics on our status page to give you additional insight into how Telerivet’s service is performing.

 

For Telerivet’s web app and API, the public system metrics on status.telerivet.com show our servers’ uptime as determined by an external monitoring service. In addition, it shows the average response time and error rate for all HTTP requests, as computed from our server log files.

 

Status-metrics

 

With these public metrics, it’s now easier for Telerivet customers to see how well our service has performed – both now and in the past – and hold us accountable.

 

As the first entry on our new status page, we have completed a detailed incident report of the service interruptions on January 31, where you can read about the root causes and contributing factors of the downtime, as well as all the actions Telerivet has already taken in the past few weeks to fix the underlying issues and improve our reliability in the future. Read the incident report here.

 

We hope you find our new status page helpful. If you want to receive notifications of any future incidents, just visit status.telerivet.com and click the “subscribe to updates” button.

Nexmo and Telerivet announce strategic partnership

Nexmo_logoTelerivet is thrilled to announce our new strategic partnership with Nexmo.

Nexmo is an industry-leading cloud communications company that provides APIs for sending and receiving SMS text messages worldwide.

The new partnership offers a deeper integration between Telerivet and Nexmo's global SMS services, making it even easier for businesses and organizations to get mobile messaging solutions up and running with Telerivet.

In over 35 countries where Nexmo offers SMS-capable virtual numbers (see complete list), Telerivet now provides Nexmo as the preferred method of sending and receiving SMS via the Telerivet platform. By using Nexmo virtual numbers with Telerivet, businesses and organizations can get excellent SMS deliverability at affordable rates, including free incoming SMS messages.

For Telerivet customers using other methods to send and receive messages, don’t worry. You can still run your services on your preferred gateway — including Telerivet's Android gateway, your shortcode provider, or another 3rd party virtual number provider. Telerivet’s platform will continue to work the same way for you and offer all the same features as before.

If you’re an existing Telerivet user, you can start using a Nexmo virtual number with Telerivet simply by adding a new phone number in your Telerivet dashboard.

Construction-smartphone-smIn particular, for customers who currently use an Android device with Telerivet in a country with Nexmo virtual numbers, switching to a Nexmo virtual number can drastically simplify Telerivet, since it would no longer be necessary to maintain an Android device to send and receive SMS.

We’re particularly excited because Telerivet is the first such partner for Nexmo. Before Telerivet, only organizations with developers and technical expertise were able to use Nexmo’s APIs directly. Now, companies and non-profit organizations with limited developer resources can benefit from Nexmo as well.

Nexmo announced the partnership in a press release this morning. "Nexmo is very excited to be working with Telerivet. The partnership between a global messaging provider and a service-builder platform has never been so seamless for end users,” said Sassan Saedi, Nexmo’s Head of Product Marketing and Channels. “This is the first partnership in the market to leverage reliable, global SMS deliverability and optimal usability to finally make mobile messaging technology accessible to the 'long-tail' of organizations."

The “long-tail” of organizations that could benefit from from using Nexmo with Telerivet include:

  • Online merchants sending order status notifications and providing customer service
  • Clinics sending SMS reminders and health awareness campaigns to patients
  • Transport companies scheduling logistics with drivers
  • Event planners automating outreach to attendees
  • Schools coordinating classes with instructors and students
  • NGOs communicating with and collecting data from remote populations

For more information about the new partnership, see Nexmo’s press release, and http://telerivet.com/nexmo.

If you already have a Telerivet account, try out Nexmo by adding a new phone number in your Telerivet dashboard. If you don’t have a Telerivet account yet, register an account and then follow the instructions to configure how you send and receive SMS.

Telerivet’s New and Improved Messages Page

We’ve just launched big new improvements to the Messages page in Telerivet — including one of the most-requested features of all-time: full-text search!

Search your message history

Telerivet finally has a search box! You can easily search for words in the text of any message, as well as contact names. You can also combine full-text searches with other filters, such as date ranges, labels, or message status.

Search_example2

It’s blazing fast, too. Even if your project has a million messages or more, the search box usually finds results in a fraction of a second. 

The first time you use the search box, it may take a few seconds for Telerivet to add your new messages to the search index. After that, your searches will be much faster.

Get notifications of new incoming messages

One common way of using Telerivet is to keep the Messages page open in your web browser, and respond to new messages as they arrive — for example, to provide customer support over SMS.

