unable to sync - api error 'missing_method'

[kicksturns]

I can't send or receive messages all of a sudden, I get the api error 'missing_method'. Any suggestions?

[purpleidea]

I am seeing the same issue. It was working a few days ago, but I noticed this just now and came here to search.

[purpleidea]

Here is what it looks like if you screenshot right as the app loads:

My previous messages load right after and if you try to refresh you see that message again. I can't see new messages.

[michaelkourlas]

This is a VoIP.ms issue -- they may have removed one of the API methods that the app uses, or the API might be broken in some other way. I have not had a chance to investigate yet. You will need to contact them for assistance, at least in the short term.

[yulman19]

According to Eduardo from voip.ms chat, no changes were made on their end. I have a ticket open.

[divsys1]

Same issue here.
Happened on an existing Samsung phone and a new install I added to my tablet for testing puposes.

Tried to open a ticket with Voip.MS, but got a reply:

"Given that this is a third party app, I suggest you contact its developer to report this issue, as this is outside the scope of our support"

[muffin-p]

I can confirm I'm having the same issue. I was texting fine this morning but getting the api error missing_method now.

[michaelkourlas]

According to Eduardo from voip.ms chat, no changes were made on their end. I have a ticket open.

That seems unlikely. The app was last updated six months ago, but this only started happening today.

I will hopefully have some time to investigate tonight or in the next few days to see if I can identify what changed and whether I can implement a fix or workaround.

[purpleidea]

voipms claims the issue is not on there end. This could be true, however many times in the past they have made this claim, sometimes it has not been the case. So it very well might be their playbook to just always say this first.

[purpleidea]

To add more info to help in debugging:

Using Android 13, Pixel phone.
Using the app store version since the fdroid version doesn't have events.
Ping if you need any more info.

[yulman19]

i'm on android 14, also app store version

[yulman19]

To quote from my VOIP.ms support ticket

Hello,
We have tested our API and is working correctly.
Regards.

{name}
VoIP.ms Customer Service

[The-Sleeper]

NOT working on Android 10 or 11 either...

[anaxonda]

Same error for me as of today, fdroid version, lineageos android 13.

[michaelkourlas]

As expected, this is a VoIP.ms issue.

There are two ways to make VoIP.ms API requests: GETs with query parameters, or POSTs with multipart/form-data. The app uses the latter method. It appears that all POSTs with multipart/form-data are now being rejected with the missing_method error.

EDIT: This is not correct -- see @Wyzzcow's comment below: #262 (comment)

[purpleidea]

@michaelkourlas

I've relayed this information in my ticket, but I encourage everyone else to do the same so that they take it seriously. Thanks again.

[Wyzzcow]

@michaelkourlas How did you even find the rest api? On the voip.ms page, they seem to only have documentation for soap (wsdl), so how did you discover how to use https://www.voip.ms/api/v1/rest.php :)

Using the web SMS center, it does use these fields in the post data

It does use a different endpoint https://voip.ms/m/communications.post.php so who knows!

[divsys1]

Does anyone have a simple example case we can use to highlight this issue?

The best would be something using their example code/suggestions.

I don't think there's much doubt the issue is at the voip.ms end, as the client app has been stable without change for months (if not years), but the "not our app so not our problem" response is typical.

If it's easy to come up with a small code example that anyone can use of their API fail, one would hope we can get some Tickets accepted and handled promptly.

[divsys1]

@Wyzzcow :
If you go to the "SOAP and REST/JSON API" section under Main Menu in the voip.ms login you'll find "Documentation and Examples (PHP and .NET)"

Their examples reference https://www.voip.ms/api/v1/rest.php directly.

[Wyzzcow]

@divsys1 Yea, saw those, but a few api calls don't really count as api documentation for the rest api. But I guess the rest api is a direct mapping to the soap api.

The examples for the REST api are pretty terrible though
"https://voip.ms/api/v1/rest.php?api_username={$user}&api_password={$pass}&method={$method}&email={$email}");
as if its a good idea to send usernames and passwords directly via query params...

[divsys1]

As expected, this is a VoIP.ms issue.

There are two ways to make VoIP.ms API requests: GETs with query parameters, or POSTs with multipart/form-data. The app uses the latter method. It appears that all POSTs with multipart/form-data are now being rejected with the missing_method error.

Tried a few examples from voip.ms example code (lookup server info) and they seem to work w/POSTs.
Probably the issue would be more SMS/MMS related.
I noticed, if you clear account info in the app and try and reenter user/password info, you can not even login without the error.

Still would love to get a simple example to add some more pressure on the tickets from the user end.

[purpleidea]

From Voip.ms ticket:

We have contacted the department in charge, and they have confirmed that the IP is working correctly and no changes have been made to it.

[Wyzzcow]

So I think I figured out the problem.
The POST to https://www.voip.ms/api/v1/rest.php set the HOST header to www.voip.ms. This causes a redirect and converts the request to GET.

Changing the URL to https://voip.ms/api/v1/rest.php fixes the issue. But unfortunately, the value is hardcoded.

[purpleidea]

If that's the case, here is a patch to fix it:

#263

[michaelkourlas]

Thanks, @Wyzzcow -- will hopefully have time to take a closer look this evening.

[Wyzzcow]

Just looking at the postman console

but if you just POST to voip.ms, no redirect

[linepoint]

Confirming what @Wyzzcow said - they changed the https://www.voip.ms URL to be a 301 redirect to just https://voip.ms/

[linepoint]

And because voip.ms has been oblivious to what they did - so I'll be snarky: I can't believe the site is claiming to be run on PHP v5.4 (ie: Jun 2013)? (At least that's what it reports in the headers when doing a curl request). ooof.

< HTTP/2 500
< date: Fri, 26 Jan 2024 21:23:35 GMT
< content-type: application/soap+xml; charset=utf-8
< content-length: 276
< x-powered-by: PHP/5.4.16
< access-control-allow-origin: *
< set-cookie: PHPSESSID=cjcv0mtp8cj46cneu8gjr0ko97; path=/
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< pragma: no-cache
< x-frame-options: SAMEORIGIN
< vary: User-Agent
< x-ua-compatible: IE=11
< cf-cache-status: DYNAMIC
< set-cookie: voipms_lang=en%7Ccp; expires=Mon, 23-Jan-2034 21:23:35 GMT; path=/; domain=.voip.ms; secure; httponly
< set-cookie: __cf_bm=2owHEZNZDizLzMWvuCsA2YGlAm.zAgw7Jf.cG3rLIXg-1706304215-1-AY54taFF9infIhRC/77api7blyf9CM7EOawcTWq0QshDWL+xXnYGhbGOgYpa/EzSz0VHmiGuThAfxQ1OPffmuuA=; path=/; expires=Fri, 26-Jan-24 21:53:35 GMT; domain=.voip.ms; HttpOnly; Secure; SameSite=None
< server: cloudflare
< cf-ray: 84bbd160ff837117-YYZ

[michaelkourlas]

If they used a 307 instead of a 301, that might fix the problem.

[yulman19]

@drouleau5 happened to me too

[purpleidea]

@yulman19 Generally a public post-mortem is what I hope to see when companies make such mistakes. Let's see if they publish something.

[rombo121]

Here is a response I got from VoIP ms support warning me that the developer may have access to everything and to be careful.
"Our API is working correctly on our end, the issue needs to be addressed on the
app's end and we have no control over this app, my sincere apologies. Please
contact the app developer for further details. Please note this app is developed
by instances outside VoIP.ms and using it, may represent a security breach on
your data, as this developer might gain access to your account and
communications, please use it carefully. Thanks"

[purpleidea]

@rombo121 While I would not expect this kind of response from support, I would say you should be aware of the implications. If you use the google-play version, you add something like the following to your voip.ms account:

What this does is sends a GET request (not POST which would make much more sense voip.ms) with some data about the incoming text message. That is then relayed to your phone so you get a notification, rather than having to constantly poll. It's a very useful feature. Michael's server can see all that data. So you probably want to keep that in mind.

[muffin-p]

@purpleidea Good to know, I am glad I don't use google play services.

[balz666]

Any idea when the update should be ready on Google? It's much easier for me to download it this way rather than installing from apk.