But until now, if you’re not looking at the Messages page all the time, there hasn’t been a good way of getting notified when new messages arrive.

Now, you can optionally enable two kinds of new message notifications: audio notifications and desktop notifications.

With audio notifications enabled, Telerivet will play a chime whenever a new message arrives while the Messages page is open.

If you enable desktop notifications, Telerivet will show an alert on your desktop that you can see even if you’ve switched to another application or browser tab.

Desktop_notification

And as a extra bonus, the title bar of your Telerivet browser tab now shows the number of messages or conversations in your current page, to make it easier to notice new messages even if you’ve switched to another tab.

Title_bar

Desktop notifications currently work in recent versions of Chrome and Firefox, but are not yet supported by Internet Explorer. Audio notifications work in recent versions of Chrome and Firefox, as well as Internet Explorer 9 and above.

To enable these notifications for your account, head over to your Personal Settings page.

Organize your outgoing messages with labels

Telerivet has always supported labels for organizing your messages, but until now adding labels to outgoing messages required two steps: first send the message, then add the label. If you’re sending a lot of messages at once, this can get a little tedious.

Fortunately now you can add labels to your outgoing messages right when you send them. In the “New Message” dialog, just click the “Labels…” button.

Send_labels

Similarly, you can also add labels when importing messages to send from a spreadsheet, and when scheduling messages to send later.

Restore accidentally-deleted messages and contacts

We all make mistakes. Every once in a while, Telerivet gets a panicked support request from a user that accidentally deleted hundreds or thousands of messages or contacts.

Since Telerivet makes frequent backups of all user data, it has always been possible for us to restore deleted data from backups, but that process takes hours of manual work, and the last few hours of data would be lost.

But now, every Telerivet user can save their own bacon. When you delete messages, contacts, or many other items from your Telerivet account, Telerivet will keep them in your “trash” for one week before permanently deleting them.

If you realize your mistake immediately, you can click “Undo” at the bottom of the page to restore the deleted items.

Undo_delete

If you want to undelete data after the “Undo” button goes away, simply go to your Dashboard page, then click More > Restore deleted items. Then you can browse for the items you want to restore.

Deleted_items

If you really want to make sure your deleted data is gone from Telerivet’s servers immediately without waiting another 7 days, click the “Purge all” button at the top of the Deleted Items page. (Of course, since Telerivet keeps backups of all data, your data will still be in the old backups for about 2 more weeks until the old backups are deleted.)

 

To try out these new features, head over to your Telerivet account, and let us know what you think!

Thanks also to the many Telerivet users who suggested these new features! If you have any suggestions about new features that would make Telerivet even better, send us a note at support@telerivet.com .

How to accept mobile money payments online without an API

In many developing countries, where most business transactions have historically been conducted with cash, mobile payment systems like M-Pesa have rapidly transformed the way goods and services are bought and sold.

Instead of carrying cash everywhere, you can now pay with your mobile phone – and unlike Google Wallet or Apple Pay, you don’t even need a smartphone. To complete a transaction, you simply use your phone’s keypad to enter the business’ phone number or ID, the amount of money to send, and your PIN.

When a transaction is completed, the mobile network sends a SMS receipt to both the sender (buyer) and recipient (seller). If you’re the seller, you can see the SMS receipt and know that you’ve been paid.

This payment flow works for in-person payments – but what about businesses that operate online? Developer APIs provided by services like Stripe and PayPal make it easy for online services to accept payments via credit cards and bank accounts, but not via mobile money systems. Some mobile money systems may offer their own APIs, while others don’t have developer APIs at all, or have APIs that are only available for large businesses.

If you want to accept mobile payments and there’s no API available, don’t give up – just scrape the SMS receipts! There are just three easy steps:

  1. Forward SMS receipts from your phone to your server
  2. Extract the relevant data from the SMS receipt
  3. Match the payment with the correct user and credit their account

At Telerivet, we’ve been using this method to accept payments from Tanzania via M-Pesa and Tigo Pesa for over a year already – allowing us to receive millions of shillings in revenue from customers who would have been unable to pay via credit cards or PayPal.

If you want to accept mobile money payments in your own online service, read on to learn how to do it:

1. Forward SMS receipts from your phone to your server

When anyone sends you a mobile money payment, the mobile network will send your phone a SMS receipt. Your online service needs this receipt to know that someone has paid you.