Support from VOIP told me to use Zoiper and not use this app because they say each time they change the code it stops working.

@purpleidea : I'm not sure I get what you are saying. Are you saying that by using this app everything I write can be read by the person who wrote the app, each time I send an SMS? Is there anything that can be done to avoid this?

[purpleidea]

@balz666

I'm not sure I get what you are saying. Are you saying that by using this app everything I write can be read by the person who wrote the app, each time I send an SMS? Is there anything that can be done to avoid this?

Log in to your voip.ms account. Click on "manage DID's" -> EDIT (on the phone number you're asking about) -> Scroll down to "SMS/MMS URL Callback" as shown in my screenshot.

Paste the entire text from that box here and I will tell you.

[balz666]

I see a GET request to "https://voipmssms-notify.kourlas.com/?did={TO}"

Does it mean every SMS I text goes to there and the guy who wrote the app sees everything I write? This is crazy.

Is it the same with other apps, like Zoiper? And can the guys at VOIP see my SMS as well?

[purpleidea]

the guys at VOIP see my SMS as well

They can see every text message you send or receive. That's why you should switch to an app like signalapp which is end-to-end encrypted.

Michael's server gets data on whatever {XXX} fields you have added there. So that's your phone number. Unfortunately, since it is a GET request and not a POST, many servers who log get this information in the logs. This is an issue with how voip.ms handles callbacks, you should get them to support sending that over POST.

[balz666]

the guys at VOIP see my SMS as well

They can see every text message you send or receive. That's why you should switch to an app like signalapp which is end-to-end encrypted.

Michael's server gets data on whatever {XXX} fields you have added there. So that's your phone number. Unfortunately, since it is a GET request and not a POST, many servers who log get this information in the logs. This is an issue with how voip.ms handles callbacks, you should get them to support sending that over POST.

I'm not tech-savvy, so basically, just so I understand : can VOIP staff read my SMS and if I use another third-party app, like Zoiper, can they read my SMS?

I didn't understand what you mean with GET and POST... I just want to know if my SMS are safe with Zoiper or with VOIP.ms per se.

Thanks!

[purpleidea]

1. Voip.ms can see any text you send and receive through their number with any app.
2. Switch to signalapp to prevent this.
3. Michael can see anytime you receive a message. He likely can't see the contents of the message, but you'd have to audit code to know for sure. He's running that relay server for you for free, which is nice. It would be even nicer if voip.ms did that for it's customers.
4. Voip.ms is not run very well for many reasons. One thing they got wrong is sending callbacks over something call a GET method instead of the more secure POST method. Ask them to support the latter.

HTH

[michaelkourlas]

From the app's documentation:

The Google Play version of the app supports push notifications using Firebase Cloud Messaging. Push notifications are automatically setup when selecting phone numbers if notifications are enabled.

If push notifications are configured correctly, VoIP.ms will send a callback to a Cloudflare Worker maintained by me when your phone number receives a text message. The Worker will then forward the callback to your device using Firebase Cloud Messaging. When the app receives the callback, it performs a synchronization with the VoIP.ms servers and retrieves the text message.

To protect your privacy, the callback is configured to only include your phone number. It does not include the text of individual messages.

The Cloudflare Worker is open source: https://github.com/michaelkourlas/voipms-sms-push-notifications

[michaelkourlas]

Good to know, I am glad I don't use google play services.

@muffin-p, the app available for download in the Releases section of this repo is the Google Play version. The F-Droid version (which does not support push notifications) can be downloaded from the F-Droid website, though I don't think they've built the latest update yet.

[muffin-p]

Good to know, I am glad I don't use google play services.

@muffin-p, the app available for download in the Releases section of this repo is the Google Play version. The F-Droid version (which does not support push notifications) can be downloaded from the F-Droid website, though I don't think they've built the latest update yet.