To forward SMS receipts from your phone to your server, you can use the Telerivet Android app together with the Telerivet Webhook API.

If you don’t have an Android phone already, get an Android phone and install the SIM card associated with your mobile money account. Then install the Telerivet Android app on your phone. Finally, configure the Webhook API to forward incoming SMS messages to a URL on your server.

Of course, this method requires your business to have a presence in the country where you’re accepting payments – it doesn’t help accept or transmit mobile payments internationally, since your business still needs to register for a mobile money account, and the funds stay in the mobile money account until you withdraw them.

2. Extract the relevant data from the SMS receipt

Each mobile money system uses a different format for their SMS receipts.

Here’s an anonymized example receipt (in Swahili) from Tigo Pesa in Tanzania:

Tigopesa: Salio jipya ni Tsh 67,676. Umepokea Tsh 16,000 kutoka kwa JOHN SMITH, 0730000000. 06/10/2014 11:59 AM, kumbukumbu no. PP141006.1159.B00001. Tigo Pesa inakulipa mteja wake faida kulingana na wastani wa salio lako la kila siku. Faida nyingine italipwa mwezi wa 10, 2014. Pata zaidi na Tigo Pesa TU.

It contains several pieces of data:

Current Balance: Tsh 67,676
Amount Received: Tsh 16,000
Payee Name: John Smith
Payee Phone Number: 0730000000
Transaction Time: 6 October 2014, 11:59 AM (East Africa Time)
Transaction ID: PP141006.1159.B00001

In order for your online service to process a user’s payment, the most important information is the amount received and the transaction ID.

Extracting this information will likely involve writing regular expressions to match the particular format of SMS receipts generated by the mobile money service. This can get a little tricky.

In the case of receiving funds via Tigo Pesa, we first make sure to only consider SMS messages from the sender ID “Tigopesa”.

(You may want to test if your mobile network allows other people to send spoofed SMS messages with the same the sender ID as their mobile money system. If so, you could prevent spoofed SMS receipts by keeping track of your current balance, and verifying that the balance in the SMS receipt is correct.)

To extract the amount received, we can use this regular expression:

UmepokeaW+TshW*([d,.]*d)

Note: You may also want to take special care to avoid letting someone falsify their payment amount by changing their registered name to “Umepokea Tsh 1,000,000”.

To extract the transaction ID, we can use this regular expression:

kumbukumbu noW+(w{8}.d{4}.w{5,}b)

While SMS receipt formats are typically relatively stable, mobile money systems sometimes change the format or wording of the receipts.

At this point, your service still doesn’t know which user account should be credited for the payment. (You might be able to figure it out from the payee name and phone number, but that’s unreliable.)

Instead, just store the transaction ID and payment amount in your database, so that it’s available in the next step.

3. Match the payment with the correct user and credit their account

Finally, you need to match the receipt with the correct user of your online service, so you can credit the correct account.

Some mobile money systems, including Tigo Pesa, have systems for businesses that allow customers to enter a reference number for their account when sending a bill payment. But this type of bill payment system is sometimes only available to large businesses. When someone sends money to your phone number, they probably won’t be able to send a reference number.

In this case, you can simply prompt the user to enter the transaction ID in your application, like in the example below:

Tigo-pesa-payments

The customer knows this transaction ID because the mobile money system sent the customer their own SMS receipt containing the same transaction ID:

Tigopesa: Salio jipya ni Tsh 118,006. Hamisho la fedha kwenda kwa EXAMPLE INC limekamilika; 0731110000; Kiasi Tsh.  16,000; Ada Tsh. 350;kumbukumbu no. PP141006.1159.B00001. Tigo Pesa inakulipa mteja wake faida kulingana na wastani wa salio lako la kila siku. Faida nyingine italipwa mwezi wa 10, 2014. Pata zaidi na Tigo Pesa TU.

When the customer enters a transaction ID in your application, your application can check your database for that transaction ID. If it matches, then credit the user with the payment amount associated with that transaction ID. (Be sure to prevent people from reusing the same transaction ID multiple times.)

If the customer enters a transaction ID that doesn’t match your database, it could be because you haven’t received the SMS receipt yet, or because the customer made a typo (often it can be hard to tell the difference between the digit zero and the letter O, or the letters I and L and the digit 1).