Ah Thank you! I have always used the F-driod version (I am on a degoogled android), for now I am using the apk you built, but I will install the f-droid version as soon as they build it. Appreciate your hard work :-)

[balz666]

1. Voip.ms can see any text you send and receive through their number with any app.
2. Switch to signalapp to prevent this.
3. Michael can see anytime you receive a message. He likely can't see the contents of the message, but you'd have to audit code to know for sure. He's running that relay server for you for free, which is nice. It would be even nicer if voip.ms did that for it's customers.
4. Voip.ms is not run very well for many reasons. One thing they got wrong is sending callbacks over something call a GET method instead of the more secure POST method. Ask them to support the latter.

HTH

How smooth will Signal App work with Voip.ms, let's say, in comparison to Zoiper? I already use Zoiper for phone with VOIP; would it be better? Does it work with my phone number and let me send SMS? I was pretty happy with this app, but I don't understand why there is some kind of link that send my information to kourlas.com website.

[geekaz01d]

Thanks Michael for the quick fix.

How smooth will Signal App work with Voip.ms, let's say, in comparison to Zoiper? I already use Zoiper for phone with VOIP; would it be better? Does it work with my phone number and let me send SMS? I was pretty happy with this app, but I don't understand why there is some kind of link that send my information to kourlas.com website.

You say you aren't tech-savvy but these days with AI explainers at your fingertips, that's just another way of saying you are lazy. You could have searched for the answer with six words.

[muffin-p]

2. Switch to signalapp to prevent this.

Wait... what??? I can use signal for voip.ms texting? I can't seem to find any instructions on how to do that. Can someone please post a link?

[balz666]

I am not lazy; I just wouldn't know how to start. You make it sound so simply, yet for someone who is not tech savvy this is way beyond complicated. As for IA, I don't know a thing about those things.

@muffin-p same here... I didn't find anything about it. Maybe he's wrong?!

[michaelkourlas]

You can't use Signal to send SMS messages using a VoIP.ms DID.

Signal is just another messaging app that happens to use end to end encryption, which is more secure than SMS.

[michaelkourlas]

Google has notified me that the update is now available in the Play Store.

[balz666]

@michaelkourlas Can you read our SMS when we use your app and if not why is there a GET command linking to your website from VOIP.ms?

[michaelkourlas]

Your question has been answered here: #262 (comment)

[TBhimdi]

VoIP.ms news:

We are pleased to announce that the VoIP.ms Developer Log has been repurposed to a full Change Log for a better transparency with our customers. This Change Log will be easily accessible and regularly updated, detailing every alteration made in our system, regardless of its scale. By doing this, we aim to foster a culture of transparency and accountability, ensuring our customers are always informed.

[michaelkourlas]

I'd like to clarify here that the app's use of "www.voip.ms" rather than "voip.ms" was almost certainly an error I made way back in 2014, when I was first developing it.

Although the 301 redirect is new, code from other projects using the VoIP.ms API on GitHub (e.g. this one) suggests that the documentation said to use "voip.ms" (not "www.voip.ms") for a long time, if not always. "www.voip.ms" worked for many years, but it was undocumented behaviour.

[helsan74]

Thanks for the clarification. Kudos withe the good work.
Really appreciate all the efforts!

[purpleidea]

@drouleau5 Thanks for sending out an email!

[yulman19]

Just a reminder that you can buy @michaelkourlas a coffee if you enjoy what he does... https://paypal.me/kourlas

[balz666]

@michaelkourlas
Still not sure I understand why the need for the GET method to michaelkourlas' website. You said that it has been answered, but it's still not clear to me. Why do you collect data and do you read SMS from people who use your app? VOIP.ms staff has been saying that there could be some privacy issues using your app. I'd like to understand a bit more about this.

[michaelkourlas]

The callback is used to support push notifications -- that is, to support the ability to receive notifications immediately when you receive an SMS, rather than at periodic synchronization intervals.

The callback is configured to contain your DID only and not the text of your messages (unless you've changed it for some reason). The callback triggers the sending of an FCM message to your Android device, which then tells the app to synchronize with VoIP.ms's servers and display a notification.

The source code of the server that handles the callback and sends the FCM message can be found here. This is the code running on https://voipmssms-notify.kourlas.com/ (though you can't verify that, ultimately -- you have to trust me). However, you can verify what is sent to that server by looking at the "SMS/MMS URL Callback" setting in the DID configuration.