In this case, we suggest storing the transaction ID entered by the customer in your database and notifying someone on your team to look into the transaction. If there was a typo, you can record the payment manually; if the receipt was delayed, your system can process the payment manually whenever the receipt is received.

 

Scraping data from SMS receipts may not be the cleanest solution for accepting mobile money payments, but sometimes it’s the only solution.

Fortunately, at least one mobile money system soon plans to make this easier: Safaricom M-PESA in Kenya currently plans to open their developer API in April 2015 . But there’s no need to wait for someone else to release an API — just start scraping SMS receipts and letting  your customers pay you today.

Protecting your Telerivet account

For as long as we've used the web, the humble password has been the gatekeeper of our private data online.

But a password is a fragile layer of protection. For example:

  • Keylogger viruses could read your password as you type it in.
  • If you reuse the same password for multiple services, a vulnerability in any service could put all of your accounts at risk.
  • Phishing emails trick you into visiting web pages that look identical to the services you use, but steal your password when you try to log in.
  • If someone gets access to your email account, they can use "Forgot password" pages to reset your passwords on other online services.

That's why it's becoming more and more important that online services allow users to have additional layers of security for their accounts. 

So we're happy to announce several new features to help keep your Telerivet account protected — even if your password is stolen.

Two-factor authentication

Two-factor-auth With two-factor authentication, a random 6-digit code is required to log in to your Telerivet account, in addition to your password. The 6-digit code changes every 30 seconds.

This means that even if your password or email account is compromised, the other person only has a 1-in-a-million chance of guessing the right code to log in to your Telerivet account. Telerivet also sends you an email if someone enters an incorrect authentication code, and prevents too many incorrect guesses.

You can receive authentication codes via a phone call, SMS, or a smartphone app. We recommend using the smartphone app, because it will always work even if your phone doesn't have an internet connection or cell service, or if our servers can't send you an SMS or a phone call. Telerivet uses a standard two-factor authentication method called TOTP, which works on any smartphone, including Android, iPhone, Blackberry, and Windows Phone.

We also recommend enabling SMS and phone calls as a backup to reduce the risk of getting locked out of your account. If you can't receive your authentication code, you'll need to contact support@telerivet.com in order to prove your identity and regain access to your account. 

Login IP whitelist

Ip_whitelist

The login IP whitelist allows you to control which IP addresses (network locations) are allowed to log in to your Telerivet account. It provides an additional layer of security in case your password is compromised.

If your account is accessed from an unknown IP address, Telerivet will automatically send you an email, and you can choose whether or not to add the IP address to the whitelist. This way you'll be notified of suspicious activity, and you don't have to worry about being locked out of your account if you need to access your Telerivet account from a new IP address.

View and manage your login sessions

If you've used Telerivet on a shared computer and forgot to log out, the Login Sessions page is for you.

You can see all of the computers where you're currently logged in, and log out any sessions other than your current one:

Login_sessions

View logs of recent account activity

In the activity log, you can view the activity on your Telerivet account in the past 90 days. 

If you manage an organization or project with multiple users, you can also view activity for your entire project and organization.

Recent_activity

We've already been recording many events in the activity log before launching the Account Security page, but we just started tracking many more events — so some actions will only show up starting today.

Note that when viewing activity for other users as an organization/project administrator, you'll only be able to see actions that the other user performed within your organization or project. For example, you could see when a user edits a contact or sends a message, but you won't be able to see when another user logs in or changes their personal settings or security settings. (This is because all user accounts in Telerivet exist “outside” of organizations, and each user account can be associated with multiple organizations.)

Login via email account 

(Gmail, Google Apps, and Yahoo users only)

Openid_loginIf you use an email address from Gmail, Google Apps, or Yahoo, there's no need to remember a separate password for your Telerivet account. When you enable the “Login via email account” setting, you can simply click the Google or Yahoo logo on the login page, and log in with your email account.

Even if you log in via your email account, you can still use two-factor authentication and the login IP whitelist to keep your Telerivet account protected if your email account gets compromised.

Try it out!

To configure your security settings, head over to your Account Security page. In your Telerivet dashboard, you can access this page by clicking your email address in the left hand menu, then “Account Security”.

Keep in mind that the two-factor authentication, the login IP whitelist, and login via email account are all disabled by default — so you'll have to enable these features manually if you want them. 

And as always, let us know what you think!